Microsoft Defender Email Reporter Add-In
About Microsoft Defender Email Reporter Add-In
The platform supports Microsoft reporter add-in features and provides more features to the current suspicious email reporter add-in. The add-in works with Outlook Desktop, Outlook Web Access, and Office 365 to allow users who use the Phishing Reporter add-in to report suspicious emails to Microsoft and show it on the Defender portal as well as manage how your Microsoft 365 email account treats these messages. If a customer has a license for the Incident Responder, then the suspicious emails can be reported to the Incident Responder module to analyze the reported emails with multiple integrated analyzing engines.
Microsoft Defender Add-In Features
The below list shows which feature the Microsoft Defender add-in is supported by the platform.
Reports Phishing Campaigns
The phishing campaign emails sent by the platform can be reported and the user will show up as reported on the campaign report on the platform.
Junk, Not Junk, Phishing Options
The add-in supports Junk, Not Junk, and Phishing options to report an email with one of the options.
Microsoft Emails for the Reported Emails
When a user reports a suspicious email by using the add-in. Depending on the choice of the option chosen by the user, the email will be reported to the following email address that belongs to Microsoft.
Junk
Junk email messages are typically referred to as Junk. These are messages that you don't want to receive that may be advertising products you don't use or find offensive.
If the user marks the email as Junk, then the suspicious email will be reported to a dedicated inbox like cybersecurity@example.com.
The email change option is configurable on the ‘Send Suspicious Emails To’ field when generating the add-in on the platform.
Not Junk
If you know the sender and you're expecting the message, or if you receive a message that's mistakenly marked as junk, you can use the add-in to mark the message as Not Junk. This will move the message from the Junk Email folder back to your Inbox.
If the user marks the email as Not Junk, then the suspicious email will be reported to a dedicated inbox like cybersecurity@example.com.
The email change option is configurable on the ‘Send Suspicious Emails To’ field when generating the add-in on the platform.
Phishing
Phishing is the practice of luring you into disclosing personal information, such as bank account numbers and passwords. Often phishing messages look legitimate but have deceptive links that actually open fake websites.
If the user marks the email as Phishing Junk, then the suspicious email will be reported to a dedicated inbox like cybersecurity@example.com.
The email change option is configurable on the ‘Send Suspicious Emails To’ field when generating the add-in on the platform.
Defender Portal
The reported emails will be sent to the Defender portal under the Submission pages. If you want to show reported emails to show up on the portal, please make sure you set up the email address correctly while generating the add-on and change the settings which you can find under the ‘Before Start’ title.
Incident Responder
If a customer has a license for the Incident Responder, then the suspicious emails can be reported to the Incident Responder module to analyze the reported emails with multiple integrated analyzing engines.
How to Configure Add-In
You can follow the following steps to learn how to configure the Microsoft Defender based add-in.
How to Configure Add-in
You can now click the Download button to download the XML add-in.
Log in to the platform.
Go to Incident Responder > Phishing Reporter menu.
Customize necessary fields such as Add-In Name, Brand Name, and Message fields.
Please write a dedicated inbox email address such as cybersecurity@example.com to the ‘Send Suspicious Emails To’ field.
From the Other Optional Features field, choose the following options: Send a copy of the email to Microsoft Defender, Don't Report Phishing Campaign to Microsoft Defender, Report Phishing Campaign
And then click the Save button.
You can now click the Download button to download the XML add-in.
Before Test or Publish the Add-In
This is a mandatory setting for the add-in to work and show reported emails on the defender portal. You can configure third-party message reporting tools to send reported messages to the custom mailbox.
Click the https://security.microsoft.com/threatpolicy URL
Go to Policies & rules > Threat policies > Others > “User reported message settings” and follow the below steps.
You would do this by setting the Microsoft Outlook Report Message button setting to Off
and setting the My organization's mailbox to an Office 365 mailbox of your choice.
More information about this option is here.
How to Deploy Add-in in Microsoft 365
You can find the deployment document here.
FAQ
Q: If the user reported a simulated Phishing Campaign, what will happen?
A: The add-in will show a standard “thank you message” to the user and report this activity to the campaign report but will not forward the email to the dedicated SOC inbox or Microsoft Defender.
Last updated