the Admin can report:
If you are on-prem and using Hybrid Modern Auth:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide#use-the-report-message-and-report-phishing-add-ins-in-outlook