Share via

SOLVED: "Report message" button missing from message trace

Graeme LOCKETT 5 Reputation points
2024-03-05T19:06:46.06+00:00

Hi.

We have a hybrid exchange/O365 setup. Our helpdesk staff have exchange admin permissions and can access the Message trace. They are also Quarantine admins and can submit items to Microsoft from the quarantine but from the message trace they do not have the "Report Message" button. In our test domain, I have configured a standard user, granted exchange admin permissions and provided the following permissions (see below). The test "helpdesk" user has the report button available. However, in the hybrid exchange setup this doesn't work. Any thoughts?

  • Microsoft Defender XDR Unified role based access control (RBAC) (Affects the Defender portal only, not PowerShell): Security operations/Security data/Response (manage)
  • Email & collaboration permissions in the Microsoft Defender portal: Membership in the Security Administrator or Security Reader role groups.
  • Microsoft Entra permissions: Membership in the Security Administrator or Security Reader roles gives users the required permissions and permissions for other features in Microsoft 365.
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,960 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Graeme LOCKETT 5 Reputation points
    2024-04-03T02:47:58.7333333+00:00

    I tried the MS recommended documentation it didn't work for me. Our helpdesk users were already assigned the "Global READER" role and this prevented me from adding the security reader role to them. It turns out that global reader isn't quite as global as you think. I added the security reader role to a group containing these users, waited 24 hours and things worked. I suspect I had already tried this solution previously but didn't wait long enough for the MS permissions to apply.

    Requirements in order to be able to submit emails to MS submissions from Message trace

    These roles have been assigned to a group in our environment https://security.microsoft.com/securitypermissions?

    You need to be assigned permissions before you can do the procedures in this article. You have the following options:

    Microsoft Defender XDR Unified role based access control (RBAC) (Affects the Defender portal only, not PowerShell): Security operations/Security data/Response (manage) or Security operations/Security data/Read-only.

    Email & collaboration permissions in the Microsoft Defender portal: Membership in the Security Administrator or Security Reader role groups.

    Microsoft Entra permissions: Membership in the Security Administrator or Security Reader roles gives users the required permissions and permissions for other features in Microsoft 365.

    1 person found this answer helpful.
  2. Jayce Yang-MSFT 1,251 Reputation points Microsoft Vendor
    2024-03-06T03:28:24.1733333+00:00

    You mentioned,“ but from the message trace they do not have the "Report Message" button.”, sorry I didn’t find the Report Messge button in Message trace, could you please provide the screenshot for this?

    Based on my experience, the Report Message is Outlook add-ins, which make it easy for Outlook to report phishing to Microsoft and its affiliates for analysis, along with easy triage for admins on the Submissions page at https://security.microsoft.com/reportsubmission?viewid=user.

    So please confirm if you have deployed this add-in, and check it in Outlook client.

    Picture1

    You could refer to this official document:

    How-to deploy and configure the report message add-in | Microsoft Learn

    Please note:

    ·        Sufficient permissions (Global admin for add-in deployment, security admin for customization)

     

    0 comments
  3. Graeme LOCKETT 5 Reputation points
    2024-03-07T02:58:22.8366667+00:00

    Screenshot

  4. Jayce Yang-MSFT 1,251 Reputation points Microsoft Vendor
    2024-03-18T09:20:43.9066667+00:00

    Great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer : )

    Issue Symptom: "Report message" button missing from message trace Resolution: The admin users who could previously report messages from message trace report that it no longer works. Clicking "report message" now just redirects you to the emails tabe on the submissions page. So now if you are under fire from a phishing attack an admin has to go to a user machine to report it. Then from the "User reported" submissions screen, submit it to Microsoft.

    0 comments
  5. Graeme LOCKETT 5 Reputation points
    2024-03-18T21:13:28.73+00:00

    Works just fine for tenant admins but not for users with restricted permissions. I have a case open with MS and will report back when working. Suggestions my MS tech so far haven't worked.