A while ago I wrote an article:
Improved security is a shared responsibility
in which I encouraged the use of the Report message add in to Outlook.
What you may not realise about this add-in is that not only does it provide a centralised method to manage submissions per:
Providing feedback on user reported messages
but user reported messages also trigger an automated investigation:
What alert policies trigger automated investigations?
A security administrator can also manually trigger an investigation by using the Threat Explorer per:
Example: A security administrator triggers an investigation from Threat Explorer
If you want to better understand what Automated investigation and response (AIR) is and does, have look at:
AIR in Microsoft Defender for Office 365
This triggering of an automated investigation by simply using the Report message add in is another simple way to leverage the security tools that Defender for Office 365 provides and reduce administration workload.
CIAOPS 