Deploy and configure the Report Message add-in to users

The Report Message and Report Phishing add-ins for Outlook make it easy to report phishing to Microsoft and its affiliates for analysis, along with easy triage for admins on the Submissions page at https://security.microsoft.com/reportsubmission?viewid=user.

Depending on whether you're licensed for Defender for Office 365, you also get added functionality such as alerting & automated investigation and response (AIR), which removes the burden from your security operations staff. This guide walks you through configuring the add-in deployment as recommended by the Microsoft Defender for Office 365 team.

Choose between which add-in to deploy

• The Report Phishing add-in provides the option to report only phishing messages
• The Report Message add-in provides the option to report junk, not junk (false positive), and phishing messages
• The built-in Report button in Outlook on the web Learn More

What you need

• Exchange Online Protection (some features require Defender for Office 365 Plan 2).
• Sufficient permissions (Global admin for add-in deployment, security admin for customization).
• 5-10 minutes to perform the steps in this article.

Deploy the add-in for users

1. Login to the Microsoft 365 admin center at https://admin.microsoft.com.
2. On the left nav, press Show All then expand Settings and select Integrated Apps.
3. On the page that loads, press Get Apps.
4. In the page that appears, in the top right Search box, enter Report Message or Report Phishing, and then select Search.
5. Press Get it now on your chosen app within the search results (publisher is Microsoft Corporation).
6. On the flyout that appears, select who to deploy the add-in to. If testing, you might want to use a specific group. Otherwise, configure it for the entire organization. After you make a selection, press Next.
7. Review the permissions, information, and capabilities then press Next.
8. Press Finish deployment (it can take 12-24 hours for the add-in to appear automatically in Outlook clients).

Configure the add-in for users

1. Login to the Microsoft Security portal at https://security.microsoft.com.
2. On the left nav, select Settings and choose Email & collaboration.
3. Select User reported settings.
4. Ensure Monitor report messages in outlook is selected and select use the built-in report button.
5. Under Send the reported messages to choose Microsoft Only (Recommended).

Optional steps – configure notifications

1. On the configuration page from the earlier steps, underneath the User reporting experience, configure the before and after reporting pop-ups title and body if desired. The end users see the before reporting pop-up if Ask me before reporting is also enabled.
2. If you wish for notifications to come from an internal organizational mailbox, select Specify Office 365 email address to use as sender and search for a valid mailbox in your organization to send the notifications from.
3. Press Customize notifications to set up the text sent to reporting users after admin reviews a reported message using Mark & Notify, configure the Phishing, Junk & No threats found options.
4. On the Footer tab, select the global footer to be sent for notifications, along with your organization's logo if appropriate.

Further reading

Learn more about user reported settings User reported settings.

Enable the report message or report phishing add-in Enable the Microsoft Report Message or Report Phishing add-ins.