Enable the Microsoft Report Message or the Report Phishing add-ins

Tip

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

Applies to

Note

If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the Submissions page in the Microsoft 365 Defender portal. For more information, see Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft.

The Microsoft Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App or OWA) makes it easy to report false positives (good email marked as bad) or false negatives (bad email allowed) to Microsoft and its affiliates for analysis.

Microsoft uses these user reported messages to improve the effectiveness of email protection technologies. For example, suppose that people are reporting many messages using the Report Phishing add-in. This information surfaces in the Security Dashboard and other reports. Your organization's security team can use this information as an indication that anti-phishing policies might need to be updated.

You can install either the Report Message or the Report Phishing add-in. If you want your users to report both spam and phishing messages, deploy the Report Message add-in in your organization.

The Report Message add-in provides the option to report both spam and phishing messages. Admins can enable the Report Message add-in for the organization, and individual users can install it for themselves.

The Report Phishing add-in provides the option to report only phishing messages. Admins can enable the Report Phishing add-in for the organization, and individual users can install it for themselves.

If you're an individual user, you can enable both the add-ins for yourself.

If you're a global administrator or an Exchange Online administrator, and Exchange is configured to use OAuth authentication, you can enable the Report Message and Report Phishing add-ins for your organization. Both add-ins are now available through Centralized Deployment.

After the add-in is installed and enabled, users will see the following icons:

  • Outlook for Windows:

    • The Report Message icon in the Classic Ribbon:

    • The Report Message icon in the Simplified Ribbon: Click More commands icon. More commands > Protection section > Report Message.

    • The Report Phishing icon in the Classic Ribbon:

    • The Report Phishing icon in the Simplified Ribbon: Click More commands icon. More commands > Protection section > Report Phishing.

  • Outlook on the web:

    • The Report Message add-in:

    • The Report Phishing add-in:

What do you need to know before you begin?

  • The Report Message and Report Phishing add-ins work with most Microsoft 365 subscriptions and the following products:

    • Outlook on the web
    • Outlook 2013 SP1 or later
    • Outlook 2016 for Mac
    • Outlook included with Microsoft 365 apps for Enterprise
    • Outlook for iOS and Android
  • The add-ins are not available for shared, group, or delegated mailboxes (Report message will be greyed out).

  • The add-ins are not available for on-premises Exchange mailboxes.

  • Your existing web browser should work with the Report Message and Report Phishing add-ins. But, if you notice an add-in isn't available or not working as expected, try a different browser.

  • For organizational installs, the organization needs to be configured to use OAuth authentication. For more information, see Determine if Centralized Deployment of add-ins works for your organization.

  • Admins need to be a member of the Global admins role group. For more information, see Permissions in the Microsoft 365 Defender portal.

  • For more information on how to report a message using the Report Message feature, see Report false positives and false negatives in Outlook.

  • Organizations that have a URL filtering or security solution (such as a proxy and/or firewall) in place, must have ipagave.azurewebsites.net and outlook.office.com endpoints allowed to be reached on HTTPS protocol.

  • Currently, reporting messages in shared mailboxes or other mailboxes by a delegate using the add-ins is not supported. Messages are not sent to the reporting mailbox or to Microsoft. Built-in reporting in Outlook on the web sends messages reported by a delegate to the reporting mailbox and/or to Microsoft.

Important

To view messages reported to Microsoft on the User reported tab on the Submissions page at https://security.microsoft.com/reportsubmission?viewid=user, leave the toggle On (Toggle on.) at the top of the User reported page at https://security.microsoft.com/securitysettings/userSubmission.

Admin instructions

Install and configure the Report Message or Report Phishing add-ins for the organization.

Note

It could take up to 12 hours for the add-in to appear in your organization.

Get the Report Message or Report Phishing add-in for your organization

  1. In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.

  2. On the Integrated apps page, click Get apps icon.Get apps.

  3. In the Microsoft 365 Apps page that opens, enter Report Message in the Search icon. Search box.

    In the search results, click Get it now in the Report Message entry or the Report Phishing entry.

    Note

    Although the screenshots in the remaining steps show the Report Message add-in, the steps are identical for the Report Phishing add-in.

  4. The Deploy New App wizard opens. On the Add users page, configure the following settings:

    • Is this a test deployment?: Leave the toggle at Toggle off. No, or set the toggle to Toggle on. Yes.

    • Assign users: Select one of the following values:

      • Just me
      • Entire organization
      • Specific users/groups: Find and select users and groups in the search box. After each selection, the user or group appears in the To be added section that appears below the search box. To remove a selection, click Remove entry icon. on the entry.
    • Email notification: By default the Send email notification to assigned users is selected. Click View email sample to open the Add-in deployment email alerts](/microsoft-365/admin/manage/add-in-deployment-email-alerts) article.

    When you're finished, click Next.

  5. On the Accept permissions requests page, read the app permissions and capabilities information carefully before you click Next.

  6. On the Review and finish deployment page, review your settings. Click Back to make changes.

    When you're finished, click Finish deployment.

  7. A progress indicator appears on the Review and finish deployment page. If deployment of the add-in is successful, the page title changes to Deployment completed.

    When you're finished, click Done.

    If you click View this deployment, the page closes and you're taken to the details of the add-in as described in the next section.

Get the Report Message or the Report Phishing add-ins for your Microsoft 365 GCC or GCC High organization

Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High need to use the steps in this section to get the Report Message or Report Phishing add-ins for their organizations.

Note

It could take up to 24 hours for the add-in to appear in your organization.

  1. In the Microsoft 365 admin center at https://portal.office365.us/adminportal, go to Organization > Add-ins, and select Deploy Add-In.

  2. In the Deploy a new add-in flyout that opens, click Next, and then select Upload custom apps.

  3. Select I have a URL for the manifest file. Use the following URLs:

  4. Choose which users will have access to the add-in, select a deployment method, and then select Deploy.

  5. To fully configure the settings, see User reported message settings.

View and edit settings for the Report Message or Report Phishing add-ins

  1. In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.

    Note

    Although the screenshots in the remaining steps show the Report Message add-in, the steps are identical for the Report Phishing add-in.

  2. On the Integrated apps page, select the Report Message add-in or the Report Phishing add-in by doing one of the following steps:

    • In the Name column, click the icon or text for the add-in. This selection takes you to the Overview tab in the details flyout as described in the next steps.
    • In the Name column, click Edit row, and then select Edit users icon. Edit users. This selection takes you to the Users tab in the details flyout as described in the next steps.
    • In the Name column, click Edit row, and then select Check usaged data icon. Check usage data. This selection takes you to the Usage tab in the details flyout as described in the next steps.
  3. The details flyout that opens contains the following tabs:

    • Overview tab:

      • Basic info section:
        • Status
        • Type: Add-in
        • Test deployment: Yes or No, depending on the option you selected when you deployed the add-in or the selection you change on the Users tab.
        • Description
        • Host product: Outlook
      • Actions section: Click Remove app to remove the app.
      • Assigned users section: Click Edit users to go to the Users tab.
      • Usage section: Click Check usage data to got to the Usage tab.
    • Users tab:

      • Is this a test deployment?: Leave the toggle at Toggle off. No, or set the toggle to Toggle on. Yes.

      • Assign users section: Select one of the following values:

        • Just me
        • Entire organization
        • Specific users/groups: Find and select users and groups in the search box. After each selection, the user or group appears in the Added users section that appears below the search box. To remove a selection, click Remove selection icon. on the entry.
      • Email notification section: Send email notification to assigned users and View email sample are not selectable.

      If you made any updates on this tab, click Update to save your changes.

    • Usage tab: The chart and details table shows the number of active users over time.

      • Filter the Date range to 7 days, 30 days (default), or 90 days.
      • In the Report column, click Download icon. Download to download the information filtered by Date range to the file named UsageData.csv.

    When you're finished viewing the information on the tabs, click Close icon. Close to close the details flyout.

User instructions

Get the Report Message or Report Phishing add-ins for yourself

  1. Do one of the following steps:

    Search results on the Microsoft AppSource page for the Report Message add-in.

    Note

    Although the screenshots in the remaining steps show the Report Message add-in, the steps are identical for the Report Phishing add-in.

  2. On the details page of the add-in, click Get it now.

    The details page of the Report Message add-in where you click Get it now.

  3. If prompted, sign in with your Microsoft account credentials.

  4. When the installation is finished, you'll see the following Launch page:

    The Launch page of the Report Message add-in.

Get the Report Message or the Report Phishing add-ins for yourself in Microsoft 365 GCC or GCC High

Individual users in Microsoft 365 GCC or GCC High can't get the Report Message or Report Phishing add-ins using the Microsoft AppSource.

Use the Report Message or the Report Phishing add-ins

You can use the Report Message or the Report Phishing add-ins to submit false positives (good email that was blocked or sent to the Junk Email folder) and false negatives (unwanted email or phishing that was delivered to the Inbox) in Outlook. For more information, see Report false positives and false negatives in Outlook.