Defender of XDR - Quarantine -... Note

Defender of XDR - Quarantine - Lack of filter/search options

The user expresses appreciation for the Microsoft Defender XDR portal but has significant concerns regarding the Quarantine section. They highlight the daily need to review quarantined emails for false positives. The primary issue is the severe lack of search and filtering capabilities within the quarantine. Even a simple filter for sender domains ending in .dk is not possible, despite 99% of legitimate emails originating from such domains. Typing ".dk" into the search bar yields no results, even when ".dk" sender addresses are visible. Current filter options are limited to exact sender or recipient email addresses, which are impractical for quarantine review. The user suggests several highly useful filters, including searching by sender domain suffix or containment, URL domain, and attachment name. The ability to save filter views and perform more flexible searches across message properties is also requested. They believe these improvements could be implemented with minimal effort. The user emphasizes that the quarantine is a frequently used part of Defender for security teams, making its usability crucial. Therefore, they strongly urge Microsoft to prioritize enhancing the quarantine experience.