O365 Security Identify Held Spam & Phishing Work Instruction

This work instruction will allow an administrator to identify quarantined emails that pertain to failure related to Anti-Spam and Anti-Phishing policies.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailQuarantine

  1. Navigate to Quarantine – O365 Defender, select Filters, specifying the Quarantine Reasons as Spam, Phishing, and High Confidence Phishing followed by Apply.
  2. With the filters selected, any quarantined messages that have been flagged as spam, phishing and high confidence phishing will be propagated.
  3. As the administrator, you will be able to view the message and make any troubleshooting decisions dealing with message handling.

You're Finished!

You should have successfully identified all quarantined mail that has failed compliance with Anti-Spam and Anti-Phishing policies, remediation steps will need to be carried out if this mail has been falsely accused. For any other problems or questions, reach out to us!