Configuring a Microsoft 365 "Report Message" button

This page includes:

About the Microsoft 365 "Report Message" button

This page applies to:

  • Microsoft 365 organizations with mailboxes in Exchange Online

  • Microsoft 365 Inline and Microsoft 365 API integrations

The Microsoft built-in and add-in "Report Message" buttons enable end-users to report phishing and suspicious email in Outlook, that is, to report an email message that they think may be junk or phishing. They can also report an email as being "not junk" - that is, a false positive [clean].

By default, when an end-user uses the "Report Message" button, the resulting report is sent to Microsoft only. You can configure Microsoft 365 in your organization so that each time one of these reports is sent to Microsoft, a copy of the report is sent to FortiMail Workspace Security as well. This enables the FortiMail Workspace Security IR Team to then analyze the reported email, and take the necessary actions.

By default, the FortiMail Workspace Security IR Team won't send feedback to the end-users that report email messages. However, you can configure FortiMail Workspace Security so that the FortiMail Workspace Security IR Team will send feedback emails to the end-users that report email messages. For details, see Step 3: Configuring feedback emails [Optional] below.

The procedures described on this page use the Microsoft Report Message built-in and add-in functionality.

See the available video. [Using the "Report Message" button]

Note:

  • Before you configure a "Report Message" button as described below, make sure that your domain has an SPF record defined. See About SPF checks.

  • The "Report Message" button isn’t available for shared mailboxes - it's available to end-users only. This is due to a Microsoft limitation.

See also: Integrating the KnowBe4 Phish Alert button - PAB

Configuring the Microsoft 365 "Report Message" button

Perform the following steps to configure the Microsoft 365 "Report Message" button to send the reports to FortiMail Workspace Security as well:

  1. Open a dedicated mailbox on your Microsoft 365 server - all reported messages will be sent to this mailbox. For example, you could create the following mailbox:

    reported-messages@acme.com

    Note:

    • The dedicated mailbox must be used for reporting messages only - and not for any other purpose.

    • For information about how to create a dedicated [shared] mailbox, see the official Microsoft documentation .

  2. Click here [https://security.microsoft.com/securitysettings/userSubmission] to open the Microsoft User reported settings page, and then select if you want to use the built-in reporting functionality or the add-in option.

  3. In the User reported settings page, under "Reported message destinations":

    1. From Send reported messages to, select either "My reporting mailbox only" or "Microsoft and my reporting mailbox".

    2. Under Add a mailbox to send reported messages to, enter the dedicated mailbox that you created above.

Create a rule in the Microsoft 365 Exchange Admin Center, that will send reported messages to FortiMail Workspace Security - using the bcc mechanism.

  1. Open the Microsoft 365 Exchange Admin Center [https://admin.exchange.microsoft.com].
  2. In the left navigation panel, click Mail flow > Rules.
  3. Click Add a rule > Create a new rule.

  4. In the Set rule conditions page that opens, configure the following settings:

    1. Name: Submissions to Perception Point

    2. Apply this rule if > The recipient > is this person, and then enter your new dedicated mailbox - that you opened in Step 1 above: for example, reported-messages@acme.com

    3. Under Do the following

      1. Select Add Recipients > to the Bcc Box

      2. Click Select one... and then specify one of the email addresses below: [See the drop-down below for details on how to determine your environment]

        Environment of your organization

        email address

        US

        report@report.us.perception-point.io

        EU

        report@report.eu.perception-point.io

        AUS

        report@report.aus.perception-point.io

        1. In FortiMail Workspace Security, go to Settings > Account.

        2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

  5. Click Next. The Set rule settings page opens.

    No changes are required on this page.

  6. Click Next. The Review and finish page opens.

    Review the settings.

  7. Click Finish.

    Note: After your finish creating this rule, it is turned off by default until you turn it on from the Rules page in the Microsoft 365 Exchange Admin Center.

 

By default, the FortiMail Workspace Security IR Team won't send feedback to end-users that report email messages using the Report Message button. However, you can configure FortiMail Workspace Security so that the FortiMail Workspace Security IR Team will send feedback to end-users that report email messages.

To configure feedback emails to be sent:

  1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Account.

  2. Scroll down to the Alerts and Reports section, and then click Edit [].

  3. Scroll down to "End User Alerts and Reports".

  4. Enable the "Notify requester upon investigation handling" option.

  5. Click Save.

For details, see Notify requester upon investigation handling.

The "Report Message" button end-user experience

The procedure below is performed by end-users in Outlook, and includes information about what happens after a message is reported.

  1. In Outlook, open the email that you want to report.

  2. Click Report Message, and then select Junk, Phishing, or Not Junk.

    An email will be sent to the dedicated email address specified above. The end-user will be able to see this email in the Sent Items folder.

  3. What happens next:

     

    Report Phishing

    Report Junk

    Report Not junk

    a

    The reported email will be deleted by Microsoft [that is, the email is moved to the user's Deleted Items email folder].

    The reported email will be moved by Microsoft from the user's Inbox to the user's Junk email folder.

    The reported email will be moved by Microsoft from the user's Junk email folder to the user's Inbox.

    b

    The FortiMail Workspace Security IR Team will analyze the reported email:

    • If the FortiMail Workspace Security IR Team agrees that the email is phishing, the scan verdict will be set to malicious - and the email will remain in the Deleted Items email folder.

    • If the FortiMail Workspace Security IR Team does not agree that the email is phishing - and thinks that the email is clean - the scan verdict will be set to clean, and the file will be moved from the Deleted Items email folder to the Inbox.

    • If the FortiMail Workspace Security IR Team does not agree that the email is phishing - and thinks that the email is spam - the scan verdict will be set to spam, and the file will remain in the Deleted Items email folder.

    Note: The above options apply when the reported email was originally located in the Inbox or the Junk folder.

    • The scan verdict will be set to spam.

    • The email will remain in the user's Junk email folder.

    • The scan verdict will be set to clean.

    • The email will remain in the user's Inbox.

    c

    • An email will be sent to the reporting end-user. The email will include the decision of the FortiMail Workspace Security IR Team.

    • An email will be sent to the reporting end-user. The email will state that the scan verdict was set to spam.

    • An email will be sent to the reporting end-user. The email will state that the scan verdict was set to clean.

    Note that in all cases above, an email will be sent only if feedback emails have been configured for your organization. [See Step 3 above.]

    d

    If necessary, the FortiMail Workspace Security IR Team will adjust the scan engines so that a more accurate verdict is assigned to similar emails in the future.

    • In future, Outlook may classify similar emails as spam and move the emails to the Junk folder. However, this classification is complex, and depends on multiple factors.

    • No changes are made to the FortiMail Workspace Security scan engines.

    		  

See also: