Request release email from quarantine

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 6분

    • Use this feature to release the email that is quarantined from the Microsoft Purview compliance portal.

    시작하기 전에

    By default, the base system provides the Request email release from quarantine response option and MSFT Quarantine Release Response Option Rule to release the email from quarantine. This default record also has the Quarantine Release Approval Rule configured with it to leverage the approval functionality for this action. For more information, see Create incident response option rules, Configure response option for your DLP incidents, and Create Approval Rules.

    그림 1. MSFT Quarantine Release Response Option Rule
    Default MSFT Quarantine Release Response Option Rule
    그림 2. Default MSFT Response Option
    Default MSFT Response Option - Request email release from quarantine
    Prerequisites:
    1. Exchange Online PowerShell module need to be installed on the MID server. For more information, see Install and maintain the Exchange Online PowerShell.
    2. The MID server needs to communicate with the Exchange server, which is also a cloud service. Therefore, the MID server requires continuous internet access.
    주:
    If you are using this response option then make sure the mid server is up and running with PowerShell capability. If a mid server is not up and running and doesn't have PowerShell capability then the end user will not be able to select Request email release from quarantine action from the DLP Users workspace. For more information, see Create incident response option rules and Configure response option for your DLP incidents.
    • If you want a specific MID server from the list then you have to configure the MID app and make it visible in the list, and then at least one MID server which is configured should be up and running from the selected mid applications and should have the Power Shell capability.
    • For you to use the Release from quarantine option, you need API permissions. On the Microsoft API permissions page, verify Office 365 Exchange Online > Exchange.ManageAsApp is listed and contains the following values:
        • Type: Application.
        • Admin consent required: Yes.
        • Status: The current incorrect value is Not granted for <Organization> for the Office 365 Exchange Online > Exchange.ManageAsApp entry and change the status value. For further steps on the API permissions, see Assign API permissions to the application on the Microsoft documentation site.
          주:
          This step is required to connect to Exchange online using Service principle.
    • You should also need Security Administrator role in Service Principle,
      • Search for Microsoft Entra ID roles and Administrators in Microsoft Azure portal, and add assignment to the registered app (Service Principle) and then follow the procedure explained on the Microsoft Documentation on how to assign a role.
    • This option is applicable only for Microsoft Exchange incidents which have the Policy Action option as ExQuarantine on the incident form view.

    Role required: End user

    The following procedure explains on how to submit this action from the DLP User Workspace.

    프로시저

    1. Navigate to DLP > DLP User Workspace.
    2. Open any Microsoft Exchange DLP incident.
      Verify that the incident Policy Action is set to ExQuarantine.
    3. Click Respond.
    4. Select Request release mail from Quarantine option from the Response drop down list.
      그림 3. Submit incident response - Request email release from quarantine option
      Submit incident response for Microsoft Exchange
    5. Click Submit.
      주:
      When an approval rule is configured for this action, the approval flow will be triggered first and after receiving all the approvals, the Request email release from quarantine flow will be triggered and the email will be released from quarantine. The state of the DLP Incident will be updated to Released from Quarantine after successful release.