Exchange Online Quarantine command line tips

/ January 17, 2021

I have managed many email security products namely Ironport, Mail frontier, Symantic mail security, bright mail, barracuda etc.

Managing of quarantine was super easy on all of them but then I came across Exchange online Quarantine.

I was missing all the filtering capabilities in classic or modern version of Exchange online quarantine (which is recent)


New modern quarantine has poor capabilities of filtering as well as deleting of quarantine messages were limited to 100.

Selection of messages for releasing also has limits of 100.


After struggling for GUI in few minutes I realized there might be better way of managing things without hitting these limits and yes there is thru exchange online management shell.

So, lets connect to exchange online Shell and go over some of the use full cmd lets for managing quarantine.

  • To check messages in quarantine

Get-QuarantineMessage -PageSize 1000 -Page 1

Note: only 1000 messages per page can be shown.

  • To go to Next Page simply type below command.

Get-QuarantineMessage -PageSize 1000 -Page 2

  • To filter the messages such as that are quarantined because of transport rule

Get-QuarantineMessage -PageSize 1000 -Page 1 -Type transportrule


  • You can also use start and end dates

Get-QuarantineMessage -StartReceivedDate 1/14/2021 -EndReceivedDate 1/15/2021 -PageSize 1000 -Page 1 -Type transportrule

  • To check the messages that are not released from the quarantine

Get-QuarantineMessage -PageSize 1000 -page 1 -Type transportrule | where{ $_.ReleaseStatus -eq “NOTRELEASED”}

  • To check the messages that are released from the quarantine

Get-QuarantineMessage -PageSize 1000 -page 1 -Type transportrule | where{ $_.ReleaseStatus -eq “RELEASED”}


  • To check the messages that are not released and recipient excludes the reports mailbox(or the mailbox that you want to exclude)

Get-QuarantineMessage -PageSize 1000 -page 1 -Type transportrule | where{($_. ReleaseStatus -eq “NOTRELEASED”) -and ($_.RecipientAddress -notlike “*reports@labtest.com*”)}

Now you know how to filter the messages on any criteria, you can do format list to check other fields as well


  • Let us now release the messages from the quarantine after you have filtered it.

    You can just pipe it at the end Release-QuarantineMessage -ReleaseToAll

Get-QuarantineMessage -PageSize 1000 -page 1 -Type transportrule | where{($_. ReleaseStatus -eq “NOTRELEASED”) -and ($_.RecipientAddress -notlike “*reports@labtest.com*”)} | Release-QuarantineMessage -ReleaseToAll

  • To delete the messages from the quarantine after filtering

    You can just pipe it at the end Delete-QuarantineMessage

Get-QuarantineMessage -PageSize 1000 -page 1 -Type transportrule | where{($_. ReleaseStatus -eq “NOTRELEASED”) -and ($_.RecipientAddress -notlike “*reports@labtest.com*”)} | Delete-QuarantineMessage

So I can say it is easy in Exchange online as well if you are good with PowerShell , you can use PowerShell magic to manage it or even script when ever necessary to automate a stuff.

Microsoft reference: Get-QuarantineMessage

 

Thanks for reading…

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

 

 

Advertisement

Related posts

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s