Email notifications on quarantined emails can now include the detection reasons.

The email notifications on blocked emails are based on an HTML template that the admins can edit, and include the information they find important. The email templates include placeholders that are filled by the Avanan platform.

A new placeholder is now supported - {detection_reasons}. The new placeholder will be replaced with the top detection reasons (such as malicious URLs in the email body, bad reputation sender, and more).

Including the detection reasons will keep the end-users more informed why the email was blocked, and may reduce the number of requests to release emails from quarantine.

To include the detection reasons in the notification emails, edit the email template from the threat protection policy, next to the relevant workflows; or the global template, from the Config > O365 Mail configuration screen, under the 'advanced' section.

The new placeholder can be added from the placeholders menu, or by typing '{detection_reasons}' in the template editor.