ORCA.106 - Quarantine retention period is 30 days.
Overviewβ
You can view, release, download, delete and report false positive quarantined email messages or files captured by Microsoft Defender for Office 365 (MDO) for SharePoint Online, OneDrive for Business, and Microsoft Teams in Office 365. Keep messages in the quarantine for 30 days to allow enough time for further investigation. This is the default value and also the maximum.
Remediation actionβ
Configure the Quarantine retention period to 30 days.
Related Linksβ
- Manage quarantined messages and files as an administrator in Office 365
- Microsoft 365 Defender Portal - Anti-spam settings
- Recommended settings for EOP and Office 365 Microsoft Defender for Office 365 security
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.106 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA106 |
| Tags | EXO, ORCA, ORCA.106 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA106.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA106.ps1