Updated May 17, 2022: We have updated the rollout timeline below. Thank you for your patience.
The previous Message Center post MC303513 (Dec ’21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications. This message is associated with Microsoft 365 Roadmap ID 93212.
The anti-malware policy can be configured with recipient and sender notifications when a message is quarantined. We are redesigning this notifications option and delivery.
The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.
As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:
- True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
- Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other): Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
- Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
- Exchange Online
- Microsoft 365 Defender
When this will happen
Starting early June (previously mid-May) and completion of deployment by late July (previously late June).
How this will affect your organization
Once these changes are rolled out, the current email notifications for recipients and senders will be stopped. Instead, any recipient notifications will be based on the selected quarantine policy (dropdown in the anti-malware policy).
What you need to do to prepare
Review the ‘Quarantine Policy’ selection in your current anti-malware policies. With this feature change, for default and all existing policies,
- The selection in the ‘Quarantine Policy’ dropdown will be used for any recipient notifications.
- For the new settings in ‘Common attachment filter detections’, the selection will be set to ‘Quarantine the message’ option (which is the same as the Quarantine policy dropdown).
Review the following resources below to learn more:
- Create anti-malware policy
- Quarantine policy
- Quarantine policies in anti-malware policies
- Use quarantine notifications to release and report quarantined
Message ID: MC360646
Published: 18 April 2022
Updated: 17 May 2022