M365 : what if you want to delegate Quarantined Email Tickets to your level 1/2 Technicians with the least privileges ?

If you have correctly configured a quarantine policy in M365, users will receive an email for any suspicious email in quarantine. Proper configuration also requires users to request the release of quarantined emails if they know the sender (a new ticket will be automatically opened). Level 1 or 2 technicians will then perform a second check and release the e-mail to its destination if it is deemed safe.

However, there is no direct role in Entra ID to specifically manage this task only for level 1 or 2 technicians.

This article explores how to assign this responsibility with as few privileges as possible, without giving them unnecessary access such as security administrator.

Issues :

When a level 1 or 2 technician receives requests to release quarantined emails, it’s crucial to ensure that they can perform this task without having access to sensitive features or information not required for their role.

The question is :

how to configure access so that he can only manage quarantined emails with the least privileges ?

Solution :

1. Go to Microsoft defender Portal : https://security.microsoft.com/
2. Select Permission from left menu bar
3. Select “Roles” under “Email & collaboration rules“

• Search for “Quarantine Adminnistrator“, select it and click “Edit“.

• Add users (level1 or 2 technician)

Thanks