This guide will show an administrator how to submit a desired quarantined email to Microsoft for analysis and how create a block for the sender or sender domain to update the scanning criteria.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender for Email Submit and Block Action
- Open a desired quarantined email, locate, and select the three dots followed by selecting the Submit for Review action.
- The Submit to Microsoft for analysis flyout will open; Two out of the three fields will be pre-generated with email related information, locate and select the I’ve Confirmed it’s a Threat, followed by the type of threat it is being reported as. Select Next.
- On the following screen, select Block All Emails from this Sender or Domain, specifying to block at the sender or domain level, along with setting the entry to expire after the desired amount of time and adding an optional note. Click Submit to finalize.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.