Viewing Security Events for Microsoft Quarantined Emails

  1. Go to Events from the left navigation panel.
  2. Select the time frame to view the security events.
  3. In the Threat Type filter, select the relevant threat type.

    Malware for emails Microsoft quarantined because of a malware detection or a block-listed file type.

    Phishing for emails Microsoft quarantined because of a High Confidence Phishing detection or a Transport Rule.

    Suspected Phishing for emails Microsoft quarantined because of a phishing detection.

    Spam for emails Microsoft quarantined because of High Confidence Spam, Spam, or Bulk detections.

  4. In the Action Taken filter, select Email quarantined.
  5. In the Remediated by filter, select Microsoft.

The Events page shows all the security events for Microsoft quarantined emails. To take action on these security events, see Acting on Events.

Note:

Avanan synchronizes Microsoft quarantined emails hourly due to limitations in how Microsoft's API exposes quarantined emails. During each synchronization, the system retrieves emails received in the hour preceding the last full hour. For example, a sync at 13:30 PM fetches emails received between 11:30 AM and 12:30 PM. As a result, Microsoft quarantined emails appear in the portal at least one hour after receipt.