Providing feedback on user reported messages

Hopefully, you are aware that Microsoft 365 provides users the ability to report a suspected email. I have spoken about this here:

Improved security is a shared responsibility

image

What you may not be aware of is that these submissions can viewed and action in the Microsoft Security Center:

https://security.microsoft.com

under the Submissions menu option as shown above.

You may also not be aware that there are further actions you can take in here:

image

You can provide feedback directly to the user about their submission using the Mark as an notify option as shown above.

image

Doing so will send the user an email, like that shown above, to provide feedback about that submission for the user. Doing provides important reinforcement of users remaining vigilant as well as helping them better identify threats.

image

 You’ll also find actions you can take on that message that will provide feedback directly to Microsoft, as shown above.

image

Even better, if you go into Policies & rules | Threat Policies | User submissions you are able to customise what is sent to the user, both before and after reporting as shown above.

For more information on these capabilities visit:

Admin review for reported messages

Getting users involved in security is important. Part of that is providing them feedback and recognition of their contribution, no matter how small. Using these capabilities for reported messages, you are able to do that quickly and easily.

4 thoughts on “Providing feedback on user reported messages

  1. One thing I wonder is if the user reports a message and it ends up in “user reported messages” and Microsoft publishes a “Rescan result”, what does “Submit to Microsoft for analysis” do? Didn’t the user submission to exactly that? Or did the user submission only submit it to us as admin and not Microsoft?

    Like

    1. I would suggest there is, or will be the option to pass to MS if desired. Failing that it is flagged for the admin to review and act on. There may also be a timeout so that if not acted upon by an admin after a certain time period it is automatically sent to MS.

      Like

      1. You would hope Microsoft (either their people or their AI) will learn from user submissions too. We get around 500 user submissions a month and does not always have the time to go through them all and submit them to Microsoft.

        Like

      2. It is my understanding that submitted messages add to the intelligence your tenant and that of the whole eco-system. I am sure you can configure them to go straight to MS if you wish as they have always done.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s