Quarantine Policies
Configure quarantine policies to control what actions end users can take on their quarantined messages. Quarantine policies define the user experience for different types of quarantined email.
Note: Quarantine policies are assigned within anti-spam, anti-phishing, anti-malware, and Safe Attachments policies. Each verdict type can have a different quarantine policy.
Default Quarantine Policies
| Policy | User Access | Release | Delete | Preview | Block Sender |
|---|---|---|---|---|---|
| AdminOnlyAccessPolicy | No access | Admin only | Admin only | Admin only | No |
| DefaultFullAccessPolicy | Full access | Yes | Yes | Yes | Yes |
| DefaultFullAccessWithNotificationPolicy | Full with notification | Yes | Yes | Yes | Yes |
Policy Permissions
No Access (Admin Only)
Users cannot see or interact with quarantined messages. Only administrators can review and release.
- Used for: High-confidence phishing, malware
- Users are not notified about quarantined messages
- Admin reviews all quarantined items
Limited Access
Users can view quarantined messages and request release:
- Users can preview message content
- Users can request admin release
- Users can delete from their quarantine
- Users can block the sender
Full Access
Users can view and release quarantined messages themselves:
- Users can release messages to their inbox
- Users can delete from quarantine
- Users can block the sender
- Users receive quarantine notifications
Creating Custom Quarantine Policy
- Name the policy — Provide a descriptive name for the quarantine policy.
- Set permissions — Choose No access, Limited access, or Full access as the baseline.
- Customize actions — Enable or disable specific user actions (release, delete, preview, block).
- Configure notifications — Enable quarantine notifications for this policy.
- Assign to security policy — Apply the quarantine policy within anti-spam, anti-phishing, or other security policies.
Recommended Configuration
| Verdict | Recommended Policy |
|---|---|
| Spam | Full access with notification |
| High confidence spam | Full access with notification |
| Phishing | Limited access |
| High confidence phishing | Admin only |
| Malware | Admin only |
| Safe Attachments | Admin only |
| Bulk | Full access with notification |
Best Practices
- Use Admin Only for malware and phishing — Never let users release confirmed malware or high-confidence phishing.
- Enable notifications for spam — Users need to know when legitimate email is quarantined.
- Use Limited Access for suspected phishing — Allow users to request release but require admin approval.
- Review custom policies — Audit quarantine policies quarterly to ensure they match security requirements.
API Reference
GET /api/exchange/quarantine-policies
List quarantine policies
POST /api/exchange/quarantine-policies
Create custom quarantine policy
PUT /api/exchange/quarantine-policies/:id
Update quarantine policy
DELETE /api/exchange/quarantine-policies/:id
Delete custom quarantine policy