This message didn't pass through our mail flow system, or the message metadata isn't available yet error
You get this error under either of the following conditions:
Exchange Online Protection (EOP) or Microsoft Defender for Office 365 didn't filter the message.
We can't investigate why the message was blocked or delivered, because the Microsoft protection stack never evaluated or acted on the message.
EOP or Defender for Office 365 filtered the message, but we're still collecting the required metadata (descriptive data) for the message.
If you wait "a while" and submit the message again, the submission is likely to be successful.
We did not receive the submission, please fix the problem and resubmit
If you encounter this error message, then either of the following conditions have occurred:
The message was deleted or is no longer available in the mailbox or in quarantine.
Exchange mail flow rules (also known as transport rules), connectors, or data loss prevention (DLP) rules in your organization prevent the message from reaching us.
Be sure to investigate and fix both of these possible causes before you resubmit the message.
This module examines how Microsoft Defender for Office 365 extends EOP protection through various tools, including Safe Attachments, Safe Links, spoofed intelligence, spam filtering policies, and the Tenant Allow/Block List.
How do I report a suspicious email or file to Microsoft? Report messages, URLs, email attachments and files to Microsoft for analysis. Learn to report spam email and phishing emails.
Admins can learn how to use the Submissions page in the Microsoft Defender portal to submit messages, URLs, and email attachments to Microsoft for analysis. Reasons for submission include: legitimate messages that were blocked, suspicious messages that were allowed, suspected phishing email, spam, malware, and other potentially harmful messages.
Admins can configure where user reported messages go for analysis: to an internal reporting mailbox, to Microsoft, or both. Other settings complete the reporting experience for users when they report good messages, spam, or phishing messages from Outlook.
The steps to handle malicious emails coming through to end users and inboxes (as False Negatives) with Microsoft Defender for Office 365 in order to prevent loss of business.
Admins can learn how to find and use the email security reports that are available in the Microsoft Defender portal. This article helps answer the question, 'What is the Threat protection status report in EOP and Microsoft Defender for Office 365?'