+| Power Automate per user* | CFQ7TTC0LH3L | No |

+| Power Automate RPA* | CFQ7TTC0LSGZ | No |

+| Power BI Premium (standalone)* | CFQ7TTC0H6RP | No |

+| Power BI Pro* | CFQ7TTC0H9MP | No |

+It might take up to 60 minutes for the reopening process to complete.

+Before you can delete a case, you must first delete *all* holds listed on the holds page of the case. That includes deleting holds with a status of **Off**. Default hold policies can only be deleted when the hold is turned off. You must close an active case to turn off any default hold policies in the case. Once the holds are turned off for default hold policies, they can be deleted.

+3. On the flyout page, select **Delete**. Ensure that the hold is turned off.

+- The script in this article supports modern authentication. You can use the script as-is if you're a Microsoft 365 or a Microsoft 365 GCC organization. If you're an Office 365 Germany organization, a Microsoft 365 GCC High organization, or a Microsoft 365 DoD organization, you'll have to edit the script to successfully run it. Specifically, you have to edit the line `Connect-ExchangeOnline` and use the *ExchangeEnvironmentName* parameter (and the appropriate value for your organization type) to connect to Exchange Online PowerShell. Also, you have to edit the line `Connect-IPPSSession` and use the *ConnectionUri* and *AzureADAuthorizationEndpointUri* parameters (and the appropriate values for your organization type) to connect to Security & Compliance PowerShell. For more information, see the examples in [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell#connect-to-exchange-online-powershell-without-using-mfa) and [Connect to Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell#connect-to-security--compliance-center-powershell-without-using-mfa).

+- The sample script provided in this article isn't supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample script and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

+### Script to pull the FolderID from multiple mailboxes

+If you need to group and sort the results of the FolderID conversion in Excel, complete the following steps to enable viewing multiple deleted folders for individual users:

+1. Create a .csv file named `UsersGatherFolderIDs` with a column heading of *UsersSMTP*.

+2. Enter the user email addresses in rows for this column of any mailbox folders you want to convert to the folder query syntax.

+3. Save the following text to a Windows PowerShell script file by using a filename suffix of .ps1; for example, `GetMultiUserFolderIDseDiscovery.ps1`

+ ```powershell

+ #########################################################################################################

+ #This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.

+ #THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS OR A PARTICULAR PURPOSE.

+ #We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code, provided that You agree:

+ # (1) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded;

+ # (2) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and

+ # (3) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorney's fees, that arise or result from the use or distribution of the Sample Code.

+ #########################################################################################################

+ " "

+ write-host "***********************************************"

+ write-host "Security & Compliance Center " -foregroundColor yellow -backgroundcolor darkgreen

+ write-host "eDiscovery cases - FolderID report " -foregroundColor yellow -backgroundcolor darkgreen

+ write-host "***********************************************"

+ " "

+

+ #prompt users to specify a path to store the output files

+ $time = get-date -Format dd-MM-yyyy_hh.mm

+ $Path = Read-Host 'Enter a folder path to save the report to a .csv file (filename is created automatically).'

+ $inputPath = $Path + '\' + 'Users_GatherFolderID.csv'

+ $outputpath = $Path + '\' + 'FileID Report' + ' ' + $time + '.csv'

+

+ #Imports list of users

+ #User List needs column "UserSMTP" with values of each mailbox's SMTP address.

+ $users = Import-CSV $inputPath

+

+ function add-tofolderidreport {

+ Param(

+ [string]$UserEmail,

+ [String]$FolderName,

+ [String]$FolderID,

+ [String]$ConvertedFolderQuery

+ )

+

+ $addRow = New-Object PSObject

+ Add-Member -InputObject $addRow -MemberType NoteProperty -Name "User Email" -Value $useremail

+ Add-Member -InputObject $addRow -MemberType NoteProperty -Name "Folder Name" -Value $FolderName

+ Add-Member -InputObject $addRow -MemberType NoteProperty -Name "Native Folder ID" -Value $FolderID

+ Add-Member -InputObject $addRow -MemberType NoteProperty -Name "Converted Folder Query" -Value $ConvertedFolderQuery

+

+ $folderIDReport = $addRow | Select-Object "User Email", "Folder Name", "Native Folder ID", "Converted Folder Query"

+ $folderIDReport | export-csv -path $outputPath -notypeinfo -append -Encoding ascii

+ }

+

+ #get information on the cases and pass values to the FolderID report function

+ foreach ($u in $users) {

+ $userAddress = $u.UserSMTP

+ " "

+ write-host "Gathering list of Folders for User:" $userAddress -ForegroundColor Yellow -BackgroundColor Black

+ " "

+ if ($userAddress.IndexOf("@") -ige 0) {

+ # List the folder Ids for the target mailbox

+ $emailAddress = $userAddress

+ # Connect to Exchange Online PowerShell

+ $folderQueries = @()

+ $folderStatistics = Get-MailboxFolderStatistics $emailAddress

+ foreach ($folderStatistic in $folderStatistics) {

+ $folderId = $folderStatistic.FolderId;

+ $folderPath = $folderStatistic.FolderPath;

+ $encoding = [System.Text.Encoding]::GetEncoding("us-ascii")

+ $nibbler = $encoding.GetBytes("0123456789ABCDEF");

+ $folderIdBytes = [Convert]::FromBase64String($folderId);

+ $indexIdBytes = New-Object byte[] 48;

+ $indexIdIdx = 0;

+ $folderIdBytes | select -skip 23 -First 24 | % { $indexIdBytes[$indexIdIdx++] = $nibbler[$_ -shr 4]; $indexIdBytes[$indexIdIdx++] = $nibbler[$_ -band 0xF] }

+ $folderQuery = "folderid:$($encoding.GetString($indexIdBytes))";

+ $folderStat = New-Object PSObject

+ Add-Member -InputObject $folderStat -MemberType NoteProperty -Name FolderPath -Value $folderPath

+ Add-Member -InputObject $folderStat -MemberType NoteProperty -Name FolderQuery -Value $folderQuery

+ $folderQueries += $folderStat

+

+ #add information to Report

+ add-tofolderidreport -UserEmail $emailAddress -FolderName $folderPath -FolderID $folderId -ConvertedFolderQuery $folderQuery

+ }

+

+ #Outputs Exchange Folders for Single User

+ Write-Host "--Exchange Folders--" -ForegroundColor Yellow

+ $folderQueries | ft

+

+ }

+

+ }

+

+ #Provides Path of Report

+ " "

+ Write-Host "-- Report Output Available at:" "$outputpath" " --" -ForegroundColor Yellow -BackgroundColor Cyan

+ " "

+ ```

+4. On your local computer, open Windows PowerShell and go to the folder where you saved the script. Run the script file `GetMultiUserFolderIDseDiscovery.ps1`.

+5. Enter the folder path where you saved the *UsersGatherFolderIDs.csv* file.

+6. The script displays a list of mailbox folders or site folders for the specified users. It also creates a report in the same root folder specified in Step 4.

+2. In the left pane of the compliance portal, select **Show all** > **Content search**, and then select **New search**.

+4. Under **Locations**, select **Specific locations** and then select **Modify**.

+ - Next to **Exchange email**, select **Choose users, groups, or teams** and then add the same mailbox that you specified when you ran the script in Step 1.

+ - Next to **SharePoint sites**, select **Choose sites** and then add the same site URL that you specified when you ran the script in Step 1.

+6. After you save the content location to search, select **Save & run**, type a name for the Content Search, and then select **Save** to start the targeted collection search.

+ Title: Microsoft Purview setup guides

+f1.keywords:

+ NOCSH

+audience: ITPro

+ms.localizationpriority: medium

+- tier1

+- purview-compliance

+search.appverid:

+- MET150

+description: Provides descriptions of, and links to, the various Microsoft Purview FastTrack setup guides.

+# Microsoft Purview setup guides

+**Applies to:**

+- Microsoft Purview

+## Setup guides for quickly deploying Microsoft Purview

+These Microsoft Purview setup guides give you tailored guidance and resources for planning and deploying security controls for your tenant, apps, and services.

+### Find and access the setup guides

+Setup guides in the admin center require authentication to a Microsoft Purview tenant as an administrator or other role with access to the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224913). However, anyone can access the guides in the [Microsoft 365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2220880). In the following table, we have provided links to both locations for each guide, where available.

+|Guide: [Setup Portal](https://go.microsoft.com/fwlink/?linkid=2220880) | Guide: [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) | Description|

+|-|-|--|

+|[Microsoft Purview Communication Compliance and Insider Risk Management setup guide](https://go.microsoft.com/fwlink/?linkid=2223415) | [Microsoft Purview Communication Compliance and Insider Risk Management setup guide](https://go.microsoft.com/fwlink/?linkid=2224188) | The Microsoft Purview Communication Compliance and Insider Risk Management setup guide helps you protect your organization against insider risks that can be challenging to identify and difficult to mitigate. Insider risks occur in a variety of areas and can cause major problems for organizations. These problems can range from the loss of intellectual property to workplace harassment, and more. <br> <br> With the communication compliance solution, you can identify and act on communication risks for: <br> - workplace violence <br> - insider trading <br> - harassment <br> - code of conduct <br> - regulatory compliance violations. <br> <br> The insider risk management solution helps you identify, investigate, and act on risks that include: <br> - intellectual property theft <br> - sensitive data leaks <br> - security violations <br> - data spillage <br> - confidentiality violations.|

+| [Microsoft Purview Information Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2222967) | [Microsoft Purview Information Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2224687) | Get an overview of the capabilities you can apply to your information protection strategy so you can be confident your sensitive information is protected. Use a four-stage lifecycle approach in which you discover, classify, protect, and monitor sensitive information. The setup guide for Microsoft Purview Information Protection  provides guidance for completing each of these stages.|

+| [Microsoft Purview Data Lifecycle Management setup guide](https://go.microsoft.com/fwlink/?linkid=2223154) | [Microsoft Purview Data Lifecycle Management setup guide](https://go.microsoft.com/fwlink/?linkid=2224686) | The Microsoft Purview Data Lifecycle Management setup guide provides the information you need to set up and manage your organization's governance strategy to ensure that your data is classified and managed according to the specific lifecycle guidelines you set. This guide teaches you how to create, auto-apply, and publish retention labels, retention label policies, and retention policies to your organization's content and compliance records. You also get information on importing CSV files with a file plan for bulk scenarios and for applying them to individual documents manually. |

+| [Microsoft Purview Auditing solutions in Microsoft 365 guide](https://go.microsoft.com/fwlink/?linkid=2223153) | [Microsoft Purview Auditing solutions in Microsoft 365 guide](https://go.microsoft.com/fwlink/?linkid=2224816) | The Microsoft Purview Auditing solutions in the Microsoft 365 guide provide an integrated solution to help organizations effectively respond to security events, forensic investigations, and compliance obligations. When you use the auditing solutions in Microsoft 365, you can search the audit log for activities performed in different Microsoft 365 services. |

+| [Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223416) | [Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2224465) | eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. The Microsoft Purview eDiscovery solutions setup guide helps you use the eDiscovery tools in Microsoft Purview that allow you to search for content in: <br> - Exchange <br> - OneDrive <br> - SharePoint <br> - Microsoft Teams <br> - Microsoft 365 Groups <br> - Yammer communities. |

+## Related articles

+- [Learn about communication compliance](communication-compliance.md#learn-about-communication-compliance)

+- [Learn about insider risk management](insider-risk-management.md#learn-about-insider-risk-management)

+- [Protect your sensitive data with Microsoft Purview](information-protection.md#protect-your-sensitive-data-with-microsoft-purview)

+- [Learn about data lifecycle management](data-lifecycle-management.md#learn-about-data-lifecycle-management)

+- [Audit (Standard)](audit-solutions-overview.md#audit-standard)

+- [Microsoft Purview eDiscovery solutions](ediscovery.md#microsoft-purview-ediscovery-solutions)

+Versioning is a feature of all document lists and libraries in SharePoint and OneDrive. By default, versioning retains a minimum of 500 major versions, although you can change this limit. For more information, see [Enable and configure versioning for a list or library](https://support.office.com/article/1555d642-23ee-446a-990a-bcab618c7a37) and [How versioning works in lists and libraries](https://support.microsoft.com/office/how-versioning-works-in-lists-and-libraries-0f6cd105-974f-44a4-aadb-43ac5bdfd247).

+|[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) |Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | 16.61+ ^\* |4.2226+ |4.2203+ |Rolling out |

+- **Rolling out**: [Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) using Outlook on the web.

+> [!NOTE]

+> The benchmarks currently only support Group Policy Object (GPO) configurations and not Microsoft Configuration Manager (Intune).

+You may have cases where you don't want to assess specific configurations on certain devices. For example, a device could be under third party control or it could have an alternate mitigation already in place. In these situations, you can add exceptions to exclude the assessment of specific configurations on a device.

+ > Users can't release their own messages that were quarantined as malware by anti-malware policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ ⁵ Users can't release their own messages that were quarantined as high confidence phishing by anti-spam policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware or high-confidence phishing messages.

+> Users can't release their own messages that were quarantined as malware by anti-malware or Safe Attachments policies, or as high confidence phishing by anti-spam policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware or high-confidence phishing messages.

+> [!TIP]

+> The organization can still receive mail from the blocked sender. Messages from the sender are delivered to user Junk Email folders or to quarantine. To delete messages from the sender upon arrival, use [mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) to **Block the message**.

+The message is delivered to your Inbox (or some other folder, depending on any [Inbox rules](https://support.microsoft.com/office/c24f5dea-9465-4df4-ad17-a50704d66c59) in your mailbox).

+The Block senders action adds the message sender to the Blocked Senders list in the your mailbox. For more information about blocking senders, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).

+> [!TIP]

+> The organization can still receive mail from the blocked sender. Messages from the sender are delivered to user Junk Email folders or to quarantine. To delete messages from the sender upon arrival, an admin can use [mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) to **Block the message**.

+5. On the **Quarantine notification** page, select **Enable** to turn on quarantine notifications.

+ > [!NOTE]

+ > If you turn on quarantine notifications for **No access** permissions (on the **Recipient message access** page, you selected **Set specific access (Advanced)** \> **Select release action preference** \> blank), users can view their messages in quarantine, but the only available action for the messages is .

+If you'd rather use PowerShell to create quarantine policies, connect to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) or [standalone Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell) and use the following syntax:

+**Notes**:

+- The _ESNEnabled_ parameter with the value `$true` turns on quarantine notifications. Quarantine notifications are turned off by default (the default value is `$false`).

+- The _EndUserQuarantinePermissionsValue_ parameter uses a decimal value that's converted from a binary value. The binary value corresponds to the available end-user quarantine permissions in a specific order. For each permission, the value 1 equals True and the value 0 equals False.

+ The required order and values for each individual permission are described in the following table:

+ |Permission|Decimal value|Binary value|

+ ||::|::|

+ |PermissionToViewHeader┬╣|128|10000000|

+ |PermissionToDownload┬▓|64|01000000|

+ |PermissionToAllowSender┬▓|32|00100000|

+ |PermissionToBlockSender|16|00010000|

+ |PermissionToRequestRelease┬│|8|00001000|

+ |PermissionToRelease┬│|4|00000100|

+ |PermissionToPreview|2|00000010|

+ |PermissionToDelete|1|00000001|

+ ┬╣ The value 0 for this permission doesn't hide the  **View message header** action in quarantine. If the message is visible to a user in quarantine, the action is always available for the message.

+ ┬▓ This permission isn't used (the value 0 or 1 does nothing).

+ ┬│ Don't set both of these permission values to 1. Set one value to 1 and the other value to 0, or set both values to 0.

+ For Limited access permissions, the required values are:

+ |Permission|Limited access|

+ ||:--:|

+ |PermissionToViewHeader|0|

+ |PermissionToDownload|0|

+ |PermissionToAllowSender|0|

+ |PermissionToBlockSender|1|

+ |PermissionToRequestRelease|1|

+ |PermissionToRelease|0|

+ |PermissionToPreview|1|

+ |PermissionToDelete|1|

+ |Binary value|00011011|

+ |Decimal value to use|27|

+- If you set the _ESNEnabled_ parameter to the value `$true` when the value of the _EndUserQuarantinePermissionsValue_ parameter is 0 (**No access** where all permissions are turned off), users can see their messages in quarantine, but the only available action for the messages is .

+For custom permissions, use the previous table to get the binary value that corresponds to the permissions you want. Convert the binary value to a decimal value and use the decimal value for the _EndUserQuarantinePermissionsValue_ parameter. Don't use the binary value.

+> Users can't release their own messages that were quarantined as **malware** by anti-malware or Safe Attachments policies, or as **high confidence phishing** by anti-spam policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware or high-confidence phishing messages.

+ Users can't release their own messages that were quarantined as high confidence phishing, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined high-confidence phishing messages.

+ Users can't release their own messages that were quarantined as malware by anti-malware policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ Users can't release their own messages that were quarantined as malware, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ Users can't release their own messages that were quarantined as malware by Safe Attachments policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ Users can't release their own messages that were quarantined as malware, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+- **Specify sender address**: Select an existing user for the sender email address of quarantine notifications. The default sender is quarantine@messaging.microsoft.com.

+3. Click the  **Edit policy** action that appears.

+3. Click the  **Delete policy** action that appears.

+- NotificationEnabledPolicy (in some organizations)

+- Allow users to view and take action on the quarantined message from the quarantine notification. Permissions control what the user can do in the quarantine notification as described in the [Quarantine policy permission details](#quarantine-policy-permission-details) section.

+|_PermissionToViewHeader_┬╣|Γ£ö|Γ£ö|Γ£ö|

+|**Preview** (_PermissionToPreview_)┬▓||Γ£ö|Γ£ö|

+|**Allow recipients to release a message from quarantine** (_PermissionToRelease_)┬│|||Γ£ö|

+|DefaultFullAccessWithNotificationPolicy⁴|Full access|Yes|

+|NotificationEnabledPolicy⁵|Full access|Yes|

+┬╣ This permission isn't available in the Defender portal. Turning off the permission in PowerShell doesn't affect the availability of the  **View message header** action on quarantined messages. If the message is visible to a user in quarantine, the action is always available for the message.

+┬▓ The **Preview** permission is unrelated to the **Review message** action that's available in quarantine notifications.

+┬│ **Allow recipients to release a message from quarantine** isn't honored for messages that were quarantined as **malware** by anti-malware policies or Safe Attachments policies, or as **high confidence phishing** by anti-spam policies.

+⁴ This policy is used in [preset security policies](preset-security-policies.md) instead of the policy named DefaultFullAccessPolicy to enable quarantine notifications.

+⁵ Your organization might not have the policy named NotificationEnabledPolicy as described in the next section.

+- The **Enable end-user spam notifications** setting was turned on in one or more [anti-spam policies](anti-spam-policies-configure.md). Before the introduction of quarantine policies, this setting determined whether users received notifications about their quarantined messages.

+The effect of **No access** permissions (admin only access) on user capabilities depends on the state of quarantine notifications in the quarantine policy:

+- **Quarantine notifications turned off**:

+ - **On the Quarantine page**: Quarantined messages aren't visible to users.

+ - **In quarantine notifications**: Users don't receive quarantine notifications for the messages.

+- **Quarantine notifications turned on**:

+ - **On the Quarantine page**: Quarantined messages are visible to users, but the only available action is .

+ - **In quarantine notifications**: Users receive quarantine notifications, but the only available action is **Review message**.

+ -  (the difference from **Full access** permissions)

+- **In quarantine notifications**: The following actions are available:

+ - **Request release** (the difference from **Full access** permissions)

+ -  (the difference from **Limited access** permissions)

+ - **Release** (the difference from **Limited access** permissions)

+ For this permission to work correctly in quarantine notifications, users need to be enabled for remote PowerShell. For instructions, see [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell).

+> [!TIP]

+> The organization can still receive mail from the blocked sender. Messages from the sender are delivered to user Junk Email folders or to quarantine. To delete messages from the sender upon arrival, use [mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) to **Block the message**.

+- No affect in quarantine notifications. Previewing a quarantined message from the quarantine notification isn't possible. The **Review message** action in quarantine notifications takes users to the details flyout of the message in quarantine where they can preview the message.

+> As explained previously, this permission isn't honored for messages that were quarantined as **malware** by anti-malware or Safe Attachments policies, or as **high confidence phishing** by anti-spam policies. If the quarantine policy gives users this permission, users are instead allowed to _request_ the release of their quarantined malware or high confidence phishing messages.

+For [supported protection features](quarantine-policies.md#step-2-assign-a-quarantine-policy-to-supported-features), _quarantine policies_ define what users are allowed to do to quarantined messages based on why the message was quarantined. Default quarantine policies enforce the historical capabilities for the security feature that quarantined the message as described in the table [here](quarantine-end-user.md). Admins can create and apply custom quarantine policies that define less restrictive or more restrictive capabilities for users. For more information, see [Create quarantine policies](quarantine-policies.md#step-1-create-quarantine-policies-in-the-microsoft-365-defender-portal).

+Quarantine notifications aren't turned on in the default quarantine notifications named AdminOnlyAccessPolicy or DefaultFullAccessPolicy. Quarantine notifications are turned on in the following default quarantine policies:

+Admins can also use the global settings in quarantine policies to customize quarantine notifications in up to three languages, and to customize the sender and logo that's used. For instructions, see [Configure global quarantine notification settings](quarantine-policies.md#configure-global-quarantine-notification-settings-in-the-microsoft-365-defender-portal).

+When users receive a quarantine notification, the following information is available for each quarantined message:

+- **Sender**: The email address of the sender of the quarantined message.

+- **Subject**: The Subject line of the quarantined message.

+- **Date**: The date/time that the message was quarantined in UTC.

+The actions that are available for messages in the quarantine notification depends on why the message was quarantined and the permissions in the associated quarantine policy. For more information, see [Quarantine policy permission details](quarantine-policies.md#quarantine-policy-permission-details).

+- **Review message**: Available for all messages in quarantine notifications.

+ Selecting the action takes you to the details flyout of the message in quarantine. It's the same result as going to the **Email** tab on the **Quarantine** page at <https://security.microsoft.com/quarantine?viewid=Email>, and selecting the message by clicking anywhere other than the check box next to the first column. For more information, see [View quarantined message details](quarantine-end-user.md#view-quarantined-message-details).

+- **Release**: Available for messages that were quarantined by features using a quarantine policy with the **Full access** permission group or the individual **Allow recipients to release a message from quarantine** (_PermissionToRelease_) permission. For example, DefaultFullAccessWithNotificationPolicy, NotificationEnabledPolicy, or custom quarantine policies.

+ Selecting the action opens an informational web page that acknowledges the message was released from quarantine (for example, **Spam message was released from quarantine**). The **Release status** value of the message on the **Email** tab of the **Quarantine** page is **Released**. The message is delivered to the user's Inbox (or some other folder, depending on any [Inbox rules](https://support.microsoft.com/office/c24f5dea-9465-4df4-ad17-a50704d66c59) in the mailbox).

+ Users can't release their own messages that were quarantined as **malware** by anti-malware or Safe Attachments policies, or as **high confidence phishing** by anti-spam policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware or high-confidence phishing messages.

+- **Request release**: Available for messages that were quarantined by features using a quarantine policy with the **Limited access** permission group or the individual **Allow recipients to request a message to be released from quarantine** (_PermissionToRequestRelease_) permission. For example, custom quarantine policies.

+ Selecting the action opens an informational web page that acknowledges the request to release the message from quarantine (**The message release request has been initiated. The tenant admin will determine if the request should be approved or denied.**). The **Release status** value of the message on the **Email** tab of the **Quarantine** page is **Release requested**.

+- **Block Sender**: Available for messages that were quarantined by features using a quarantine policy with the **Full access**or **Limited access** permission group, or the individual ***Block sender** (_PermissionToBlockSender_) permission. For example, DefaultFullAccessWithNotificationPolicy, NotificationEnabledPolicy, or custom quarantine policies.

+ For this action to work correctly, users need to be enabled for remote PowerShell. For instructions, see [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell).

+ This action opens an informational web page to acknowledge that the message was added to the Blocked Senders list in the user's mailbox (for example, **Spam message sender was blocked in quarantine**).

+ For more information about the Blocked Senders list, see [Block messages from someone](https://support.microsoft.com/office/274ae301-5db2-4aad-be21-25413cede077#__toc304379667) and [Use Exchange Online PowerShell to configure the safelist collection on a mailbox](configure-junk-email-settings-on-exo-mailboxes.md#use-exchange-online-powershell-to-configure-the-safelist-collection-on-a-mailbox).

+ > [!TIP]

+ > The organization can still receive mail from the blocked sender. Messages from the sender are delivered to user Junk Email folders or to quarantine. To delete messages from the sender upon arrival, use [mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) to **Block the message**.

+|**High confidence phishing** detection action <br/><br/> _HighConfidencePhishAction_|**Quarantine message** <br/><br/> `Quarantine`|**Quarantine message** <br/><br/> `Quarantine`|**Quarantine message** <br/><br/> `Quarantine`|Users can't release their own messages that were quarantined as high confidence phishing, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined high-confidence phishing messages.|

+Users can't release their own messages that were quarantined as malware, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+Users can't release their own messages that were quarantined as malware by Safe Attachments, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ ┬╣ Quarantine policies define what users are able to do to quarantined messages, and whether users receive quarantine notifications. For more information, see [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy). Users can't release their own messages that were quarantined as malware by Safe Attachments, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+ > Users can't release their own messages that were quarantined as malware by Safe Attachments policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+> [!TIP]

+> Allow entries of this pattern will be supported only from [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md).

+- **Allow match** and **Block match**:

+- **Allow not matched** and **Block not matched**:

+> [!TIP]

+> Allow entries of this pattern will be supported only from [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md).

+- **Allow match** and **Block match**:

+- **Allow not matched** and **Block not matched**:

+> [!TIP]

+> Allow entries of this pattern will be supported only from [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md).

+- **Allow match** and **Block match**:

+- **Allow not matched** and **Block not matched**: contoso.com/b

+> [!TIP]

+> Allow entries of this pattern will be supported only from [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md).

+- **Allow match** and **Block match**:

+- **Allow not matched** and **Block not matched**:

+> Users can't release their own messages that were quarantined as malware, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined malware messages.

+> Users can't release their own messages that were quarantined as high confidence phishing, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined high-confidence phishing messages.