MC360646 – (Updated) Exchange Online Protection: Anti-malware policy notification settings change (archived)

Microsoft Exchange Logo

check before: 2022-05-02

Product:

Defender, Defender for Office 365, Exchange, Microsoft 365 Apps, Microsoft 365 Defender, Microsoft 365 suite

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

Admin impact, Feature update, Updated message

Links:

MC303513
93212

Details:

Updated June 14, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting late June (previously early June) and completion of deployment by late July (previously late June)

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2022-04-19

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-08-27MC prepareReview the 'Quarantine Policy' selection in your current anti-malware policies. With this feature change, for default and all existing policies,
The selection in the 'Quarantine Policy' dropdown will be used for any recipient notifications.
For the new settings in 'Common attachment filter detections', the selection will be set to 'Quarantine the message' option (which is the same as the Quarantine policy dropdown).
Review the following resources below to learn more:

Create anti-malware policy
Quarantine policy
Quarantine policies in anti-malware policies
Use quarantine notifications to release and report quarantined
https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC303513
https://docs.microsoft.com/microsoft-365/security/office-365-security/configure-anti-malware-policies#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies
https://docs.microsoft.com/microsoft-365/security/office-365-security/quarantine-policies
https://docs.microsoft.com/microsoft-365/security/office-365-security/quarantine-policies#anti-malware-policies
https://docs.microsoft.com/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messages
https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93212
Review the 'Quarantine Policy' selection in your current anti-malware policies. With this feature change, for default and all existing policies,
The selection in the 'Quarantine Policy' dropdown will be used for any recipient notifications.
For the new settings in 'Common attachment filter detections', the selection will be set to 'Quarantine the message' option (which is the same as the Quarantine policy dropdown).
Review the following resources below to learn more:

Create anti-malware policy
Quarantine policy
Quarantine policies in anti-malware policies
Use quarantine notifications to release and report quarantined
ps://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC303513
ps://docs.microsoft.com/microsoft-365/security/office-365-security/configure-anti-malware-policies#use-the-microsoft-365-defender-portal-to-create-anti-malware-polici
ps://docs.microsoft.com/microsoft-365/security/office-365-security/quarantine-polici
ps://docs.microsoft.com/microsoft-365/security/office-365-security/quarantine-policies#anti-malware-polici
ps://docs.microsoft.com/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messa
ps://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=932
2022-06-15MC MessagesUpdated June 1, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting early June (previously mid-May) and completion of deployment by late July (previously late June)
Updated June 14, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting late June (previously early June) and completion of deployment by late July (previously late June)
2022-06-15MC Last Updated06/02/2022 03:32:012022-06-14T21:30:49Z
2022-06-02MC MessagesUpdated May 17, 2022: We have updated the rollout timeline below. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting early June (previously mid-May) and completion of deployment by late July (previously late June)
Updated June 1, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting early June (previously mid-May) and completion of deployment by late July (previously late June)
2022-06-02MC Last Updated06/01/2022 19:58:502022-06-02T03:32:01Z
2022-06-02MC Last Updated05/17/2022 21:42:582022-06-01T19:58:50Z
2022-05-18MC MessagesThe previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting mid-May 2022 and completion of deployment by late June 2022
Updated May 17, 2022: We have updated the rollout timeline below. Thank you for your patience.
The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.
Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):
Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.
Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.
This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting early June (previously mid-May) and completion of deployment by late July (previously late June)
2022-05-18MC TitleExchange Online Protection: Anti-malware policy notification settings change(Updated) Exchange Online Protection: Anti-malware policy notification settings change
2022-05-18MC Last Updated04/18/2022 17:22:472022-05-17T21:42:58Z
2022-05-18MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact
2022-05-18MC End Time07/31/2022 09:00:002022-08-31T09:00:00Z

*starting April 2022

Last updated 3 weeks ago

Login to your account

Welcome Back, We Missed You!