When users receive a quarantine notification, the following information is available for each quarantined message:

• Sender: The email address of the sender of the quarantined message.
• Subject: The Subject line of the quarantined message.
• Date: The date/time that the message was quarantined in UTC.

The actions that are available for messages in the quarantine notification depends on why the message was quarantined and the permissions in the associated quarantine policy. For more information, see Quarantine policy permission details.

• Review message: Available for all messages in quarantine notifications.

  Selecting the action takes you to the details flyout of the message in quarantine. It's the same result as going to the Email tab on the Quarantine page at https://security.microsoft.com/quarantine?viewid=Email, and selecting the message by clicking anywhere in the row other than the check box next to the first column. For more information, see View quarantined message details.

• Release: Available for messages that were quarantined by features using a quarantine policy with the Full access permission group or the individual Allow recipients to release a message from quarantine (PermissionToRelease) permission. For example, DefaultFullAccessWithNotificationPolicy, NotificationEnabledPolicy, or custom quarantine policies.

  Selecting the action opens an informational web page that acknowledges the message was released from quarantine (for example, Spam message was released from quarantine). The Release status value of the message on the Email tab of the Quarantine page is Released. The message is delivered to the user's Inbox (or some other folder, depending on any Inbox rules in the mailbox).

  Users can't release their own messages that were quarantined as malware by anti-malware or Safe Attachments policies, or as high confidence phishing by anti-spam policies, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to request the release of their quarantined malware or high-confidence phishing messages.

• Request release: Available for messages that were quarantined by features using a quarantine policy with the Limited access permission group or the individual Allow recipients to request a message to be released from quarantine (PermissionToRequestRelease) permission. For example, custom quarantine policies.

  Selecting the action opens an informational web page that acknowledges the request to release the message from quarantine (The message release request has been initiated. The tenant admin will determine if the request should be approved or denied.). The Release status value of the message on the Email tab of the Quarantine page is Release requested.

• Block Sender: Available for messages that were quarantined by features using a quarantine policy with the Full accessor Limited access permission group, or the individual *Block sender (PermissionToBlockSender) permission. For example, DefaultFullAccessWithNotificationPolicy, NotificationEnabledPolicy, or custom quarantine policies.

  For this action to work correctly, users need to be enabled for remote PowerShell. For instructions, see Enable or disable access to Exchange Online PowerShell.

  This action opens an informational web page to acknowledge that the message was added to the Blocked Senders list in the user's mailbox (for example, Spam message sender was blocked in quarantine).