Microsoft has recently renamed Office 365 Advanced Threat Protection to Microsoft Defender for Office 365.  Utilizing these tools your organization can setup anti-spam and ATP anti-phishing policies.  These policies control the aggressiveness at which to quarantine incoming malicious emails.

It is recommended to have notifications also sent to the end user which can be setup in the anti-spam policy.  Messages that are not flagged for high-confidence phishing can be released directly from the notification by the end user.  Note that an Administrator is required to release any message that was marked for high confidence phishing/spam.

Steps for an end user to release quarantined email in Office 365:

  1. Connect to the security and compliance center:
    (to browse to it in the Security and Compliance Center, go to Threat Management > Review > Quarantine.)
  2. Search for the email that needs to be released.
  3. Check the message and select Release message.

Release email from spam notification email:

The quarantined email message can also be released from a notification email seen below.   The email will be delivered to users with any email messages that are blocked.  Currently they are delivered from

For details on setting up a quarantine email notifications see use user spam notifications to release and report quarantined messages.