Providing feedback on user reported messages

Hopefully, you are aware that Microsoft 365 provides users the ability to report a suspected email. I have spoken about this here:

Improved security is a shared responsibility

What you may not be aware of is that these submissions can viewed and action in the Microsoft Security Center:

https://security.microsoft.com

under the Submissions menu option as shown above.

You may also not be aware that there are further actions you can take in here:

You can provide feedback directly to the user about their submission using the Mark as an notify option as shown above.

Doing so will send the user an email, like that shown above, to provide feedback about that submission for the user. Doing provides important reinforcement of users remaining vigilant as well as helping them better identify threats.

You’ll also find actions you can take on that message that will provide feedback directly to Microsoft, as shown above.

Even better, if you go into Policies & rules | Threat Policies | User submissions you are able to customise what is sent to the user, both before and after reporting as shown above.

For more information on these capabilities visit:

Admin review for reported messages

Getting users involved in security is important. Part of that is providing them feedback and recognition of their contribution, no matter how small. Using these capabilities for reported messages, you are able to do that quickly and easily.

5 thoughts on “Providing feedback on user reported messages”

One thing I wonder is if the user reports a message and it ends up in “user reported messages” and Microsoft publishes a “Rescan result”, what does “Submit to Microsoft for analysis” do? Didn’t the user submission to exactly that? Or did the user submission only submit it to us as admin and not Microsoft?

LikeLike

directorcia says:

October 15, 2021 at 10:49 pm

I would suggest there is, or will be the option to pass to MS if desired. Failing that it is flagged for the admin to review and act on. There may also be a timeout so that if not acted upon by an admin after a certain time period it is automatically sent to MS.

LikeLike

Reply
1. jones1337 says:
  
  October 15, 2021 at 11:41 pm
  
  You would hope Microsoft (either their people or their AI) will learn from user submissions too. We get around 500 user submissions a month and does not always have the time to go through them all and submit them to Microsoft.
  
  LikeLike
2. directorcia says:
  
  October 16, 2021 at 9:24 am
  
  It is my understanding that submitted messages add to the intelligence your tenant and that of the whole eco-system. I am sure you can configure them to go straight to MS if you wish as they have always done.
  
  LikeLike