Sunday, 23 Jun 2024
Technology

Enable the Microsoft Report Message or Report Phishing Add-ins

Outlook Report Message

The Microsoft Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App or OWA) make it easy for users to report false positives and false negatives to Microsoft for analysis. False positives are good emails that were blocked or sent to the Junk Email folder, while false negatives are unwanted emails or phishing attempts that were delivered to the Inbox.

Microsoft uses these user-reported messages to improve the effectiveness of email protection technologies. For example, if many messages are reported using the Report Phishing add-in, this information surfaces in the Security Dashboard and other reports. Your organization’s security team can use this information as an indication that anti-phishing policies might need to be updated.

The Report Message add-in provides the option to report both spam and phishing messages, while the Report Phishing add-in provides the option to report phishing messages only.

Admins can install and enable the add-ins for the organization through Centralized Deployment, while individual users can install the add-ins for themselves.

After the add-in is installed and enabled, users will see the following icons based on their Outlook client:

  • Outlook for Windows:

    • The Report Message icon in the Classic Ribbon.
    • The Report Message icon in the Simplified Ribbon: Select More commands > Report Message in the Protection section.
    • The Report Phishing icon in the Classic Ribbon.
    • The Report Phishing icon in the Simplified Ribbon: Select More commands > Report phishing in the Protection section.
  • Outlook on the web:

    • The Report Message add-in.
    • The Report Phishing add-in.

What do you need to know before you begin?

  • You need to be assigned permissions before you can perform the procedures in this article. You have the following options:

    • Microsoft Defender XDR Unified role-based access control (RBAC): Security operations/Security data/Response (manage) or Security operations/Security data/Read-only (Affects the Defender portal only, not PowerShell).
    • Email & collaboration permissions in the Microsoft Defender portal: Membership in the Organization Management role group.
    • Exchange Online permissions: Membership in the Organization Management role group.
    • Microsoft Entra permissions: Membership in the Global Administrator role gives users the required permissions and permissions for other features in Microsoft 365.
  • For organizational installs, the organization needs to be configured to use OAuth authentication. For more information, see Determine if Centralized Deployment of add-ins works for your organization.

  • The Report Message and Report Phishing add-ins work with most Microsoft 365 subscriptions and the following products:

    • Outlook on the web.
    • Outlook 2013 SP1 or later.
    • Outlook 2016 for Mac.
    • Outlook included with Microsoft 365 apps for Enterprise.
    • Outlook for iOS and Android.
  • Reporting messages in shared mailboxes or other mailboxes by a delegate using the add-ins isn’t supported. Messages aren’t sent to the reporting mailbox or to Microsoft. Built-in reporting in Outlook on the web in shared mailboxes or other mailboxes by a delegate is supported. Messages are sent to the reporting mailbox or to Microsoft.

  • The add-ins aren’t available for on-premises Exchange mailboxes.

  • For more information on how to report a message using reporting in Outlook, see Report false positives and false negatives in Outlook.

  • If the User reported settings in the organization send user-reported messages (email and Microsoft Teams) to Microsoft (exclusively or in addition to the reporting mailbox), we do the same checks as when admins submit messages to Microsoft for analysis from the Submissions page:

    • Email authentication check (email messages only): Whether email authentication passed or failed when it was delivered.
    • Policy hits: Information about any policies or overrides that might have allowed or blocked the incoming email into the organization, thus overriding our filtering verdicts.
    • Payload reputation/detonation: Up-to-date examination of any URLs and attachments in the message.
    • Grader analysis: Review done by human graders to confirm whether or not messages are malicious.
  • Organizations that use URL filtering or a third-party security solution (e.g., a proxy and/or firewall) must be able to reach the following URLs using the HTTPS protocol:

    • ipagave.azurewebsites.net
    • outlook.office.com
Tham Khảo Thêm:  How to Create Instagram Stories on Android and iPhone

Admin instructions

Install and configure the Report Message or Report Phishing add-ins for the organization.

Get the Report Message or Report Phishing add-in for your organization

  1. In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to go directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.

  2. On the Integrated apps page, select Get apps.

  3. In the Microsoft 365 Apps page that opens, enter Report Message in the Search box. In the search results, select Get it now in the Report Message entry or the Report Phishing entry to start the Deploy New App wizard.

  4. On the Add users page, configure the following settings:

    • Is this a test deployment?: Leave the toggle at No, or set the toggle to Yes.

    • Assign users: Select one of the following values:

      • Just me
      • Entire organization
      • Specific users/groups: Find and select users and groups in the search box. After each selection, the user or group appears in the To be added section that appears below the search box. To remove a selection, select the entry.
    • Email notification: By default, Send email notification to assigned users is selected. Select View email sample to open Add-in deployment email alerts.

  5. When you’re finished on the Add users page, select Next.

  6. On the Accept permissions requests page, read the app permissions and capabilities information carefully before you select Next.

  7. On the Review and finish deployment page, review your settings. Select Back to make changes. When you’re finished on the Review and finish deployment page, select Finish deployment. A progress indicator appears on the Review and finish deployment page.

  8. On the Deployment completed page, you can select View this deployment to close the page and go to the details of the add-in. Or, select Done to close the page.

Tham Khảo Thêm:  6 Ways to Secure Your YouTube TV Account

Get the Report Message or the Report Phishing add-ins for your Microsoft 365 GCC or GCC High organization

Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High need to use the steps in this section to get the Report Message or Report Phishing add-ins for their organizations. These steps apply to Outlook and Outlook on the web (formerly known as Outlook Web App or OWA) and don’t apply to Outlook for iOS and Android.

  1. In the Microsoft 365 admin center at https://portal.office365.us/adminportal/home#/Settings/AddIns, select Settings > Add-ins > Deploy Add-in > Upload custom apps.

  2. In the Upload custom apps flyout that opens, select I have a URL for the manifest file.

  3. In the Add from URL dialog that opens, enter one of the following URLs:

When you’re finished, select Install. In the success dialog, select OK.

  1. Back on the Add-ins page, select the add-in you installed, and then select Edit.

  2. In the add-in properties dialog that opens, confirm or modify the following settings:

    • Make this add-in available to users in your organization.
    • Specify user defaults: Select one of the following settings:
      • Optional, enabled by default
      • Optional, disabled by default
      • Mandatory, always enabled. Users can’t disable this add-in.

When you’re finished, select Save.

  1. To fully configure user-reported message settings, see User reported settings.

View and edit settings for the Report Message or Report Phishing add-ins

  1. In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to go directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.

  2. On the Deployed apps tab of the Integrated apps page, select the Report Message add-in or the Report Phishing add-in by doing one of the following steps:

    • In the Name column, select the icon or text for the add-in. This selection takes you to the Overview tab in the details flyout as described in the next steps.
    • In the Name column, select Edit row, and then select Edit users to go to the Users tab in the details flyout as described in the next step.
    • In the Name column, select Edit row, and then select Check usage data to go to the Usage tab in the details flyout as described in the next step.
  3. The details flyout that opens contains the following tabs:

  • Overview tab:

    • Basic info section:

      • Status
      • Type: Add-in
      • Test deployment: Yes or No, depending on the option you selected when you deployed the add-in or the selection you change on the Users tab.
      • Description
      • Host product: Outlook
    • Actions section: Select Remove app to remove the app.

    • Assigned users section: Select Edit users to go to the Users tab.

    • Usage section: Select Check usage data to go to the Usage tab.

  • Users tab:

    • Is this a test deployment?: Leave the toggle at No, or set the toggle to Yes.
    • Assign users section: Select one of the following values:
      • Just me
      • Entire organization
      • Specific users/groups: Find and select users and groups in the search box. After each selection, the user or group appears in the Added users section that appears below the search box. To remove a selection, select the entry.
    • Email notification section: Send email notification to assigned users and View email sample aren’t selectable.

    If you made any updates on this tab, select Update to save your changes.

  • Usage tab: The chart and details table show the number of active users over time.

    • Filter the Date range to 7 days, 30 days (default), or 90 days.
    • In the Report column, select Download to download the information filtered by Date range to the file named UsageData.csv.
Tham Khảo Thêm:  How to Delete a Discord Account Permanently

When you’re finished viewing the information on the tabs, select Close to close the details flyout.

User instructions

Get the Report Message or Report Phishing add-ins for yourself

  1. Do either of the following steps:
  1. On the details page of the add-in, select Get it now.

  2. If prompted, sign in with your Microsoft account credentials.

  3. When the installation is finished, you will get the following Launch page:

Get the Report Message or the Report Phishing add-ins for yourself in Microsoft 365 GCC or GCC High

Individual users in Microsoft 365 GCC or GCC High can’t get the Report Message or Report Phishing add-ins using the Microsoft commercial marketplace.

Use the Report Message or the Report Phishing add-ins

In supported versions of Outlook, use the Report Message or the Report Phishing add-ins to submit false positives and false negatives. For more information, see Report false positives and false negatives in Outlook.

Frequently Asked Questions

Coming Soon

Conclusion

In conclusion, the Microsoft Report Message and Report Phishing add-ins provide users with a convenient way to report false positives and false negatives to Microsoft. By enabling these add-ins for your organization, you can help improve the effectiveness of email protection technologies and ensure a safer email experience for everyone. Install and configure the add-ins today to enhance your organization’s security posture.

For more information about Eireview and to stay up to date with the latest technology trends, visit Eireview.