Hey everyone,
I've received a couple of strange emails from Microsoft 365 security notifying me about quarantined emails sent from someone outside our organization. The quarantine emails indicate that a person tried to send something, but it was blocked from being delivered. I'm expected to review, release, or block the sender, but here's the catch: I can't log in to Microsoft because we don't even use any Microsoft services. Is this a common situation? Why are we getting quarantine notifications from an email provider that we don't use at all?
To clarify:
- I know the original messages had legitimate documents but included suspicious file extensions.
- The quarantine message appears to be real and all links lead to actual Microsoft websites.
- Our organization does not utilize Microsoft online services.
2 Answers
It sounds like your email address might be registered as a "Mail Contact" or "Mail User" in someone else's Microsoft 365 environment. This could happen if your address is part of a distribution list. Basically, when someone sends an email to that list, it gets forwarded to you, but since Microsoft 365 flagged it as possibly malicious, the email got quarantined. Does the quarantine email mention which address the email was originally sent to? That might help clarify things!
Just a thought: the sender could be using M365's outbound filtering, which would explain why you’re getting those notifications even if you’re not using the platform.
Just to clarify, where is your mailbox hosted? Is it on-premises, like an old Exchange server, or somewhere else?
It's on an on-prem Exchange server. We don't have any M365 accounts or online services from Microsoft at all, so this is all pretty confusing for me.
I think you're onto something! The quarantine notification probably relates to those policies in Microsoft's system. If OP's email is associated with an M365 group, that's likely where this is coming from.