[Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118692-configure-esa-00.html#anc7, Changing the end user quarantine access setting from None authentication to Mailbox is the correct way to enforce end user authentication before accessing quarantine. This setting requires the end users to enter their email address and password in order to access their personal quarantine on the Cisco ESA., The other options are not valid ways to enforce end user authentication before accessing quarantine, because they do not affect the end user quarantine access setting., References: User Guide for AsyncOS 15.0 for Cisco Secure Email Gateway, page 10-2 and page 10-3., , , ]