O365 Security Identify Held Malware Work Instruction

This work instruction will allow an administrator to identify quarantined emails that pertain to failure related to Anti-Malware policy.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailQuarantine

  1. Navigate to Quarantine – O365 Defender, select Filters, specifying the Quarantine Reasons as Malware followed by Apply.
  2. With the malware filter selected, any quarantined messages that have been flagged as malware will be propagated.
  3. As the administrator, you will be able to view the message and make any troubleshooting decisions dealing with message handling.

You're Finished!

You should have successfully identified all quarantined mail that relates to potential Malware being present, remediation steps will need to be carried out if this mail has been falsely accused. For any other problems or questions, reach out to us!