Quarantine

If Kaspersky Security for Microsoft Office 365 detects an Exchange Online message, OneDrive or SharePoint Online file that is supposed to be deleted or modified according to the configured security policies, the application does not permanently delete the original message or file. Instead, the application moves the message or file to a specially configured hidden folder located within the Office 365 service where the message or file was detected. This temporary storage is referred to as Quarantine.

If the Data Discovery module detects a confidential data leak threat, the detected items are not moved to Quarantine, but only displayed in the Quarantine list, so you can consider actions to prevent the possible leakage.

Keeping the message or file in Quarantine prevents the risk of immediate infection. In addition, temporary storage allows the administrators to review all of the detections made by the application, and to locate and release selected quarantined items.

Every message or file moved to Quarantine is registered as a separate quarantined item and displayed in the Quarantine section of the Management Console.

You can also use the Quarantine view to locate and manage messages originally stored in Exchange Online Quarantine. The application requests the details of the quarantined messages from Exchange Online and displays them along with the quarantined items of Kaspersky Security for Microsoft Office 365.

By default, displaying Exchange Online quarantined items in the Management Console is enabled. You can disable it by customizing the Quarantine view.

The application does not move messages from Exchange Online and files from OneDrive or SharePoint Online to the Kaspersky Security for Microsoft Office 365 infrastructure, nor does it perform any actions on them on its own.

Messages can be temporarily moved to Quarantine due to Anti-Spam and other ongoing scans that involve address Anti-Spoofing, potential spam and Anti-Phishing checks. If the messages are considered as clean after the additional checks, they are automatically released from Quarantine to their original folders. Such messages are stored in Quarantine for 50 minutes. You can also release them manually.

You can manage quarantined items as follows:

Messages and files in the Quarantine view are stored for a pre-defined retention period. After the end of this period, the messages and files are permanently deleted along with their metadata. The retention period is 30 days for items moved to Quarantine by Kaspersky Security for Microsoft Office 365. The retention period for Exchange Online quarantined messages is defined by the corresponding Exchange Online settings. For information about configuring the Exchange Online Quarantine retention period, refer to the Office 365 documentation at https://docs.microsoft.com/en-us/office365/securitycompliance/manage-quarantined-messages-and-files.

The Quarantine view can display all detected messages, not only copies of messages that were deleted or modified according to the configured security policies. To enable this feature, contact Technical Support.

In this section

Viewing the details of quarantined items

Filtering the list of quarantined items

Previewing content of quarantined Exchange Online messages

Deleting quarantined items

Releasing quarantined items

Saving quarantined items to disk

Exporting the list of quarantined items

Page top