Quarantine

Quarantine in Microsoft 365 is the holding area for emails detected as spam, phishing, malware, or otherwise unsafe by Exchange Online Protection (EOP) and Microsoft Defender for Office 365. End users receive a daily quarantine notification listing recent quarantined messages and can self-release low-risk items; high-confidence detections (phish, malware) require admin review. Admins manage quarantine in the Defender portal at security.microsoft.com → Email & collaboration → Review → Quarantine. Retention is 30 days by default (configurable up to 30); after that, messages are auto-deleted. Quarantine policies control end-user permissions per detection category.