Edit

Admin review for user reported messages

  • Article
  • 3 minutes to read

Tip

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

Applies to

In Microsoft 365 organizations with Exchange Online mailboxes and Microsoft Defender for Office 365, admins can send templated messages back to end users after an admin has reviewed the reported messages. You can customize the templates for your organization and for the admin verdict.

The feature is designed to give feedback to your users but doesn't change the verdicts of messages in the system. To help Microsoft update and improve its filters, you need to submit messages for analysis using Admin submission.

You will only be able to mark and notify users of review results if the message was reported as a false positives or false negatives.

What do you need to know before you begin?

Notify users from within the portal

  1. In the Microsoft 365 Defender portal at https://security.microsoft.com, go to the Submissions page at Email & collaboration > Submissions > User reported tab. To go directly to the User reported tab, use https://security.microsoft.com/reportsubmission?viewid=user.

  2. On the User reported tab, find and select the message, select Mark as and notify, and then select one of the following values from the dropdown list:

    • No threats found
    • Phishing
    • Spam

    The page displaying the user-reported messages

The reported message will be marked as No threats found, Phishing, or Spam, and an email will be automatically sent to notify the user who reported the message.

Customize the messages used to notify users

  1. In the Microsoft 365 Defender portal at https://security.microsoft.com, go to the User reported page at Settings > Email & collaboration > User reported tab. To go directly to the User reported page, use https://security.microsoft.com/securitysettings/userSubmission.

  2. On the User reported page, verify that the toggle at the top of the page is Toggle On On.

  3. Find the Email sent to user after admin review section and configure one or more of the following settings:

    • Specify an Office 365 mailbox to send email notifications from: Select this option and enter the sender's email address in the box that appears.

    • Replace the Microsoft logo with my company logo: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, you need to follow the instructions in Customize the Microsoft 365 theme for your organization to upload your custom logo. This option is not supported if your organization has a custom logo pointing to a URL instead of an uploaded image file.

    • Customize email notification messages: Click this link to customize the email notification that's sent after an admin reviews and marks a reported message. In the Customize admin review email notifications flyout that appears, configure the following settings on the Phishing, Junk and No threats found tabs:

      • Email box results text: Enter the custom text to use.
        • Footer tab: The following options are available:
        • Email footer text: Enter the custom message footer text to use.

      When you're finished on the Customize admin review email notifications flyout, click Confirm.

    The Customize confirmation message page

  4. When you're finished, click Save. To clear these values, click Restore on the User reported page.