Configuring a Microsoft 365 "Report Message" button

This page includes:

About the Microsoft 365 "Report Message" button

This page applies to:

Microsoft 365 organizations with mailboxes in Exchange Online
Microsoft 365 Inline and Microsoft 365 API integrations

The Microsoft built-in and add-in "Report Message" buttons enable end-users to report phishing and suspicious email in Outlook, that is, to report an email message that they think may be junk or phishing. They can also report an email as being "not junk" - that is, a false positive [clean].

By default, when an end-user uses the "Report Message" button, the resulting report is sent to Microsoft only. You can configure Microsoft 365 in your organization so that each time one of these reports is sent to Microsoft, a copy of the report is sent to Perception Point as well. This enables the Perception Point IR Team to then analyze the reported email, and take the necessary actions.

By default, the Perception Point IR Team won't send feedback to the end-users that report email messages. However, you can request Perception Point Support to configure your organization so that the Perception Point IR Team will send feedback emails to the end-users that report email messages.

The procedures described on this page use the Microsoft Report Message built-in and add-in functionality.

See the available video. [Using the "Report Message" button]

Note:

Before you configure a "Report Message" button as described below, make sure that your domain has an SPF record defined. See About SPF checks.
The "Report Message" button isn’t available for shared mailboxes - it's available to end-users only. This is due to a Microsoft limitation.

Configuring the Microsoft 365 "Report Message" button

Perform the following steps to configure the Microsoft 365 "Report Message" button to send the reports to Perception Point as well:

Step 1: Configuring a mailbox for reported messages

Open a dedicated mailbox on your Microsoft 365 server - all reported messages will be sent to this mailbox. For example, you could create the following mailbox:

reported-messages@acme.com

Note:

The dedicated mailbox must be used for reporting messages only - and not for any other purpose.
For information about how to create a dedicated [shared] mailbox, see the official Microsoft documentation .

Click here [https://security.microsoft.com/securitysettings/userSubmission] to open the Microsoft User reported settings page, and then select if you want to use the built-in reporting functionality or the add-in option.
In the User reported settings page, under "Reported message destinations":
1. From Send reported messages to, select either "My reporting mailbox only" or "Microsoft and my reporting mailbox".
2. Under Add a mailbox to send reported messages to, enter the dedicated mailbox that you created above.

Step 2: Creating a mail flow rule

Create a rule in the Microsoft 365 Exchange Admin Center, that will send reported messages to Perception Point - using the bcc mechanism.

Open the Microsoft 365 Exchange Admin Center [https://admin.exchange.microsoft.com].
In the left navigation panel, click Mail flow > Rules.
Click Add a rule > Create a new rule.

In the Set rule conditions page that opens, configure the following settings:

Name: Submissions to Perception Point
Apply this rule if > The recipient > is this person, and then enter your new dedicated mailbox - that you opened in Step 1 above: for example, reported-messages@acme.com

Under Do the following

Select Add Recipients > to the Bcc Box

Click Select one... and then specify one of the email addresses below: [See the drop-down below for details on how to determine your environment]

Environment of your organization	email address
US	report@report.us.perception-point.io
EU	report@report.eu.perception-point.io
AUS	report@report.aus.perception-point.io

Click Next. The Set rule settings page opens.

No changes are required on this page.
Click Next. The Review and finish page opens.

Review the settings.

Click Finish.

Note: After your finish creating this rule, it is turned off by default until you turn it on from the Rules page in the Microsoft 365 Exchange Admin Center.

Step 3: Requesting feedback emails [Optional]

By default, the Perception Point IR Team won't send feedback to end-users that report email messages using the Report Message button. However, you can request Perception Point Support to configure your organization so that the Perception Point IR Team will send feedback to end-users that report email messages.

To request feedback emails:

Send an email to Perception Point Support [support@perception-point.io], and ask them to enable feedback emails.

You can include the text template below in your email:

Subject: Report Message button - enabling feedback emails
Hi Perception Point Support Team, Organization name: <Your org name> We have enabled the "Report Message" button in our organization. Please can you enable feedback emails from the Perception Point IR Team to the reporting end-users. [Internal Reference: 1140] Please let us know when this has been done. Thank you

Subject: Report Message button - enabling feedback emails

Hi Perception Point Support Team,

Organization name: <Your org name>

We have enabled the "Report Message" button in our organization.

Please can you enable feedback emails from the Perception Point IR Team to the reporting end-users.

[Internal Reference: 1140]

Please let us know when this has been done.

Thank you

After you receive confirmation from Perception Point Support, the the Report Message button should be configured and available in your organization.

The "Report Message" button end-user experience

The procedure below is performed by end-users in Outlook, and includes information about what happens after a message is reported.

In Outlook, open the email that you want to report.
Click Report Message, and then select Junk, Phishing, or Not Junk.

What happens next:

Report Phishing

Report Junk

Report Not junk

The email will be deleted by Microsoft [that is, the email is moved to the user's Deleted Items email folder].

The email will be moved by Microsoft from the user's Inbox to the user's Junk email folder.

The email will be moved by Microsoft from the user's Junk email folder to the user's Inbox.

The Perception Point IR Team will analyze the reported email:

If the Perception Point IR Team agrees that the email is phishing, the scan verdict will be set to malicious - and the email will remain in the Deleted Items email folder.
If the Perception Point IR Team does not agree that the email is phishing - and thinks that the email is clean - the scan verdict will be set to clean, and the file will be moved from the Deleted Items email folder to the Inbox.
If the Perception Point IR Team does not agree that the email is phishing - and thinks that the email is spam - the scan verdict will be set to spam, and the file will remain in the Deleted Items email folder.

Note: The above options apply when the reported email was originally located in the Inbox or the Junk folder.

The scan verdict will be set to spam.
The email will remain in the user's Junk email folder.

The scan verdict will be set to clean.
The email will remain in the user's Inbox.

An email will be sent to the reporting end-user. The email will include the decision of the Perception Point IR Team.

An email will be sent to the reporting end-user. The email will state that the scan verdict was set to spam.

An email will be sent to the reporting end-user. The email will state that the scan verdict was set to clean.

Note that in all cases above, an email will be sent only if feedback emails have been configured for your organization. [See Step 3 above.]

If necessary, the Perception Point IR Team will adjust the scan engines so that a more accurate verdict is assigned to similar emails in the future.

In future, Outlook may classify similar emails as spam and move the emails to the Junk folder. However, this classification is complex, and depends on multiple factors.
No changes are made to the Perception Point X‑Ray scan engines.