1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Quarantine Policies

M365 DEF-Quarantine-E3 Mappings

Quarantine policies allow admins to define the user experience for quarantined messages: what users are allowed to do to their own quarantined messages based on why the message was quarantined; and whether users receive periodic notifications about their quarantined messages.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213 Data from Information Repositories
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213.002 Sharepoint
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1530 Data from Cloud Storage
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.001 Malicious Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.002 Malicious File
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204 User Execution
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1080 Taint Shared Content
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1027 Obfuscated Files or Information
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1036 Masquerading
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1656 Impersonation
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1534 Internal Spearphishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.002 Spearphishing Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566 Phishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.001 Spearphishing Attachment