The end user typically receives a quarantine report:

As soon as the email is released through a web action, the email is deleted. The Antispam log will show the email has been released, followed by the web delete.

This is caused by Microsoft ATP/Defender for Office 365. An additional rule must be created to bypass the ATP scans of the messages sent by FortiMail. 

The following steps must be completed to create the rule:

1. Create a new mail flow rule in the Microsoft 365 Exchange admin center.
2. Set the name rule following the nomenclature.
3. From the Apply this rule if…. drop-down menu, select the sender, then select IP address is in any of these ranges or exactly matches. Enter the FortiMail IP Address.
4. From the Do the following… drop-down menu, select Modify the message properties... and then set a message header. Select the first *Enter text... link and set the message header to 'X-MS-Exchange-Organization-SkipSafeLinksProcessing'. Select the second *Enter text... link and set the value to '1'. Select Next and then Save.
5. Enable the rule.
   
   

 Once this is done, the deletion should not be performed by Microsoft Defender for Office 365.

Note:

Modern Office 365 Settings need to be set under 'Do the following', the option 'Set a header message' instead of 'remove a message header'.  Consider which option fits best.