[Feature Request]: Defender Standard - Add additional email to "User requested to release a quarantined message" alert policy #2667
Description
Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.
Currently, when a user requests a message from quarantine, it defers to the built-in alert policy (called "User requested to release a quarantined message") in the Security portal, which has the default value of 'TenantAdmins.' We can manually go to the alert policy and update it with additional addresses and it works with external email addresses. Our organization wants to use this to control where the requests go when users request an email be released.
To edit this setting in the GUI: M365 Security Center, go to: Email & Collaboration < Policies & Rules< Alert Policies< User requested to release a quarantined message
Ideally, this would be in a standard, so we could just input our destination email address, like [email protected], and have the alert policy be updated across all tenants.
PowerShell commands you would normally use to achieve above request
From my research, it might not be possible to edit built-in alert policies via API, but if there is a way, I'm sure you all could figure it out. Confirmed here that you can't edit the default alert policy with this cmdlet, but maybe there is any other way via direct graph?
https://learn.microsoft.com/en-us/powershell/module/exchange/set-protectionalert?view=exchange-ps
If it is not possible to edit the built-in policies, I wonder if CIPP could instead create and manage a new standard Alert Policy that does the same thing using: https://learn.microsoft.com/en-us/powershell/module/exchange/new-protectionalert?view=exchange-ps