End-User Daily Quarantine Report (Digest)

The End User Quarantine Report (Digest) is an email notification sent to end users at least once per day. It provides a summary of emails that were delivered to them that were either quarantined or moved to the Junk/Spam folder within the last 24 hours.

This digest enables users to quickly identify important emails that require action, such as:

  • Restoring messages from quarantine

  • Trusting senders, so future emails are delivered to the inbox

  • Reviewing suspicious emails

The quarantine digest serves as a more user-friendly alternative to receiving individual notifications for every quarantined email.

00:05: This tutorial demonstrates, how to configure the daily quarantine report digest

00:09: for end-users and explains the end user experience when the administrator

00:14: configures to send an email report for quarantined junk and spam

00:18: emails from the past 24 hours.

00:21: Log in to the Check Point Portal and access the Email Security Administration Portal.

00:26: From the left navigation panel, go to security settings and in the user

00:30: interaction section, click quarantine

00:34: You can send a daily quarantine report to end users to do that.

00:38: Go to the end user, quarantine report digest section and enable

00:42: the send daily quarantine report to end users toggle button.

00:46: To configure the required Time and Time Zone to send the daily quarantine report,

00:50: go to the scheduling section and select the desired options to

00:55: send the report multiple times a day. Click plus add more if required.

00:59: You can configure the report to be sent every hour up to 24

01:03: times per day

01:05: You can select the users to send the daily quarantine report to do that.

01:09: Go to the recipient section and select the required options to

01:13: send the report to all Office 365 and Google users in your organization

01:17: select all Office 365 and Google users.

01:38: To stop sending alerts for individual quarantined emails for Office 365

01:43: users, select the Office 365 users.

01:46: Stop alerts on individual. Quarantined emails recommended To

01:51: stop. Sending alerts for individual. Quarantined emails for Google users,

01:55: select the Google users.

01:57: Stop alerts on individual. Quarantined emails.

02:00: Recommended

02:02: You can configure the required sender. Email address for the daily quarantine

02:06: report to do that. Go to the sender section and select the required

02:10: options.

02:12: To configure the daily quarantine report content.

02:14: For end users, go to the content section and select the desired options

02:19: to include spam emails sent to the junk folder in the report.

02:22: Select the include spam emails that are sent to the junk folder checkbox.

02:27: To allow and users to generate a new quarantine report.

02:30: For the last 24 hours, select the allow end users to generate

02:35: a quarantine report on demand checkbox.

02:38: You can customize the subject and the body of the daily quarantine report email

02:42: as required in the email subject and body section.

02:57: To specify the actions end users can perform on emails, quarantined

03:01: by Microsoft select the supported actions in the end user permitted

03:05: action section.

03:07: To include block listed emails in the daily.

03:09: Quarantine report select the include block listed emails checkbox

03:13: in the block listed emails section.

03:16: Click save and apply.

03:18: When the administrator configures, the daily quarantine report for end users,

03:22: they receive a detailed report containing information about emails sent

03:26: to them and quarantined as junk or spam in the last 24 hours.

03:31: To generate a new quarantine report of the last 24 hours, the end

03:35: user must scroll down to the end of the report and click the link provided in

03:39: the email.

03:47: Email Security will send a verification code to your email. Copy the code from the

03:52: email notification.

03:54: Enter the code and click submit to authenticate once authenticated,

03:58: Harmony email and collaboration stores a cookie in your browser, which

04:03: remains valid for 30 days, or until deleted whichever occurs

04:07: earlier, during this period, you won't need to authenticate again, when using

04:11: the same browser,

04:13: The system displays the request confirmation message and the end user

04:17: receives a new report for the last 24 hours.

Enabling the End-User Quarantine Digest

To enable the End-User Quarantine Report (Digest):

  1. Access the Email SecurityAdministrator Portal.

  2. From the left navigation panel, go to Security Settings > User Interaction > Quarantine.

  3. In the End User Quarantine Report (Digest) section, enable the Send daily quarantine report to end users toggle.

  4. (Optional) If you want end users to receive only a single periodic summary of all quarantined emails instead of individual notifications for each quarantined email, you can disable individual quarantine notifications. To do that:

    1. Go to Security Settings > User Interaction > Quarantine.

    2. In the End User Notifications section, enable the required option:

      • Office 365 Users - Stop alerts on individual quarantined emails

      • Google Users - Stop alerts on individual quarantined emails

    Note - Even if a policy is configured to notify users, enabling the Stop alerts on individual quarantined emails option prevents immediate notifications when an email is quarantined and ensures users only receive the daily quarantine digest.
  5. Click Save and Apply.

Emails Included in the Quarantine Digest

The End-User Quarantine Report (Digest) includes emails that were quarantined or sent to the Junk folder, depending on your configuration.

Note - In some cases, if administrators or end users have configured advanced rules that move Junk emails to other folders, emails shown in the digest as Junk may no longer be present in the Junk folder.

An email appears in the digest if the following conditions are met:

  • Emails Quarantined by Check Point

    Included if the policy allows the end user to restore the email or request its restoration.

  • Emails Quarantined by Microsoft

    Included if:

    • The Show emails quarantined by Microsoft checkbox is enabled under Security Settings > User Interaction > Quarantine > End User Permissions.

    • The email detection workflow allows the end user to restore the email or request its restoration.

  • Block-Listed Emails

    Included if the Include block-listed emails checkbox is enabled under Security Settings > User Interaction > Quarantine > End User Permissions > Block Listed Emails.

  • Spam Emails Delivered to the Junk Folder

    Included if the Include spam emails that are sent to the Junk folder checkbox is enabled under Security Settings > User Interaction > Quarantine > End User Quarantine Report (Digest) > Content.

  • Graymail Emails Delivered to a Dedicated Folder

    Included if the Include Graymail emails that are sent to a dedicated folder checkbox is enabled under Security Settings > User Interaction > Quarantine > End User Quarantine Report (Digest) > Content. See Graymail Workflows.

  • Reporting Time Period

    Includes only emails that are received within the configured digest reporting time period. See Scheduling and Coverage Timeframe for the Quarantine Digest.

Configuring Recipients for the End‑User Quarantine Digest

By default, the End-User Quarantine Report (Digest) is enabled and sent to all protected users assigned with a Prevent (Inline) or Detect and Remediate policy.

Notes:

Restricting End Users from Receiving the Digest

To send the digest to specific users or groups:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Recipients.

  3. Select All Google Users and specific Office 365 Users or Groups option.

  4. Add required users/groups and click Add to Selected.

  5. Click Save and Apply.

Notes:

  • Restricting users is supported only for Office 365 users, and not for Google users

  • Users or groups that are manually selected receive the digest even if they are assigned a monitoring-only policy.

Configuring the Available End User Actions in the Daily Quarantine Digest

The actions available to end users in the Daily Quarantine Report (Digest) depend on how the email was quarantined and the configuration defined in policy.

  • Emails Quarantined by Check Point - The permitted actions are defined in the relevant policies.

    For example, if the Threat Detection policy is set to allow users to request a restore for phishing emails, the Request restore action appears next to quarantined phishing emails in the digest.

  • Emails Quarantined by Microsoft - Users can perform actions based on Microsoft’s detection settings.

    To configure these permissions:

    1. Go to Security Settings > User Interaction > Quarantine.

    2. In the End User Permissions section, click Emails quarantined by Microsoft > End-user permitted actions.

      The default settings are:

      • Malware - Can request a restore (admin needs to approve)

      • High Confidence Phishing - Can request a restore (admin needs to approve)

      • Phishing - Can request a restore (admin needs to approve)

      • High Confidence Spam - Can restore on their own

      • Spam - Can restore on their own

      • Bulk - Can restore

      • Data Loss Prevention - Can restore

      • Transport Rule - Can restore

  • Emails Flagged as Spam – The Trust sender action appears if the Threat Detection policy is configured to allow users to trust senders. See Trusted Senders.

    This behavior applies regardless of whether the email is quarantined or delivered to the Junk folder.

  • Preview Email – This action allows users to preview quarantined emails in their End-User Portal. See End-User Portal (Email Security Portal).

    This action appears if the Include a Preview link next to each quarantined email checkbox is enabled under Security Settings > User Interaction > Quarantine > End User Quarantine Report (Digest) > Content.

    Note - For this action to work, ensure the End-User Portal is enabled for your users.

  • Restrict All Actions to the End‑User Portal – When you enable the Preview Email action, you can also enable Hide action links when the preview link is shown under Security Settings > User Interaction > Quarantine > End User Quarantine Report (Digest) > Content.

    This ensures that users interact with quarantined emails only through the End‑User Portal.

  • Required Authentication – In some cases, users may need to authenticate to perform actions from the digest. See Authentication for Email Notifications.

Scheduling and Coverage Timeframe for the Quarantine Digest

By default, the Daily Quarantine Report (Digest) is sent once per day at 12:00 AM (GMT +00:00).

You can configure additional daily delivery times to provide users with more frequent visibility into quarantined emails and allow faster restoration of important messages.

To configure scheduling for the digest:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Scheduling.

  3. Select the time and time zone to send the report.

    • In the Daily at section, select a specific time of the day to send the report.

      • To send the report multiple times a day, click + Add More and select the required time.

      • If required, you can configure the report to be sent every hour, up to 24 times per day.

    • In the Time zone section, select the required time zone.

  4. Click Save and Apply.

Notes:

  • Every digest includes emails received since the last digest was generated.

  • If there are no emails to report, the system does not send a digest.

Allowing End Users to Manually Request a Quarantine Digest on Demand

You can allow end users to request a new on-demand digest that includes emails from the previous 24 hours up to the time of the request.

To allow users to request a digest:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Content.

  3. Enable the Allow end users to generate a quarantine report on demand checkbox.

    A request link appears at the bottom of the digest email.

    Note - Manually requested digests are sent to end users even if they do not contain any quarantined or junk emails.
  4. Click Save and Apply.

Configuring a Custom Sender for the Quarantine Digest

To configure a custom sender for the digest:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Sender.

  3. Configure the required sender email address for the daily quarantine digest.

    • Friendly-From name

      • If no friendly-from name is required, select None.

        Note - Some email clients duplicate the sending address to the Friendly-from name.

      • To use a customized name, select Custom and enter the sender name.

    • From address

      • To use the default email address, select Default. The default email address is no-reply@checkpoint.com.

      • To use a custom email address, select Custom and enter the email address.

        		•

        Notes:

        • If you use the default sender or any email address under your domain, you must add the Check Point statement to the custom domain's DNS to prevent SPF and DMARC failures.

          include:spfa.cpmails.com

        • The custom domain must be one of the protected domains in your Check Point Portal tenant.

    • Reply-to address

      • To use From address as the Reply-to address, select Same as From address.

      • To use a custom email address, select Custom and enter the email address.

  4. Click Save and Apply.

Customizing the Text of the Quarantine Digest

You can customize the email subject and body of the End User Quarantine Report (Digest) to include organization‑specific messaging and links.

To customize the digest text:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Content.

  3. In the Email subject and body section, configure the subject and the body of the daily quarantine digest email.

    • In the Subject field, enter the email subject for the daily quarantine digest email notification.

    • In the Body field, enter the required information in the email notification.

      1. Place the cursor where you want to add the link.

      2. Click the icon.

        or

        Right-click and select Link.

      3. In the URL field, enter the URL.

      4. In the Text to display field, enter the text that should appear for the link.

      5. If required, enter a Title for the link.

      6. In the Open link in list, select Current window or New window.

      7. Click Save.

  4. Click Save and Apply.

Customizing Action Labels

You can customize the names of the actions that end users see in the digest (for example, Request restore).

To customize action labels:

  1. Go to Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, expand Content.

  3. In the Actions labels section, enter the required labels for the following.

    • Release

    • Request to Release

    • Trust Sender

    • Release and Trust Sender

  4. Click Save and Apply.