Office 365 Microsoft Email Security

Owned by
Kevin Malone
Last updated: Mar 06, 2023 by
Robin Hoffman
4 min read

In an aim to increase online security, SU has multiple policies in place for email.  

Items received via SU email are scanned for safety.  Using the following policies, some email may be sent to your Junk folder, other items which are deemed unsafe will be quarantined. 

If you find that you are missing an email (verified as sent to your correct email address) and do not see it listed in your inbox, be sure to check your Junk folder or Other folder if using the focused inbox

If you are still unable to find the email create an IT Support ticket for assistance.   Please be sure to include the date and time sent, senders email address, and title of the email missing.  


Anti Spam Policy

  • Email classified by Exchange Online as Spam and Bulk email will be moved to the mailbox's Junk Email folder. 
  • Email classified by Exchange Online as High Confidence Spam, Phishing and High Confidence Phishing will be quarantined in Exchange Online.  User's will not be able to view the online quarantine to release messages, but can submit an IT Support ticket if they cannot find an email.  This allows administrators to check the quarantine for messages deemed high confidence or highly suspect as well as search audit logs if necessary.

Quarantined Email Attachment Types

Checking Your Junk and Quarantine Folders
Within your Inbox in Outlook, there are two additional folders that keep emails for your protection. You should check those folders for possible missing emails. They have been flagged according to the information below. To access either folders, please follow these steps:

  1. Open Outlook

  2. In the left pane make sure you are in your Inbox

  3. In your folder list, you can find the Junk Email folder, as well as the Quarantine folder

  4. Click on the name of the folder to access email items

A quarantined email has been through Microsoft's filtering system that flags it as a potential threat to SU network security. The email filtering system then moves it to a quarantine area instead of delivering it to your inbox. Outlook blocks the sending and receiving of certain types of files (such as .exe and certain database files) as attachments. If you need to send one of these file types to an email recipient, we recommend using OneDrive and sending the recipient a link to the file instead. See Microsoft Office 365 Outlook Email Quarantined File Extensions for a complete list.  

Quarantined emails are still accessible through the Quarantine folder within your inbox. It acts very much like the Junk folder. If you are expecting an email from someone and it doesn't come through, it could be because it was a high-level quarantined message and will need further assistance from the Help Desk. Please create a ticket to have support technicians review high-level quarantines for the email and they can restore it to your inbox if has been received. If you find that a certain email sender is being sent to quarantine often, you can add them to your Safe Senders list within Outlook to alleviate additional steps to retrieving their messages.

Junk vs Quarantine
Outlook attempts to filter out junk, keeping the Inbox clear of content you don't want to see. Usually, junk mail (advertisements, contests, spam, social marketing, etc.) is delivered to the Junk Email folder. Quarantined emails usually contain potentially dangerous or unwanted messages, such as phishing emails or malware.

Anti Malware Policy

Messages containing the following attachment types are automatically quarantined in Exchange Online:

.ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs

Anti Phishing Policy

  • Domain impersonation protection is enabled for all SU email.  Impersonated domain attempts are quarantined.
  • Impersonated User protection is enabled via mailbox intelligence. Impersonated user attempts are quarantined.
  • Spoofed domain intelligence is enabled.  Spoofed domain messages are sent to junk mail folder.

Safe Links Policy

  • Check a list of known (Microsoft managed), malicious links when users click links in Email or Microsoft Teams. URLs are rewritten by default.  Malicious links are blocked and click tracking is enabled.  See Advanced Threat Protection(ATP)/SafeLinks Email Scan for more information. 

What is sent to Outlook Junk/Spam Folder

In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, inbound messages go through spam filtering in EOP and are assigned a spam score. That score is mapped to an individual spam confidence level (SCL) that's added to the message in an X-header. A higher SCL indicates a message is more likely to be spam. EOP takes action on the message based on the SCL.

Things that are known to affect the SCL score to mark them as Junk/Spam are email with no content and a URL only, spoofing domains, using a URL with IPs instead of DNS names, text with numbers instead of letters, embedding images with URLs and no context, and attachment types.

Email Retention Policy

The following retention policies are applied to everyone

  • Junk Email Folder deleted after 30 days
  • Deleted Items Folder deleted after 30 days
  • Messages older than 2 years automatically moved to archive mailbox (currently students do not use an archive mailbox due to limited time at the University)
  • All Messages from standard mailbox and archive mailbox are deleted after 10 years








Did this solve your issue??