A while ago I wrote an article:
in which I encouraged the use of the Report message add in to Outlook.
What you may not realise about this add-in is that not only does it provide a centralised method to manage submissions per:
but user reported messages also trigger an automated investigation:
A security administrator can also manually trigger an investigation by using the Threat Explorer per:
If you want to better understand what Automated investigation and response (AIR) is and does, have look at:
This triggering of an automated investigation by simply using the Report message add in is another simple way to leverage the security tools that Defender for Office 365 provides and reduce administration workload.