Microsoft Defender for Office 365 & The Report Messages Add-On

Microsoft Defender for Office 365

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against spam, phishing attempts, unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. 

What's Junk email?

Junk email messages are typically referred to as spam. These are messages that you don't want to receive that may be advertising products you don't use or find offensive. If you choose the Junk option, a copy of the message may be sent to Microsoft to help update our spam filters, and the message will be moved from your Inbox to your Junk Email folder. 

What's phishing?

Phishing is the practice of luring you into disclosing personal information, such as bank account numbers and passwords. Often phishing messages look legitimate, but have deceptive links that actually open fake websites. If you select Phishing, a copy of your message may be sent to Microsoft to help update our filters, and the message will be moved from your Inbox to your Junk Email folder. 

What's a legitimate email?

If you know the sender and you're expecting the message, or if you receive a message that's mistakenly marked as junk, you can use the Report Message add-in to mark the message as Not Junk. This will move the message from the Junk Email folder back to your Inbox. 

How will these changes to email protection effect me?

The main changes you will notice after this is implemented for your organization are:

Impersonation protection
  • External senders with same or similar names to internal recipients will be blocked by the impersonation protection.
    • For example: your organization has a CEO named John Smith and uses johnsmith@yourcompany.com, an external scammer registers johnsmith123@gmail.com and tries to send your financial controller an email to wire money to a new bank account. Microsoft's impersonation protection algorithm will recognize the similarities of the name on the @gmail.com address with John's company account and block it.
    • Note: this only applies to emails inbound to recipients on your organization's email system
  • On occasion we do see some staff with legitimate personal email addresses get blocked as a false positive. If you have a non-work email address that you use to email corporate accounts, please email support@cloudcollective.com to have it whitelisted.
Managing messages flagged as spam in your junk mail folder.
  • False positives can be fixed by right clicking and choosing "Not Junk"
  • Spam and other unwanted emails in tis folder can be ignored as they will be auto-deleted in 30 days
Email notifications for emails that have been quarantined. There are 2 levels of quarantine: one allowing users to self manage, one requiring assistance from customer support.
  • Anything that has been flagged as malware or malicious will not be accessible from the user level quarantine, and will require contacting the customer support desk for analysis.
  • An end-user spam notification contains the following information for each quarantined message:
    • Sender: The send name and email address of the quarantined message.
    • Subject: The subject line text of the quarantined message.
    • Date: The date and time (in UTC) that the message was quarantined.
    • Block Sender: Click this link to add the sender to your Blocked Senders list. For more information, see Block a mail sender.
    • Release: For spam (not phishing) messages, you can release the message here without going to Quarantine the Security & Compliance Center.
    • Review: Click this link to go to Quarantine in the Security & Compliance Center, where you can (depending on why the message was quarantined) view, release, delete or report your quarantined messages. For more information, see Find and release quarantined messages as a user in EOP.
    Example end-user spam notification
Using the "Report Message" add-in allows you to report suspicious messages to Microsoft as well as manage how your Microsoft 365 email account treats these messages. 
  • Messages that your Microsoft 365 email account marks as junk are automatically moved to your Junk Email folder or isolated in quarantine on the mail server.
  • However, spammers and phishing attempts are continually evolving. If you receive a junk email in your inbox, you can use the Report Message add-in to send the message to Microsoft to help us improve our spam filters.
  • If you find an email in your Junk Email folder that's not spam, you can use the Report Message add-in to mark it as a legitimate email, move the message to your Inbox, and report the false positive to help Microsoft improve our spam filters. 
  • In Outlook, the icon looks like this:
Report Message Add-in icon for Outlook
  • In Outlook on the web, the icon looks like this:
Outlook on the Web Report Message Add-in icon
  • If you choose the Report Message button on the ribbon, you'll see several different options. 
    • Junk
    • Phishing
    • Not Junk
    • Options
    • Help
  • If you choose Junk, Phishing, or Not Junk, you'll have the option to send a copy of the message to Microsoft, along with your classification of the message. This is optional. To turn off the option to send a copy of the message to Microsoft, choose Options and then follow the steps listed below. 

How did we do?

How To Password Protect your Office Files

Working with SharePoint

Contact