This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Tip
Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.
Important
The Microsoft Report Message and Report Phishing add-ins are now in maintenance mode and will eventually be deprecated. We recommend transitioning from the add-ins to the built-in Report button. The Report button is supported in virtuall all consumer and entrprise Outlook clients. For more information, see the Frequently asked questions section in this article.
The built-in Report button in supported versions of Outlook makes it easy for users to report false positives and false negatives to Microsoft for analysis. False positives are good email that was blocked or sent to the Junk Email folder. False negatives are unwanted email or phishing that was delivered to the Inbox.
Microsoft uses these user reported messages to improve the effectiveness of email protection technologies. For example, suppose people are reporting many messages as phishing using the Report button. This information surfaces in the Security Dashboard and other reports. This information probably indicates the anti-phishing policies in your organization need to be updated.
The following table describes the advantages of the built-in Report button over the Report Message and Report Phishing add-ins:
| Benefits | In-build report button | Report add-ins |
|---|---|---|
| Works out of the box | 
|
|
| Consistent across consumer and enterprise accounts |
|
|
| Easily discoverable across Outlook clients |
|
|
| Front and center across Outlook clients |
|
|
| Multi-message reporting from Inbox |
|
|
| Message reporting from preview panel |
|
|
| Message reporting from reading window |
|
|
| Message reporting from context menu |
|
|
| Supports shared and delegate mailboxes |
|
|
| Pre-reporting popup customization |
|
|
| Pre-reporting popup localization |
|
|
| Post-reporting popup customization |
|
|
| Post-reporting popup localization |
|
|
| Works flawlessly with firewalls |
|
|
The rest of this article describes how to remove the Report Message and Report Phishing add-ins.
You need to be assigned permissions before you can do the procedures in this article. You have the following options:
Microsoft Defender XDR Unified role based access control (RBAC) (If Email & collaboration > Defender for Office 365 permissions is 
Active. Affects the Defender portal only, not PowerShell): Security operations/Security data/Response (manage) or Security operations/Security data/Read-only.
Email & collaboration permissions in the Microsoft Defender portal: Membership in the Organization Management role group.
Exchange Online permissions: Membership in the Organization Management role group.
Microsoft Entra permissions: Membership in the Global Administrator* role gives users the required permissions and permissions for other features in Microsoft 365.
Important
* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
For organizational removals, the organization needs to be configured to use OAuth authentication. For more information, see Determine if Centralized Deployment of add-ins works for your organization.
For more information on how to report a message using reporting in Outlook, see Report false positives and false negatives in Outlook.
Tip
If you delete the app registration for the add-in in Microsoft Entra ID, the add-in is also deleted from the organization.
In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to go directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.
Tip
Admins in Microsoft 365 GCC High or DoD need to use the Microsoft 365 admin center at https://portal.office365.us/adminportal/home#/Settings/AddIns and then select Settings > Add-ins.
Although the screenshots in the following steps show the Report Phishing add-in, the steps are identical for the Report Message add-in.
On the Deployed apps tab of the Integrated apps page, select the Report Message add-in or the Report Phishing add-in by clicking anywhere in the row.
On the Overview tab of the details flyout that opens, select Remove app from the Actions section.
In the Remove apps confirmation flyout that opens, select Yes, I'm sure I want to remove the app and associated data, and then select Remove.
After a few moments, Successfully removed flyout appears. It might take up to 24 hours for the add-in to disappear from your organization.
Select Done to return to the Integrated apps page where the add-in is no longer listed.
In the Microsoft 365 admin center at https://admin.microsoft.com, expand Show all if necessary, and then go to Settings > Integrated apps. Or, to go directly to the Integrated apps page, use https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps.
Tip
Admins in Microsoft 365 GCC High, or DoD need to use the Microsoft 365 admin center at https://portal.office365.us/adminportal/home#/Settings/AddIns and then select Settings > Add-ins.
Although the screenshots in the following steps show the Report Phishing add-in, the steps are identical for the Report Message add-in.
On the Deployed apps tab of the Integrated apps page, select the Report Message add-in or the Report Phishing add-in by doing one of the following steps:
On the Users tab of the details flyout, verify Specific users/groups is selected in the Assign users section.
Any existing users or groups are shown in the Added users section.
Click in the search box to find and select users or groups. New selections are added to the To be added section that appears.
To remove a user or group, select 
on the entry:
When you're finished on the Users tab of the details flyout, select Update to save your changes.
After a few moments, the Updating users completed flyout appears. Select Done to return to the Users tab of the add-in details flyout where your updates are shown in the Added users section.
Select
Close flyout to return to the Integrated apps page.
A: The add-ins are being deprecated for the following reasons:
Therefore, we decided to move to the built-in Report button to better serve your requirements.
A: It means that no improvement will be made to the add-ins. The add-ins will remain functional until they're deprecated. Naturally, any new improvement requests for the add-ins will be rejected.
A: Yes. There will be further communication as we progress towards the deprecation.
A: We recommend you update clients in the Microsoft admin center or ask users to update their clients. Reach out to Microsoft Support if you have issues updating clients for users.
A: This design was finalized after partnership with more than 50 customers and a Private Preview of approximately two and half years. Many customers who had this question are actually much more comfortable with the built-in Report button.
They transitioned completely to the built-in Report button. Users were instructed to use the default action (split) for reporting messages as phishing, and to use the side menu to report messages as other types (Junk or Not junk).
We recommend that you try the built-in Report button. If you're still facing issues, you can always reach out to us via Microsoft Support.
A: This behavior is by design. We think the built-in Report button provides a base level of protection for all users, including shared and delegate mailboxes. Scoping the built-in Report button to a limited number of users can result in forgetting about those users, which leavs a security gap that can be exploited by attackers. Many customers totaling more than a million users migrated smoothly to the the built-in Report button smoothly without scoping ability. Instead, they scoped third-party add-in buttons or the Microsoft add-ins as they rolled out the built-in Report button across the organization.
If you're looking to scope the functionality for experimentation, we recommend using a test environment.
A: Raise a design change request (DCR) via Microsoft support.
A: No. Unfortunately, due to the previously stated reasons, the add-ins will be deprecated. There's no way to keep the add-in and remove the built-in Report button. You can remove the add-in from the Deployed apps tab of the Integrated apps page as previously described.
A: After you, remove the add-in from the integrated apps from the Deployed apps tab of the Integrated apps page as previously described, install the third-party add-in as per their instructions.
On the User reported settings page in the Defender portal, you need to do the following steps:
A: No worries. Just raise a support ticket via Microsoft support and we will get right back to you.
Training
Learning path
Use advance techniques in canvas apps to perform custom updates and optimization - Training
Use advance techniques in canvas apps to perform custom updates and optimization
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.
Documentation
User reported settings - Microsoft Defender for Office 365
Admins can configure where user reported messages go for analysis: to an internal reporting mailbox, to Microsoft, or both. Other settings complete the reporting experience for users when they report good messages, spam, or phishing messages from Outlook.
Report phishing and suspicious emails in Outlook for admins - Microsoft Defender for Office 365
Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button.
How do I report a suspicious email or file to Microsoft? Report messages, URLs, email attachments and files to Microsoft for analysis. Learn to report spam email and phishing emails.