Report messages and files to Microsoft

In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, both users and admins have several different methods for reporting email messages and files to Microsoft.


Method Description
Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).
Enable the Report Message add-in Works with Outlook and Outlook on the web (formerly known as Outlook Web App).

Depending on your subscription, messages that users reported with the add-in are available in the Admin Submissions portal, Automated investigation and response (AIR) results, the User-reported messages report, and Threat Explorer.

You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see User submissions policies.

Enable the Report Phishing add-in Works with Outlook and Outlook on the web (formerly known as Outlook Web App).

Depending on your subscription, messages that users reported with the add-in are available in the Admin Submissions portal, Automated investigation and response (AIR) results, the User-reported messages report, and Threat Explorer.

You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see User submissions policies.

Install and use the Junk Email Reporting add-in for Microsoft Outlook Only works in Outlook.
Report junk and phishing email in Outlook on the web Use the built-in capabilities in Outlook on the web for organizations with Exchange Online mailboxes (not available in standalone EOP).

Messages that users report are available in the Admin Submissions portal.

You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see User submissions policies.

Report junk and phishing email in Outlook for iOS and Android Use the built-in capabilities in Outlook for iOS and Android for organizations with Exchange Online mailboxes (not available in standalone EOP).

Messages that users report are available in the Admin Submissions portal.

You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see User submissions policies.

Manually submit messages to Microsoft for analysis Manually send attached messages to specific Microsoft email addresses for spam, not spam, and phishing.
Use mail flow rules to see what your users are reporting to Microsoft Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.
Submit malware and non-malware to Microsoft for analysis Use the Microsoft Security Intelligence site to submit attachments and other files.

If the spam or phishing messages were quarantined instead of delivered, users can report the messages to Microsoft from the Quarantine portal in the Security & Compliance Center. For details, see Find and release quarantined messages as a user in Microsoft 365.