Guide: How Staff Can Access Quarantined Emails in Microsoft Defender

Microsoft Defender for Office 365 helps protect against phishing, spam, and malicious emails. Sometimes legitimate emails may be quarantined for review. This guide explains how staff can access quarantined emails, release them, and whitelist senders for future messages.

Step 1: Sign in to the Security Portal

1. Open a web browser and go to:
   https://security.microsoft.com
2. Sign in using your school/work Microsoft account credentials.

Step 2: Navigate to Quarantined Emails

1. On the left-hand menu, click Email & collaboration.
2. Under this section, select Review.
3. Then click Quarantine.
   • You will now see a list of emails that have been quarantined.
   • Each entry shows:
     • Sender
     • Subject
     • Reason for quarantine (e.g., spam, phishing, policy).

Step 3: Release an Email

If you recognise the email as safe:

1. Select the email from the list.
2. Click Release message.
3. Confirm the action.
   • The email will be delivered to your inbox shortly.

Step 4: Whitelist the Sender

To prevent future emails from the same sender being quarantined:

1. After releasing the email, click Report as not junk or Allow sender (depending on the options shown).
2. This adds the sender to your safe senders list.

Additional Tips

• Check regularly: Quarantined emails are retained for a limited time (usually 30 days).
• Be cautious: Only release emails you trust. If unsure, contact the IT department.
• Report suspicious emails: If you accidentally release a malicious email, notify IT immediately.

Quick Links

• Quarantine Portal: https://security.microsoft.com/quarantine
• Microsoft Guide: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-email-messages