Tag: Policies

Set Exchange Online quarantine notification period

Many people have suspect emails sent to quarantine in Microsoft 365. This is achieved using a quarantine policy which you find at:

https://security.microsoft.com

image

You expand the options under Email & collaboration as shown above and select Policies and rules. On the right you select Threat policies as shown above.

image

If you scroll down the page a bit you’ll find Quarantine policies as shown above, which you should select.

image

The notification period is controlled in the GUI via the Global settings menu option as shown above.

image

From the dialog that appears from the right, scroll down to the bottom of the page and you will find an option Send end-user spam notifications as shown above. Presently, the minimum you can configure this to is Within 4 hours.

After you make any changes here select the Save button at the very bottom to update these settings for all the quarantine policies you have.

Don’t over look a good naming convention

pexels-george-becker-243337

If there is one piece of advice I can given when it comes to setting up policies in Microsoft 365, it is to have a good and consistent naming convention.

Microsoft 365 is full of policies, from Conditional Access, to Exchange Online to Intune and more. Having a naming convention worked about before you start creating policies is going to save you a lot of time down the track when you need to modify or troubleshoot your policies.

If you using something like Microsoft 365 Lighthouse to manage multiple tenants, then some additional thought will also need to be invested because if every tenant you manage has identically named policies then when these are rolled up into Microsoft 365 Lighthouse it is going to get confusing.

Although there is no agreed upon standard for naming conventions I’d give you these tips as general guidance:

– Short is better. i.e. ‘HR’ is far better than ‘Human Resources’

– Have the business name as a 3 letter acronym (i.e. ‘ABC’) at the beginning of the policy name if you are using Microsoft 365 Lighthouse

– Avoid special characters like @#$%, etc as well as spaces if you can. Use a ‘-‘ instead of a space and avoid using underscores (‘_’)

– Avoid upper case as well. My experience using the Microsoft Graph is that it can be very case sensitive at times. Having everything in lower case makes it much easier when you come to automating policies and the like with code such as PowerShell.

– Don’t state the obvious like starting every Microsoft Team with the full name of the business or words like ‘Project’. The shorter the name the easier it is to read and display.

– Be mindful of the names used on things like mobile devices

– Remove unnecessary policies to avoid confusion

– Avoid using names like ‘Test’, ‘Temp’, etc. if you do, remove these items when the test is complete to again avoid confusion.

– Try and make it easy for yourself and others in the future to understand and work with the names you have chosen.

The secret is to come up with a naming convention, document it and then use it everywhere. Consistency matters, because in the end it is going to be your time that gets chewed up by trying to work out what randomly named policies actually do. Take some time up front to have a convention and you’ll be rewarded with less pain later on.