Quarantine Facets

Cloud App Security stores data as searchable indexes in cloud databases. Use these quarantine facets to narrow a search to a specific data set. The following tables describe the available quarantine facets.

Table 1. Exchange Online Quarantine Facets
Facet	Description
Status	Current status of an email message violating a policy. Options include: Quarantining Quarantined QuarantineFailure Restoring RestoreSuccess RestoreFailure Deleting DeleteSuccess DeleteFailure
Security Filter	The security filter includes: Virtual Analyzer File Blocking Web Reputation Data Loss Prevention Malware Scanning Advanced Spam Protection
Affected User	Mailbox that sent or received an email message violating a policy.
Protection Mode	Note: This facet is available only when you have provisioned an Exchange mail flow service account for outbound protection. The protection modes include: API: Cloud App Security implements protection by invoking APIs and scanning an email message after it reaches or is delivered from a protected mailbox. Inline: Cloud App Security implements protection by scanning an email message before it is delivered from a protected mailbox.

Table 2. Exchange Online (Inline Mode) Quarantine Facets
Facet	Description
Status	Current status of an email message violating a policy. Options include: Quarantining Quarantined QuarantineFailure Restoring RestoreSuccess RestoreFailure
Security Filter	The security filter includes: Virtual Analyzer File Blocking Web Reputation Data Loss Prevention Malware Scanning Advanced Spam Protection
Affected User	Mailbox that received an email message violating a policy.

Table 3. OneDrive, SharePoint Online, Microsoft Teams (Teams), Box, Dropbox, and Google Drive Quarantine Facets
Facet	Description
Status	Current status of a file violating a policy. Options include: Quarantining Quarantined QuarantineFailure Restoring RestoreSuccess RestoreFailure Deleting DeleteSuccess DeleteFailure
Security Filter	The security filter includes: Virtual Analyzer File Blocking Web Reputation Data Loss Prevention Malware Scanning
Affected User	User who uploaded or modified a file violating a policy.

Table 4. Salesforce Quarantine Facets
Facet	Description
Status	Current status of an object record violating a policy. Options include: Quarantining Quarantined QuarantineFailure Restoring RestoreSuccess RestoreFailure Deleting DeleteSuccess DeleteFailure
Security Filter	The security filter includes: Web Reputation Malware Scanning Data Loss Prevention
Affected User	User accout that updated an object record violating a policy.

Table 5. Gmail Quarantine Facets
Facet	Description
Status	Current status of an email message violating a policy. Options include: Quarantining Quarantined QuarantineFailure Restoring RestoreSuccess RestoreFailure Deleting DeleteSuccess DeleteFailure
Security Filter	The security filter includes: Virtual Analyzer File Blocking Web Reputation Data Loss Prevention Malware Scanning Advanced Spam Protection
Affected User	Mailbox that received an email message violating a policy.