Microsoft Defender for Office 365

In 2022, Purdue University adopted Microsoft's Defender for Office (MDO) email security service. This page provides information about what MDO is and what you need to do going forward.  

All users will receive emails from Microsoft 365 Security ( notifying you of incoming messages that have been marked as malicious or as spam. Check these messages regularly, as they may be blocking emails that you were expecting to receive. At any time, you may review which in-coming messages are being held in quarantine by going to

What is Microsoft Defender for Office 365 (MDO)?  

Microsoft Defender for Office 365 is a security email service that will monitor email traffic across Purdue University in order to protect you from malicious phishing campaigns, marketing spam, malware and more. Using Microsoft's machine learning and Artificial Intelligence (AI), MDO will provide greater email security and protect you from the latest email threats. For more details, please see the video below:  

What if a Legitimate Email was Marked as Malicious?  

MDO will move emails marked as malicious/bulk to a secure "Quarantine" inbox that you can check and manually release emails (please see "How to Release Legitimate Email from Quarantine?" section of this article for more details). You will receive a daily report in your email about the contents of your quarantine inbox with options to either delete or release the emails in the list. Alternately, you can open a web browser and navigate to to manually check your quarantine inbox at any time. Releasing emails from quarantine will allow Microsoft's AI engines to learn your email habits and it will adjust its definitions over time, which will reduce the number of false positives that you will see. Alternatively, you can also add specific senders to your personal whitelist within MDO (Please see "How do I whitelist emails within MDO?" FAQ for more details).

How to Release Legitimate Email from Quarantine

To release falsely held emails from quarantine, simply open a web browser and navigate to or you can click the "Review" button in the daily quarantine report that you receive in your inbox. Once there, sign into MDO using your Purdue career account and password (Doing so will result in a prompt for Microsoft's Multi-Factor Authentication. See for more details). Once signed in, you can then select the messages that you wish to release and click the "release" option. Note: It may take up to 5 minutes for the released email to appear in your inbox after performing this action. 

If you need additional instructions, they can be found in the video below:

Frequently asked questions

How do I whitelist emails within MDO?

MDO retains a whitelist in the form of Exchange Online’ s Safe Senders list. Specific email addresses can be added to this list to bypass certain scanning mechanisms. Emails entered into the Safe Senders list will not completely bypass all scanning by MDO. Safe Senders will allow the email to bypass anti-spam, anti-phishing, and anti-spoofing engines, but will NOT allow bypass anti-malware, general filter, high confidence spam/phishing, or other miscellaneous engines. Additionally, you must enter specific senders into the Safe Senders list. Attempts at adding the domain to the list will not change MDO's behavior.

Please reference this knowledge base article on how to add to Safe Senders for more details:

How many emails can I whitelist?
The Safe Senders list has a maximum entry amount of 1000 senders.
Why do I have to "Request Release" an email?
Emails classified as malicious with high confidence will require administrative approval prior to releasing the email. You will need to click the "Request Release" to notify our Security Operations Center and an analyst will review your request and approve it if the detection is considered a false positive. If you have specific questions about your release request, please email
What happened to the previous Cisco Quarantine system?
MDO is replacing the previous Cisco Quarantine system, but both Cisco and Microsoft email scanning/monitoring are actively in place. MDO will be providing an added layer of protection against the latest email threats, but not replacing Cisco entirely  
What happens when I use the Report Message button?

When you report a message in your inbox as junk/phishing, it will add that specific email address to your personal blocked list.

NOTE: If you desire to block all messages from a specific domain, you will do that in the Settings menu.

If you report a message as not junk from the Junk Email folder, Defender will make sure you receive emails from this specific email address more often.

What are email headers?
An email header provides a list of technical details about the message, such as who sent it, the software used to compose it, and the email servers that it passed through on its way to the recipient. For more details on how to retrieve your email headers, please see the documentation below: 
What do the different reporting options in the Report Message button do?

Junk / Phishing – choosing these options will move the message from your Inbox to your Junk Email folder; a copy of the message may be sent to Microsoft to help update spam/phishing filters.

Not Junk – choosing this option when a message has incorrectly been sent to the Junk Email folder will move the message back to your Inbox and update Microsoft to make sure you receive messages from this address in the future.

Options – allows you to choose whether messages are automatically sent to Microsoft when they’re reported as junk or phishing attempt.

What are Safe Links?

Safe Links is a feature in Defender for Office 365 that provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages and other locations. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks.