Skip to main content

Quarantine toolkit

All commands require an active EXO session (Test-EOLConnection is called internally). For complete and current details, run Get-Help <FunctionName> -Detailed.

Export-QuarantineEml

Fetch a quarantined message by MessageId, save it as EML, optionally open it, and optionally release to all recipients.

Syntax

Export-QuarantineEml -MessageId <String> [-DestinationFolder <String>] [-OpenFile] [-ReleaseToAll] [-ReportFalsePositive]
ParameterDescriptionRequiredDefault
MessageIdMessageId with/without angle brackets.Yes-
DestinationFolderFolder for the EML file.NoCurrent directory
OpenFileOpen the file after saving.NoFalse
ReleaseToAllRelease to all recipients after export.NoFalse
ReportFalsePositiveAlso report as false positive on release.NoFalse

Example

Export-QuarantineEml -MessageId '20230617142935.F5B74194B266E458@contoso.com' `
  -DestinationFolder C:\Temp\Quarantine `
  -OpenFile -ReleaseToAll -ReportFalsePositive

Get-QuarantineFrom / Get-QuarantineFromDomain

List quarantined messages by sender or sender domain.

Syntax

Get-QuarantineFrom -SenderAddress <String[]> [-IncludeReleased]
Get-QuarantineFromDomain -SenderDomain <String[]> [-IncludeReleased]
ParameterDescriptionRequiredApplies to
SenderAddressSender address(es). Pipeline accepted.YesGet-QuarantineFrom
SenderDomainDomain(s) (e.g., contoso.com). Pipeline accepted.YesGet-QuarantineFromDomain
IncludeReleasedInclude messages already released.NoBoth

Examples

Get-QuarantineFrom -SenderAddress 'bad@contoso.com' -IncludeReleased
Get-QuarantineFromDomain -SenderDomain 'contoso.com'

Get-QuarantineToRelease

Pull quarantine items for a date range, optionally pick items via Out-GridView, export CSV/HTML, and release or delete in bulk.

Syntax

Get-QuarantineToRelease -Interval <Int> [-ChooseDayFromCalendar] [-GridView] [-Csv] [-Html]
                       [-OutputFolder <String>] [-ReleaseSelected] [-DeleteSelected] [-ReportFalsePositive]
ParameterDescriptionRequiredDefault
IntervalDays back to search (1-30).Yes (unless calendar)-
ChooseDayFromCalendarPick a single day via calendar UI.NoFalse
GridViewSelect items via Out-GridView.NoFalse
Csv / HtmlExport reports.NoFalse
OutputFolderTarget folder for CSV/HTML.NoCurrent directory
ReleaseSelected / DeleteSelectedRelease or delete selected items.NoFalse
ReportFalsePositiveAlso report as false positive when releasing.NoFalse

Example

Get-QuarantineToRelease -Interval 7 -GridView -ReleaseSelected -ReportFalsePositive

Unlock-QuarantineFrom / Unlock-QuarantineMessageId

Bulk-release messages for specific senders or message IDs/identities (to all recipients, with optional false-positive report). Confirmation is controlled by SupportsShouldProcess; use -Confirm:$false when you want to suppress prompts.

Syntax

Unlock-QuarantineFrom -SenderAddress <String[]> [-ReportFalsePositive] [-Confirm]
Unlock-QuarantineMessageId [-MessageId <String[]>] [-Identity <String[]>] [-ReportFalsePositive] [-Confirm]
ParameterDescriptionRequiredApplies to
SenderAddressSender address(es). Pipeline accepted.YesUnlock-QuarantineFrom
MessageIdMessageId values (with/without angle brackets). Pipeline accepted.One of MessageId/IdentityUnlock-QuarantineMessageId
IdentityQuarantine Identity values (e.g., GUID\GUID). Pipeline accepted.One of MessageId/IdentityUnlock-QuarantineMessageId
ReportFalsePositiveAlso report as false positive.NoBoth

Example

Unlock-QuarantineFrom -SenderAddress 'sender@contoso.com' -ReportFalsePositive -Confirm:$false
tip

Format-MessageIDsFromClipboard (mids) now prepares quarantine identities and can trigger Unlock-QuarantineMessageId -Identity directly from clipboard content.

Questions and answers

Is EXO required for quarantine functions?

Yes. Quarantine cmdlets call Test-EOLConnection and expect an active EXO session (Connect-EOL/Connect-Nebula).

How do I handle confirmations for destructive actions?

Cmdlets like Unlock-QuarantineFrom or Remove-MboxPermission support -Confirm:$false / -WhatIf via SupportsShouldProcess. Use them to automate or dry run.