How it works:

Third-party report add-ins need to be configured to forward user submissions to an internal Exchange Online mailbox. Then, by adjusting a few settings in Microsoft Defender, these reported messages will be automatically processed and submitted to Microsoft for advanced analysis.

Setup requirements:

The add-in must be properly installed and routing reports to a dedicated Exchange Online mailbox (avoid using simple Exchange Transport Rules).

• Navigate to Microsoft Defender Portal ➔ User reported settings ➔ Choose Monitor reported messages in Outlook ➔ Select Use a non-Microsoft add-in.

• In the “Reported message destination” section, select Microsoft and my reporting mailbox and provide the internal mailbox address.

• Ensure that the third-party vendor follows the recommended submission format to guarantee successful integration.

Key benefits:

• Enhanced visibility into reported threats without relying solely on manual forwarding.

• Quicker detection and faster triage through automatic alert generation.

• Stronger filtering in Defender for Office 365 as your submissions help improve Microsoft’s detection capabilities.

• Seamless automation for both triage and response workflows through integration with Defender Incidents.

If you already use Knowbe4, Hoxhunt, Cofense, or similar tools, enabling this integration is a great opportunity to close gaps and make your reporting flow smarter and more proactive.

🔗 Useful resources to get started:

Report suspicious email messages to Microsoft

Automatic user notifications for user reported phishing results in AIR

Bottom line:

Enabling this capability boosts your organization’s ability to respond quickly and efficiently to real-world phishing threats, while feeding valuable insights back to Microsoft to strengthen Defender’s global protection filters.

Let me know if you plan to activate it — happy to share some best practices we use internally! 🚀