This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 37%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hello,
We have recently observed a significant increase in legitimate emails being quarantined by Microsoft 365 Defender (EOP) for both Exchange Online and on-premises users. These emails are being flagged by the anti-spam policies, and this behavior started occurring suddenly across multiple clients.
Based on discussions in several community forums, it appears that this may be related to a recent change or update on Microsoft's end, as many users are experiencing similar issues. This suggests a potential shift in Microsoft's spam filtering algorithms or policy enforcement.
We would appreciate it if you could:
Confirm whether any recent changes have been made by Microsoft to EOP or Defender policies.
Provide any official articles, advisories, or announcements regarding this behavior.
Recommend the appropriate resolution or configuration changes to mitigate these false positives without compromising security.
Thank you for your support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Hi @Parsian02
Yes, there is a significant increase in legitimate emails being quarantined by Microsoft 365 Defender (EOP) for both Exchange Online and on-premises users. These emails are being flagged by the anti-spam policies.
The ability to view quarantined messages is controlled by the quarantine policy that applies to the reason why the message was quarantined (which might be the default quarantine policy as described in Recommended settings for EOP and Microsoft Defender for Office 365 security).
Microsoft Defender for Office 365 helps deal with important legitimate business emails that are mistakenly blocked as threats (False Positives). Defender for Office 365 can help admins understand why legitimate emails are being blocked, how to resolve the situation quickly, and prevent similar situations from happening in the future.
For handling legitimate emails that are in quarantine folder of end users:
Follow the document for more information: https://learn.microsoft.com/en-us/defender-office-365/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365?source=recommendations
Hope this helps. Do let us know if you have any further queries.
Hi @Parsian02
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Hi @Parsian02
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.