Table of Contents
Summary
- A new permission, “Email and collaboration content: Quarantine emails (read),” will be introduced for accessing quarantined email content in Microsoft Defender for Office 365.
- Only admins with the new permission can view and download quarantined message content; others will see metadata only.
- Existing permissions will automatically include the new permission to maintain access for affected admins.
- This change does not impact user quarantine experiences or threat detection and mail flow behavior.
- Administrators should review access needs and update role assignments in the Microsoft Defender portal accordingly.
Admin Impact: Medium
User Impact: Low
Release Start: 31 Mar 2026
Release End: 15 Apr 2026
Services: Defender XDR
Category: Stay informed
Tags: Feature Update, Admin Action
History
2/18/2026 Item Added to Message Center
Microsoft Message
Introduction
We’re introducing updated access controls for quarantined messages in Microsoft Defender for Office 365. These updates add a new permission that provides more granular control over who can view quarantined email content, helping organizations better protect sensitive email data.
These changes affect permissions assigned through Defender XDR Unified RBAC.
When this will happen
General Availability (Worldwide): We will begin rolling out late March 2026 and expect to complete by mid-April 2026.
How this will affect your organization
Who is affected:
- Microsoft 365 administrators and security operators who are assigned permissions to access quarantined messages in Microsoft Defender for Office 365
- Only those using Microsoft Defender XDR Unified role-based access control (URBAC); this change does not apply to legacy role-based access control.
- Microsoft 365 administrators who are assigned Security operations, Security data, Email and collaboration quarantine (manage), or Security data basics (read) permissions today, which provide access to preview and download quarantined content.
What will happen:
- A new permission, Email and collaboration content: Quarantine emails (read), is being introduced to control access to quarantined message content.
- To view and download the content of quarantined email messages, admins must have the new permission.
- Admins without this permission will continue to see metadata only and will not be able to preview or download quarantined message content.
- This update does not change threat detection, verdict, or mail flow behavior. It only affects access to message content after items are quarantined.
- There is no impact to user quarantine experiences.
- To maintain parity, admins with existing access permissions (including Email and collaboration quarantine (manage) or Security data basics (read)) will automatically be assigned this new permission.
What you can do to prepare
- Review which administrators in your organization require access to quarantined message content.
- Validate that you were auto assigned this new permission (if applicable).
- Update role assignments as needed in the Microsoft Defender portal under Roles and Role assignments.
- Communicate this change to security operations and helpdesk teams that investigate quarantined messages.
Learn more:
- Manage quarantined messages and files as an admin – Microsoft Defender for Office 365 | Microsoft Learn (will be updated before rollout)
- Quarantine policies – Microsoft Defender for Office 365 | Microsoft Learn (will be updated before rollout)
Compliance considerations
No additional compliance considerations were identified. Review as appropriate for your organization.