Enable the Report Message or the Report Phishing add-ins
Important
The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what's new.
Applies to
- Exchange Online Protection
- Microsoft Defender for Office 365 plan 1 and plan 2
- Microsoft 365 Defender
Note
If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the Submissions page in the Microsoft 365 Defender portal. For more information, see Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft.
The Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App) makes it easy to report false positives (good email marked as bad) or false negatives (bad email allowed) to Microsoft and its affiliates for analysis.
Microsoft uses these submissions to improve the effectiveness of email protection technologies. For example, suppose that people are reporting many messages using the Report Phishing add-in. This information surfaces in the Security Dashboard and other reports. Your organization's security team can use this information as an indication that anti-phishing policies might need to be updated.
You can install either the Report Message or the Report Phishing add-in. If you want your users to report both spam and phishing messages, deploy the Report Message add-in in your organization.
The Report Message add-in provides the option to report both spam and phishing messages. Admins can enable the Report Message add-in for the organization, and individual users can install it for themselves.
The Report Phishing add-in provides the option to report only phishing messages. Admins can enable the Report Phishing add-in for the organization, and individual users can install it for themselves.
If you're an individual user, you can enable both the add-ins for yourself.
If you're a global administrator or an Exchange Online administrator, and Exchange is configured to use OAuth authentication, you can enable the Report Message add-in and the Report Phishing add-in for your organization. Both add-ins are now available through Centralized Deployment.
What do you need to know before you begin?
Both the Report Message add-in and the Report Phishing add-in work with most Microsoft 365 subscriptions and the following products:
- Outlook on the web
- Outlook 2013 SP1 or later
- Outlook 2016 for Mac
- Outlook included with Microsoft 365 apps for Enterprise
- Outlook app for iOS and Android
Both add-ins aren't available for shared mailboxes or mailboxes in on-premises Exchange organizations.
Your existing web browser should work with both the Report Message and Report Phishing add-ins. But, if you notice the add-in isn't available or not working as expected, try a different browser.
For organizational installs, the organization needs to be configured to use OAuth authentication. For more information, see Determine if Centralized Deployment of add-ins works for your organization.
Admins need to be a member of the Global admins role group. For more information, see Permissions in the Microsoft 365 Defender portal.
For more information on how to report a message using the Report Message feature, see Report false positives and false negatives in Outlook.
Organizations that have a URL filtering or security solution (such as a proxy and/or firewall) in place, must have ipagave.azurewebsites.net and outlook.office.com endpoints allowed to be reached on HTTPS protocol.
Turn off the built-in reporting experience
We don't recommend the built-in reporting experience in Outlook because it can't use the user submission policy. We recommend using the Report Message add-in or the Report Phishing add-in instead.
You need to be assigned permissions before you can run this cmdlet. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Run the following PowerShell command to disable the built-in reporting experience:
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ReportJunkEmailEnabled $false
Get the Report Message add-in
Get the Report Message add-in for yourself
Go to the Microsoft AppSource at https://appsource.microsoft.com/marketplace/apps and search for the Report Message add-in. To go directly to the Report Message add-in, go to https://appsource.microsoft.com/product/office/wa104381180.
Click GET IT NOW.
In the dialog that appears, review the terms of use and privacy policy, and then click Continue.
Sign in using your work or school account (for business use) or your Microsoft account (for personal use).
After the add-in is installed and enabled, you'll see the following icons:
In Outlook, the icon looks like this:
In Outlook on the web, the icon looks like this:
Get the Report Message add-in for your organization
Note
It could take up to 12 hours for the add-in to appear in your organization.
In the Microsoft 365 admin center, go to Settings > Integrated apps. Click Get apps.
In the Microsoft 365 Apps page that appears, click in the Search box, enter Report Message, and then click Search
. In the list of results, find and select Report Message.The app details page opens. Select Get It Now.
Complete the basic profile information, and then click Continue.
The Deploy New App flyout opens. Configure the following settings. Click Next to go to the next page to complete setup.
Add users: Select one of the following values:
- Just me
- Entire organization
- Specific users / groups
Deployment:
Accept Permissions requests: Read the app permissions and capabilities carefully before going to the next page.
Finish deployment: Review and finish deploying the add-in.
Deployment completed: Select Done to complete the setup.
Edit settings for the Report Message add-in
In the Microsoft 365 admin center, go to Settings > Integrated apps . Then find and select Report Message add-in.
In the flyout that appears, select Edit users to edit user settings.
To remove the add-in, select Remove app under Actions in the same flyout.
Get the Report Phishing add-in
Get the Report Phishing add-in for yourself
Go to the Microsoft AppSource at https://appsource.microsoft.com/marketplace/apps and search for the Report Phishing add-in.
Click GET IT NOW.
In the dialog that appears, review the terms of use and privacy policy, and then click Continue.
Sign in using your work or school account (for business use) or your Microsoft account (for personal use).
After the add-in is installed and enabled, you'll see the following icons:
In Outlook, the icon looks like this:
In Outlook on the web, the icon looks like this:
Get the Report Phishing add-in for your organization
Note
It could take up to 12 hours for the add-in to appear in your organization.
In the Microsoft 365 admin center, go to Settings > Integrated apps. Click Get apps.
In the Microsoft 365 Apps page that appears, click in the Search box, enter Report Phishing, and then click Search
. In the list of results, find and select Report Phishing.The app details page opens. Select Get It Now.
Complete the basic profile information, and then click Continue.
The Deploy New App flyout opens. Follow the steps described above to complete setup.
Edit settings for the Report Phishing add-in
In the Microsoft 365 admin center, go to Settings > Integrated apps . Then find and select Report Phishing add-in.
In the flyout that appears, select Edit users to edit user settings.
To remove the add-in, select Remove app under Actions in the same flyout.