How Microsoft 365 Spam Protection Works and How To Review Quarantined Items
Navigating the world of spam protection can sometimes be tricky, but Microsoft 365 has made it easier to keep your inbox clean and clutter-free. Microsoft 365’s spam protection not only catches most spam before it reaches your inbox, but it also lets you review and manage your quarantined emails anytime. This guide will help you understand how Microsoft 365 rates incoming emails for spam, the difference between Junk and Quarantine folders, and how you can access your quarantined emails via security.microsoft.com/quarantine to review and release legitimate messages.
Understanding Microsoft 365 Spam Protection
Microsoft 365 uses a variety of filters and algorithms to identify and categorize spam emails, ranging from phishing attacks to suspicious newsletters. These filters assign each incoming email a spam confidence level (SCL) score based on various criteria, and this score determines where the email will land: inbox, Junk folder, or Quarantine.
Here’s a general breakdown:
Factors That Increase Spam Likelihood
Microsoft 365 rates emails using several indicators, including:
- Suspicious URLs: Links to known phishing or malware-infected sites.
- Blacklisted Domains/IPs: Sending domains or IPs that have been previously reported for spam.
- Spam Keywords: Common spammy phrases such as “You won!” or “Exclusive offer.”
- Attachment Type: Uncommon or suspicious file types like
.exe
or.zip
. - Sender Authentication: Emails failing SPF, DKIM, or DMARC checks.
- User Reports: If multiple recipients mark emails as spam.
Junk Folder vs. Quarantine: What’s the Difference?
Microsoft 365 uses a spam confidence level (SCL) score to categorize incoming emails as junk, spam, or malicious.
Here’s how it distinguishes between the Junk folder and Quarantine:
Junk Folder:
Emails that receive an SCL score between 1 and 4 are automatically moved into your Junk folder. This allows you to review them directly within Outlook.
- Managed within Outlook: Access the Junk folder directly through the Outlook application.
- Low Spam Scores (SCL 1-4): Holds emails with lower spam scores that are likely to be unwanted but not dangerous.
- Mark as “Not Junk”: Move legitimate messages back to the inbox with a single click.
Quarantine:
Emails that receive an SCL score between 5 and 9 are quarantined and never appear in Outlook. They are considered dangerous due to their high likelihood of being malicious.
- Managed via the Microsoft 365 Security Center: Review quarantined emails at security.microsoft.com/quarantine.
- High Spam Scores (SCL 5-9): Holds emails with higher spam scores, potential phishing attacks, or malware.
- Requires Manual Review: Take action to release, report, or block emails after reviewing their details.
After manually releasing a quarantined email, it will be delivered to your inbox. However, emails in this category are often dangerous and should remain outside of Outlook until thoroughly reviewed.
Helpful Tips:
How to Review and Release Quarantined Items in Microsoft 365
If an email has been quarantined by Microsoft 365, it means that the system has detected it as potentially dangerous or suspicious.
Here’s how you can review, release, and manage quarantined emails:
- Access the Quarantine List:
- Open a web browser and go to security.microsoft.com/quarantine.
- Sign in with your Microsoft 365 credentials.
- Filter and Review Quarantined Items:
- Use filters to refine your search, such as:
- Date Range
- Sender Address
- Subject
- Reason (Spam, Phishing, Malware, etc.)
- Click on an email to see more details, including the subject, sender, and reason for being quarantined.
- Use filters to refine your search, such as:
- Release or Report Quarantined Emails:
- To release an email to your inbox:
- Select the checkbox next to the email.
- Click the Release message button.
- Optionally, choose whether to report it as “Not Spam.”
- To report a quarantined email:
- Select the checkbox next to the email.
- Click the Report button.
- Choose an appropriate category (e.g., “Phishing,” “Malware,” or “Not Spam”).
- To release an email to your inbox:
- Add Senders to Safe Senders List (Optional):
- If a legitimate email was quarantined, consider adding the sender to your Safe Senders list:
- Click on the “Actions” dropdown next to the email.
- Choose “Add sender to Safe Senders List.”
- Alternatively, set up rules in Outlook to filter trusted senders or domains.
- If a legitimate email was quarantined, consider adding the sender to your Safe Senders list:
- Block or Allow Future Emails:
- To block or allow future emails from a specific sender:
- Select the email.
- Click the Actions dropdown.
- Choose Block or Allow.
- To block or allow future emails from a specific sender:
- Customize Your Quarantine Alerts (Admins Only):
- Administrators can customize user quarantine alerts:
- In the Security Center, navigate to Policies & Rules > Threat policies.
- Adjust quarantine notification policies based on your organization’s requirements.
- Administrators can customize user quarantine alerts:
Important Notes:
- Emails released from quarantine may still end up in the Junk folder if flagged by Outlook’s spam filters.
- Regularly review your quarantined items to ensure legitimate messages aren’t lost.
- Be cautious about whitelisting e-mail addresses (they may skip certain checks in the future)
Want Better Protection? Check out Microsoft Defender for Office 365
For organizations seeking enhanced email security, Microsoft offers additional Defender licenses, formerly known as Advanced Threat Protection (ATP). These licenses bring an extra layer of defence to your Microsoft 365 environment, providing better spam detection, phishing prevention, and malware filtering compared to the built-in features.
For clarity, Microsoft Defender for Office 365 is an enhanced service that offers more security — it’s an extra service (unless your Microsoft bundle already has it included). Microsoft Defender for Office 365 offers sophisticated detection methods that significantly reduce the risk of malicious content reaching your team. Its dynamic scoring, spoof intelligence, and customizable policies make it a powerful upgrade for organizations aiming to strengthen their overall security posture.
Check out our blog on Microsoft 365 Security with Microsoft Defender for Office 365: More Protection, Less Spam
Please don’t hesitate to reach out if you’d like to learn more about how we can help or chat about our services.