Documentation

Quarantine

Suggest Edits

Overview

Quarantine is an Enterprise Action that makes messages inaccessible to mailbox end users, thus preventing interaction with malicious message bodies, links, or attachments.

In Microsoft 365 environments, quarantined messages are pulled from the inbox and placed in the "Recoverable Items Purges" directory. Mailbox users are not able to access the message in this directory.

📘

Note

By default, admins are able to restore Microsoft 365 messages from Quarantine for 14 days after the message was received. This retention period is configurable in Exchange Admin. See the official Microsoft documentation for more details.

In Google Workspace environments, quarantined messages are deleted and are completely inaccessible to the mailbox owner, but can still be restored by Sublime admins.

Add Quarantine to Rules for automated blocking

  1. Click "Detection" or “Triage” in the left nav of your Dashboard
  2. Click on the Rule you wish to add the action to, opening the detail view for this Rule
  3. Click "Edit" or "Edit Metadata" in the top right of this detail view
  4. Click the "Actions" dropdown and select your Quarantine Action
  5. Click "Save Rule"

Manually quarantine a message

  1. While viewing the message on the Dashboard, select the "Quarantine" option in the review flow.
  2. Optionally add a custom Action, review label, comment, and the Share with Sublime check.
  3. Submit your review!

Note: You can quarantine a message using the Quarantine API instead! Check out how here.

Restore a quarantined message

  1. While viewing the message on the Dashboard, select the "Restore from Quarantine" option in the review flow.
  2. Optionally add a custom Action, review label, comment, and the Share with Sublime check.
  3. Submit your review!

Note: You can restore a quarantined a message using the Restore API instead! Check out how here.

Updated 15 days ago