When you consider that malicious and suspicious emails cause some of the biggest problems in the modern business world, it is not surprising that Microsoft Outlook – one of the leading email clients available – offers built-in report button methods to report concerning emails to Microsoft. In addition to reporting bad emails that can be quickly moved to spam or junk email folders, it is also important to identify good emails that might have been accidentally blocked so they are no longer in the system. It would be awful to miss an essential email from a customer, client, or colleague, so it is crucial that your network security services stay on top of good and bad emails by using the built-in report button and options provided by Microsoft for this purpose.
How Does It Work?
Companies that are using Microsoft 365 have a lot of options and advantages at their fingertips to assist in the avoidance of suspicious and phishing emails that could wreak havoc within the network. If your company has mailboxes in Exchange Online, your employees can report phishing emails or concerning emails in Outlook to be sorted by your IT department or admin team. Free tools are available from Microsoft designed to allow quick and easy reporting. Taking the time to train your staff – and offering ongoing support to them, as well – will go a long way toward protecting your business from attacks that can come through seemingly innocent emails.
The tools that you should be using for this purpose include:
- Microsoft Report Message add-ins – work on all Outlook platforms, including Outlook on the web
- Microsoft Report Phishing add-ins – work on all Outlook platforms, including Outlook on the web
- Built-in Reporting – already included in Outlook on the web, not available in other Outlook platforms at this time
Your IT management team can use these tools to help you stay on top of good and bad emails. The admins will configure the messages reported by individual team members within a specified reporting mailbox. This can be done on a case-by-case basis in-house, as well as offer the option to report suspicious emails directly to Microsoft. Within the Microsoft Defender portal, your IT team can view the reported messages under the “user reported” tab, as well as on the “submissions” page for easy access. How you handle these emails will be determined by the nature of the email, the seriousness of the threat, and other unique parameters to your business.
Using the Built-in Report Button for Outlook on the Web
If you and your staff take advantage of email services via Outlook on the Web, then you can by all means use the included built-in Report button. However, it is important to note that this feature can only be used if “user reporting” is turned on and if your IT staff has configured the “user reported settings” to ensure proper submission of reported messages. There are certain instances when the built-in Report button won’t be available, including having “user reporting” turned off or by installing a non-Microsoft button.
There are currently two methods supported by the Report button in Outlook on the web for shared mailboxes, including:
- Use of “send as” or “send on behalf” permissions for the individual user
- Addition of “read and manage” permissions for the shared user in addition to “send as” and “send on behalf,” for reporting messages.
Users can report one or more suspicious and phishing messages at a time using two options in Outlook on the web, which includes:
- Reporting as Junk directly from the Inbox or any email folder, except the Junk Email folder
- Report as Phishing directly from the Inbox or any email folder, including the Junk Email folder
The reporting mailbox that is collected in-house by your IT department, off-site by a managing company like Synivate, or sent directly to Microsoft, will generate sorted folders to allow for review of the reported messages. The two folders, which include Reported as Junk and Reported as Phishing, have two separate actions associated with them. The Junk messages go directly to a Junk Email folder for review as either good or bad messages. The Phishing messages are automatically deleted, to avoid any possible damage to the system as network security services. Administrators can also select Report and then “not junk” from the dropdown menu to remove messages previously considered suspicious from the queue.
Using Report Phishing and Report Message Add-ins in Outlook
The previous tips were for the use of a built-in report button found in Outlook on the web. This section covers how to use add-in options to allow for the report of suspicious messages and phishing messages in other Outlook platforms, outside of Outlook on the web. The use of two add-ins, specifically Report Phishing add-ins and Report Message add-ins must be installed in order to provide these network security services and allow for user-reporting in Outlook. When you work with our team at Synivate to help set up these reporting options, we will take into consideration the versions of these add-ins that will be required, as well as the versions of the Outlook platform that are compatible with these tools.
The Report Message and Report Phishing add-ins allow users to report junk and potential phishing messages in Outlook:
- Reporting as Junk directly from the Inbox or any email folder, except the Junk email folder
- Reporting as Phishing directly from the Inbox or any email folder, including the Junk Email folder
The user simply selects an email message from the list and selects “Report Message” and then check either “Junk” or “Phishing” from the dropdown list. Based on the reported settings set up by your IT department or management service, the messages will either be sent to the in-house reporting mailbox for review, to Microsoft, or both. This is similar to the method used for the Outlook on the web built-in report button. Messages that are reported as junk will be moved to the admin’s Junk Email folder and messages reported as phishing will be automatically deleted. For items reported as “Junk” that aren’t actually junk, the admin team can use the dropdown menu to select “Not Junk” so it will be identified as a good email in the future.
What Does Microsoft Do with Reported Messages?
When you and your IT team decide to send off messages that were reported or identified as phishing or suspicious emails, you have the option to also forward them on to Microsoft for review. The admin team can use the “user reported” tab that is found within the “submissions” page inside Microsoft Defender to review any messages that have gone on to Microsoft to determine their status. For better organization, these entries can be sorted simply by clicking on the column header, choosing to arrange by name and type, reported by, date reported, sender, reported reason, and result. The option for result can be further configured, according to the needs of your IT team as part of your overall network security services and preventive measures.
Some of the information made available from Microsoft-reported messages include:
- Payload reputation or detonation with up to date data of any file attachments or URLs contained in the message
- Grader analysis, which is a review done by human graders to confirm the malicious nature of the messages
- Policy hits to identify any policies that may have allowed or blocked the message, as well as overrides to the filtering process
An ID number is assigned to the messages that are reported, and the associated data includes the sender IP, phish simulation, and dates that the item was marked, received, and any relevant tags. All of this information is necessary to fine-tune the filters and policies set by your organization to prevent the spread of malicious or phishing emails within the company. Once again, employee education, training, and ongoing support is vital to the continued success of these methods to avoid these types of emails from ever being opened.
Network Security Services for SMBs
At Synivate, we take pride in our ability to create custom network security services for our clients based on their individual needs and industry requirements. Our many years of experience working in this field, as well as our diverse team of knowledgeable technicians and engineers, can work together with you and your company to create a comprehensive program designed to protect your essential data from internal and outside threats. To learn more about all of the services we provide, give us a call at 517-617-0704 and speak with one of our friendly consultants. We can answer any questions you might have about any of the innovative technology solutions we offer to small and medium-sized businesses in the Greater Boston area.