diff --git a/detection-rules/predatory_academic_journal.yml b/detection-rules/predatory_academic_journal.yml
index 8209b82d095..abaa1b9ca18 100644
--- a/detection-rules/predatory_academic_journal.yml
+++ b/detection-rules/predatory_academic_journal.yml
@@ -140,6 +140,20 @@ source: |
     // known patterns
     any(body.links, regex.imatch(.href_url.path, '^/ey[a-z]/.{2,}$'))
   )
+  
+  // negate microsoft quarantine messages
+  and not (
+    any(body.links,
+        (
+          strings.icontains(.display_text, "Review Message")
+          or strings.icontains(.display_text, "Passer en revue le message")
+        )
+        and (
+          .href_url.domain.domain == "security.microsoft.com"
+          and .href_url.path == "/quarantine"
+        )
+    )
+  )
 
 attack_types:
   - "BEC/Fraud"