MS365

MS365 Block Lists & Email Quarantine Management

Email security is a critical aspect of the organization’s communication infrastructure, which provides Microsoft 365 with strong tools to help administrators manage email security, email quarantine, and block lists. In this blog post, we will cover what quarantined email messages and block lists are. We will also take a look into the end-user allow and block lists benefits.

What The Quarantine System in MS365 Does?


Microsoft Quarantine is a feature which will provide security for all organization users by protecting from possible harmful emails. Emails detected as suspicious or potentially dangerous are quarantined. In other words, the user’s mailbox is quarantined when the email is in there until an administrator or the user views and acts upon the email.

Quarantined Email: Email will be spam, phishing attacks, malware emails. Emails that match the signature can be held there for a period of time (decided by the O365 Administrator) until they get deleted automagically.

How to Retrieve Emails from the Quarantine? Step-by-step process

  1. Go to the Microsoft 365 Security & Compliance: https://compliance.microsoft.com
  2. Go to Email & collaboration >> Review >> Quarantine >> Email Tab:
  3. Review the quarantined emails and perform suitable action (release, deletion, mark false positive)
How to Retrieve Emails from the Quarantine? Step-by-step process

alt: How to Retrieve Emails from the Quarantine – step 1

How to Retrieve Emails from the Quarantine - step 2


What are the types of Quarantined Emails?


The kinds of messages most often quarantined are:

  • Spam: E-Mails with commercial advertising.
  • Phishing Attacks: Sending emails that appear to be from a legitimate organization or known individual to get recipients to click on a link or provide sensitive information, such as passwords and credit card numbers.
  • Malware emails — Emails with malicious software designed to harm, disrupt, or take control of computers.

The Microsoft 365 Administrator can set how long emails matching security signatures are getting put video in Quarantine. These emails are automatically deleted after this period if anything is not done on these emails.

Block List Management: Whitelist and Block List

Block List Management: In Microsoft 365 the block list management is all about domains, IPs and email addresses that are supposed to be blocked from sending emails to the users who are user in your organization. How to create Whitelist and Block list step by step?

  1. Sign in to the Microsoft 365 Security & Compliance Center : https://compliance.microsoft.com
  2. Navigate to Email & collaboration > Policies & Rules > Threat Policies > Anti Spam Policies:
  3. Select Block Domain Policies, Under Blocked Senders and Domain, add the email addresses or domains which want to block:
Block List Management: Whitelist and Block List - step 1

A screenshot of a computer screenA screenshot of a computer screen

How to Allow a Sender in Quarantined Email Messages? Step-by-step process

Users can allow a sender in quarantined email messages, ensuring emails from trusted sources aren’t mistakenly quarantined. If a user wishes to allow an external email address or domain, they can request to allow this specific email from quarantine.

  1. Access Outlook: Open Outlook and go to Settings.
  2. Navigate to Junk Email: Find the Junk Email settings under Mail.
  3. User can be “Report as Not Junk” to permit future emails from the sender.

    A screenshot of a computerDescription automatically generated

How to allow or Block IP Addresses in Microsoft 365?

If suspect malicious activity on a user account, in order to perform thorough investigations, We need to control certain IP addresses and take control of different aspects at a data level for email security in Microsoft 365. This will not only helps in the prevention of spam, phishing attacks, and other malice by blocking harmful IPs, while allowing known good ones of the same kind.

Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365

  1. Sign in to the Microsoft 365 Security & Compliance Center:
    https://security.microsoft.com/antispam
  2. Anti-spam inbound policy (Default) which is by default by Microsoft-
Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365 - step 1
  1. Edit Policy: Choose the spam filter policy and then click on “Edit”
  2. Blocked IP Addresses: Under “Connection filtering”, add the IP address to the “Blocked IP addresses” list so that Emails from this IP address do not reach your organization users. This is best to prevent Domains owned by known spammers and phishing attackers from around the internet.
Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365 - step 2
  1. Allowed IP Addresses:

– In “Connection filtering” ensure to list the IP address under the “Allowed IP addresses” section so that the emails originating from this IP are not blocked by mistake. (ideal for ensuring that domains that are considered Trusted are not being blocked by the spam filter)


This will help the administrators manage between the allowed IP addresses and the blocked IP of personnel and enjoy a safe and comfortable email communication medium at the end of the organization.

What are the End-User Allow and Block Lists(identities) Benefits?


       Allow & Block Lists for End-Users: Benefits of Letting End-Users Manage Their Own

  • Reduced False Positives: So, if users are in control of their allow lists, then the danger of a real email being accidentally quarantined is markedly diminished. It allows users to add sender to their whitelist in fewer clicks, ensuring their important communications are less likely to be flagged.
  • Presentments of virus attacks: Since Microsoft 365 automatically sends to quarantine all other emails, whenever it spots anything that looks like a virus. This pre-emptive action will prevent malicious emails from making it to the user’s inbox, act as added security.
  • User-Controlled Email Flow: Providing users with the ability to control their flow of emails bring about a decrease in what administrative overhead. Faster resolution of quarantined email related issues by the end-user, without waiting or needing admin assistance more time saved



MS365 Block Lists & Email Quarantine Management Summary


The Microsoft 365 security and compliance tools are very helpful for maintaining email security in the organization. The whole quarantine system isolates potentially harmful emails, while the block List system assists in preventing spam and phishing content. By authorizing users to manage their allow and block lists, organizations can improve their overall email security and reduce the workload on administrators.

The use of these tools ensures that our organization’s email communication remains secure and efficient.

Key Takeaways

  1. Improved Security: Suspect emails are isolated and lists of the blocked elements are managed to keep many cyber threats away.
  2. Power to the User — Letting end-users change their email preferences leads to lower false positives and lower admin overhead.

Efficiency: It Is More Efficient and Safer Because of Automated Processes and User-Control Settings in The Communication Process.

Incorporating these elements means that your company’s communication via email is private, productive, and professional. For organizations that are looking to keep a handle on their email security and maintain solid lines of communication Microsoft 365 has an almost all-encompassing solution in addition to proper measures to stay ahead of potential threats with Microsoft Threat Protection.

Popular Posts

No related posts found.