Service Update

Overview

Mimecast is pleased to announce a feature that allows administrators to remove an item(email/file) from Quarantine without releasing it to users.

What's changing

Administrators now have enhanced control over quarantined items, allowing them to remove emails and files without releasing them to users. This ensures a more secure and efficient filtering process, keeping only safe and relevant information accessible.

1. This action is irreversible, administrators do not need to cite a reason to Delete
2. This will currently apply only to emails, in the first round. SharePoint and One-Drive have been redacted (Teams currently does not quarantine items).
3. Only items with the following statuses can be deleted: Quarantined.
4. Selecting Delete marks the item (email) as Deleted. It will no longer appear in the Quarantine queue, but will instead show a status of Deleted accompanied by a trash can icon.
5. An entry is recorded in the Audit Log, similar to other administrative actions such as Release or Remove.
6. There are two facets to consider: deleting as a Singular Action and deleting as a Bulk Action. Both seek the same information and occur similarly.

7. In both cases, confirmation is needed. A pop-up will appear for a Single Action delete, which will only proceed if confirmed. For Bulk Actions, a summary list will be shown, and the administrator must click Confirm to continue.

Recommended actions

For more information on how to use the new functionality based on your specific requirements, please see: Detections - Viewing Attacks.