Introduction
Loyola University Chicago utilizes the Microsoft 365 suite and all its features for day-to-day services. This of course includes Microsoft Outlook.
Microsoft Outlook is the primary email correspondence application used by all Loyola students, staff, and faculty. On the surface, Outlook is a straightforward email conduit, but under-the-hood, it has some very powerful mechanisms, some being powerful cybersecurity management tools.
It’s very likely that you may have received an email in your Outlook inbox with a header that reads “Microsoft 365 Security: You have messages in quarantine” before. Upon receiving this email, your natural reaction may have been to assume it was spam. And this is not an inherently bad approach to assessing unrecognizable emails. With the large volume of suspicious emails that find their way into our inboxes these days, it’s better to always be cautious about emails that are unknown to you. That being said, these Microsoft 365 Security Quarantine notification emails are actually meant to help prevent spam/phishing emails and serve as an indicator that Microsoft’s background security features are working.
Understanding how Microsoft Outlook Quarantining Works
Think of the Outlook Quarantining tool like a food strainer. You use a food strainer when you want to keep unnecessary or undesirable parts of your ingredients from getting into your meal. The Quarantining tool essentially operates the same way. It strains out any undesirable emails from your inbox.
Microsoft Quarantine is designed to capture and hold any emails that are flagged as, but not limited to potential malware, viral, spam, or phishing. It does so in accordance with Microsoft and Loyola University Chicago Information Security Office (UISO) polices. Anything detected as potential malware will be managed by the LUC UISO team and any messages that were quarantined as potential spam, bulk, phishing, spoof, user impersonation, domain impersonation, or mailbox intelligence are typically sent to you, the user, in the form of a “Microsoft 365 Security: You have messages in quarantine” email for review (Note: this may vary in accordance with university policy). It’s important to review these messages because there is a good chance the emails that were caught by the filter are actually legitimate.
Understanding the contents of a Microsoft 365 Quarantine Email
First, ensure the email is legitimate. This can be done by checking the email sender. If the email sender is listed as being from quarantine@messaging.microsoft.com, you’re good to continue interacting with the email. If it is not from that sender or you’d like additional confirmation, please forward the message to itsservicedesk@luc.edu and the UISO team will notify you if the email is legitimate.
Once legitimacy has been established, you’ll notice a few key components of the email:
- Review These Messages
- Prevented Spam Messages
- Review Message or Release Message buttons
The Review These Messages section details when the email was quarantined and how long you have to review the quarantined message. Take special note of the quarantine review deadline as failure to comply will result in permanent deletion of the quarantined message.
The Prevented Spam Messages section shows you what the actual message that was quarantined was. More specifically it presents the Sender, Subject, and Date. This information is crucial for you to see if the email is something you were expecting or are familiar with.
And lastly the Review Message and Release Message buttons are for you to choose depending on how you wish to proceed. If you’d like to further review the contents of the email before releasing it, select review message. If the contents of the prevented spam messages section were enough for you to identify legitimacy, you may choose release email. For clarification, to release means to allow the email to go into your inbox. Once it’s in your inbox you can interact with it like normal (i.e. reply, forward, etc.).
Understanding the Review Message Process
If you chose to select the review message button to further review the quarantined email, here’s what you can expect.
First, you’ll be redirected to a security.microsoft.com webpage. This webpage is a web-based version of the Microsoft Defender tool that assists with risk management for M365 services. In this case, it’s specifically for reviewing quarantined messages. If you have multiple messages for review, they will all be listed here. You’re more than welcome to review them in whatever order you prefer, but the emails with approaching deadlines should be prioritized. (Note: if you clicked the button from the email, it will auto-populate the information for the message that was listed in that email first).
Once an email is selected, the information that’s displayed is split off into two categories, Quarantine Details and Email Details. Quarantine Details provides clarification as to why the message was quarantined and Email Details provides insight into the email contents.
However, what may be most useful are the tools hidden behind the three little dots in the top right. Clicking those 3 little dots will populate a drop-down menu that lists 3 options:
- Preview Message
- Delete from quarantine
- Allow Sender
Preview Message is incredibly helpful as it provides a safe way to view the email. Doing this is highly recommended. This may all be all you need to verify an email.
Delete from quarantine will do as it says. If you’ve determined that the message is indeed illegitimate, selecting this will permanently delete it.
Allow Sender is an easy way to make sure that emails from the flagged sender don’t get flagged in the future. Select this if you’ve determined that the quarantined email is from a legitimate sender.
If utilizing these tools has led you to conclude that the email is legitimate and was falsely placed under quarantine, select Release Email and the email will promptly go to your inbox.\
Conclusion
Microsoft Quarantining is a valuable built-in resource to help reduce the volume of suspicious emails that get sent to your inbox. Please take advantage of this guidance to help you resolve any quarantined email notifications you receive in the future. If you have any additional questions about this process, please feel free to reach out via the itsservicedesk@luc.edu email.