Deploying the Microsoft Report Message add-in in Outlook is a critical step towards managed security and compliance. This blog post outlines the process of deploying this add-in, empowering users to report suspicious emails, thereby enhancing the cybersecurity posture for Microsoft 365 environment.

The Microsoft Report Message add-in enable users to report false positives (legitimate emails marked as spam) and false negatives (unwanted or phishing emails not flagged). This feedback is crucial for Microsoft to refine email protection technologies.

Prerequisites

Before deploying these add-in, certain prerequisites must be met:

• Sufficient permissions (Global admin for add-in deployment, security admin for customization).

• The add-ins are compatible with most Microsoft 365 subscriptions and work with various versions of Outlook, including Outlook on the web, Outlook 2013 SP1 or later, Outlook 2016 for Mac, Outlook included with Microsoft 365 apps for Enterprise, and Outlook for iOS and Android​.

• Exchange Online Protection (some features require Defender for Office 365 Plan 2).

• 5-10 minutes to perform the steps below

Deploy the add-in for users

1. Login to the Microsoft 365 admin center at https://admin.microsoft.com.

2. On the left nav, press Show All then expand Settings and select Integrated Apps.

3. On the page that loads, press Get Apps.

4. In the page that appears, in the top right Search box, enter Report Message, and then select Search.

5. Press Get it now on your chosen app within the search results (publisher is Microsoft Corporation).

6. On the flyout that appears, select who to deploy the add-in to. If testing you may wish to use a specific group, otherwise configure it for the entire organization – when you've made a selection press Next.

7. Review the permissions, information and capabilities then press Next.

8. Press Finish deployment (it can take 12-24 hours for the add-in to appear automatically in Outlook clients).

Configure the add-in for users

1. Login to the Microsoft Security portal at https://security.microsoft.com.

2. On the left nav, select Settings and choose Email & collaboration.

3. Select User reported settings.

4. Ensure Microsoft Outlook Report Message button is toggled to On.

5. Under Send the reported messages to choose Microsoft (Recommended).

6. Ensure Let users choose if they want to report is unchecked and Always report the message is selected.

7. Press Save.

Optional steps – configure notifications

1. On the configuration page from the earlier steps, underneath the User reporting experience, configure the before and after reporting pop-ups title and body if desired. The end users will see the before reporting pop up if Ask me before reporting is also enabled.

2. If you wish for notifications to come from an internal organizational mailbox, select Specify Office 365 email address to use as sender and search for a valid mailbox in your organization to send the notifications from.

3. Press Customize notifications to set up the text sent to reporting users after admin reviews a reported message using Mark & Notify, configure the Phishing, Junk & No threats found options.

4. On the Footer tab, select the global footer to be sent for notifications, along with your organization's logo if appropriate.

End-user expirience: How to report message in Outlook?

1. Report junk and phishing emails

• Open Outlook desktop app.

• In the email list (in the Inbox or any other email folder except Junk Email) click once on the message you know is suspect and you want to report it to Microsoft.

• From the Outlook Home ribbon, select the Report Message dropdown arrow. Then select Junk or Phishing option.

If you select Junk ‘Report Message’ dialog box will appear as on the screenshot below

If you select Phishing ‘Report Message’ dialog box will appear as on the screenshot below

• Click on the Report button to send a copy of message to Microsoft. After that, message will be sent to Microsoft for analysis and:

- Moved to the Junk Email folder if it was reported as a Junk.

- Deleted if it was reported as Phishing.

2. Report messages that are not Junk

• Open Outlook desktop app.

• In the ‘Junk email’ folder click once on the message you know is not junk and you want to report it to Microsoft.

• From the Outlook Home ribbon, select the Report Message dropdown arrow and choose ‘Not Junk’ option.

If you select Not Junk ‘Report Message’ dialog box will appear as on the screenshot below

• Click on the Report button to send a copy of message to Microsoft. After that, the message will be sent to Microsoft for analysis and moved to Inbox folder.

Deploying the Microsoft Report Message add-in is a strategic move towards enhancing managed security and compliance in Microsoft 365 environment. It not only reinforces cybersecurity but also fosters a culture of vigilance among users, making it a critical component of an organization's cybersecurity framework.

To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.