使用“管理员提交”将可疑的垃圾邮件、网络钓鱼诈骗、URL和文件提交给 MicrosoftUse Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

在具有 Exchange Online 邮箱的 Microsoft 365 组织中,管理员可以使用安全 & 合规中心中的提交门户将电子邮件、URL 和附件提交到 Microsoft 进行扫描。In Microsoft 365 organizations with mailboxes in Exchange Online, admins can use the Submissions portal in the Security & Compliance Center to submit email messages, URLs, and attachments to Microsoft for scanning.

当你提交电子邮件时,你得到:When you submit an email message, you will get:

  1. 电子邮件身份验证检查:有关电子邮件身份验证在传递时通过还是失败的详细信息。Email authentication check: Details on whether email authentication passed or failed when it was delivered.
  2. 策略命中:有关可能允许或阻止传入电子邮件进入租户的任何策略的信息,覆盖我们的服务筛选器裁定。Policy hits: Information about any policies that may have allowed or blocked the incoming email into your tenant, overriding our service filter verdicts.
  3. 有效负载信誉/触发:检查邮件中任何 URL 和附件。Payload reputation/detonation: Examination of any URLs and attachments in the message.
  4. 成绩分析:由人工评分人员完成审阅,以确认邮件是否是恶意邮件。Grader analysis: Review done by human graders in order to confirm whether or not messages are malicious.

重要

负载信誉/触发和成绩分析并非在所有租户中都完成。Payload reputation/detonation and grader analysis are not done in all tenants. 当数据出于合规性目的不应离开租户边界时,将阻止信息进入组织外部。Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes.

有关向 Microsoft 提交电子邮件、URL 和附件的其他方法,请参阅向 Microsoft 报告 邮件和文件For other ways to submit email messages, URLs, and attachments to Microsoft, see Report messages and files to Microsoft.

开始前,有必要了解什么?What do you need to know before you begin?

向 Microsoft 报告可疑内容Report suspicious content to Microsoft

  1. 在安全&合规中心,转到"威胁管理提交",验证你位于"管理员提交"选项卡上, > 然后单击"新建 提交"。In the Security & Compliance Center, go to Threat management > Submissions, verify that you're on the Admin submissions tab, and then click New submission.

  2. 使用 显示为 提交邮件、URL 或附件的新提交飞出,如以下各节中所述。Use New submission flyout that appears to submit the message, URL, or attachment as described in the following sections.

向 Microsoft 提交有问题的电子邮件Submit a questionable email to Microsoft

  1. 在"对象类型"部分,选择"电子邮件"。In the Object type section, select Email. 在" 提交格式" 部分,使用以下选项之一:In the Submission format section, use one of the following options:

    • 网络邮件 ID: 这是一个 GUID 值,在邮件的 X-MS-Exchange-Organization-Network-Message-Id 头中或在隔离邮件的 X-MS-Office365-Filtering-Correlation-Id 头 中可用。Network Message ID: This is a GUID value that's available in the X-MS-Exchange-Organization-Network-Message-Id header in the message, or in the X-MS-Office365-Filtering-Correlation-Id header in quarantined messages.

    • 文件:单击 "选择文件"。File: Click Choose file. 在打开的对话框中,查找并选择 .eml 或 .msg 文件,然后单击"打开 "。In the dialog that opens, find and select the .eml or .msg file, and then click Open.

    备注

    针对 Office 365 客户的 Defender,提交 30 天以上的邮件功能已暂时暂停。The ability to submit messages as old as 30 days has been temporarily suspended for Defender for Office 365 customers. 管理员只能返回 7 天。Admins will only be able to go back 7 days.

  2. "收件人" 部分,指定要针对其运行策略检查的一个或多个收件人。In the Recipients section, specify one or more recipients that you would like to run a policy check against. 策略检查将确定电子邮件是否由于用户或组织策略而绕过扫描。The policy check will determine if the email bypassed scanning due to user or organization policies.

  3. 在" 提交原因" 部分,选择以下选项之一:In the Reason for submission section, select one of the following options:

    • 不应被阻止Should not have been blocked

    • 应已阻止:选择"垃圾邮件****"、"网络钓鱼"或"恶意软件 "。Should have been blocked: Select Spam, Phishing, or Malware. 如果你不确定,请使用最佳判断。If you're not sure, use your best judgment.

  4. 完成后,单击"提交 " 按钮。When you're finished, click the Submit button.

    URL 提交示例

向 Microsoft 发送可疑 URLSend a suspect URL to Microsoft

  1. 在"对象类型"部分,选择 "URL"。In the Object type section, select URL. 在出现的框中,输入完整的 URL (例如 https://www.fabrikam.com/marketing.html ,) 。In the box that appears, enter the full URL (for example, https://www.fabrikam.com/marketing.html).

  2. 在" 提交原因" 部分,选择以下选项之一:In the Reason for submission section, select one of the following options:

    • 不应被阻止Should not have been blocked

    • 应该已被阻止:选择网络钓鱼****或****恶意软件Should have been blocked: Select Phishing or Malware.

  3. 完成后,单击"提交 " 按钮。When you're finished, click the Submit button.

    电子邮件提交示例

将可疑文件提交给 MicrosoftSubmit a suspected file to Microsoft

  1. 在"对象类型"部分,选择"附件 "。In the Object type section, select Attachment.

  2. 单击 "选择文件"。Click Choose File. 在打开的对话框中,查找并选择文件,然后单击"打开 "。In the dialog that opens, find and select the file, and then click Open.

  3. 在" 提交原因" 部分,选择以下选项之一:In the Reason for submission section, select one of the following options:

    • 不应被阻止Should not have been blocked

    • 应已阻止恶意软件 是唯一的选择,并且会自动选中。Should have been blocked: Malware is the only choice, and is automatically selected..

  4. 完成后,单击"提交 " 按钮。When you're finished, click the Submit button.

    附件提交示例

查看提交用于分析的项目View items Submitted for analysis

In the Security & Compliance Center, go to Threat management > Submissions, verify that you're on the Submitted for analysis tabIn the Security & Compliance Center, go to Threat management > Submissions, verify that you're on the Submitted for analysis tab

在页面顶部附近,你可以输入开始日期、结束日期和 (默认情况下) 你可以按提交 ID (通过输入框中的值并单击"刷新"按钮来筛选分配给每个提交) 的 GUID 值。  Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by Submission ID (a GUID value that's assigned to every submission) by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要更改筛选条件,请单击" 提交 ID"按钮 并选择下列值之一:To change the filter criteria, click the Submission ID button and choose one of the following values:

  • SenderSender
  • 主题/URL/文件名Subject/URL/File name
  • 提交者Submitted by
  • 提交类型Submission type
  • StatusStatus

管理员提交的筛选器选项

若要导出结果,请单击页面 顶部附近的"导出",然后选择"图表数据"或"表 "。To export the results, click Export near the top of the page and select Chart data or Table. 在出现的对话框中,保存 .csv 文件。In the dialog that appears, save the .csv file.

在图形下方,有三个选项卡:"电子邮件" (默认 ) 、URL"附件"。Below the graph, there are three tabs: Email (default), URL, and Attachment.

查看管理员电子邮件提交View admin email submissions

单击" 电子邮件" 选项卡。Click the Email tab.

You can click the Column options button near of the bottom of the page to add or remove columns from the view:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交 ID: 分配给每个提交的 GUID 值。Submission ID: A GUID value that's assigned to every submission.

  • 提交者*Submitted by*

  • 主题*Subject*

  • SenderSender

  • 发件人 IP*Sender IP*

  • 提交类型Submission type

  • 传递原因Delivery reason

  • 状态*Status*

    * 如果单击此值,将在一个飞出内容中显示详细信息。* If you click this value, detailed information is displayed in a flyout.

管理员提交重新扫描详细信息Admin submission rescan details

在管理员提交中提交的邮件会重新扫描,详细信息飞出中将显示结果:Messages that are submitted in admin submissions are rescanned and results shown in the details flyout:

  • 发件人的电子邮件身份验证是否在发送时验证失败。If there was a failure in the sender's email authentication at the time of delivery.
  • 任何可能影响或覆盖邮件裁定的策略信息。Information about any policy hits that could have affected or overridden the verdict of a message.
  • 当前触发结果,以查看邮件中所包含的 URL 或文件是否是恶意的。Current detonation results to see if the URLs or files contained in the message were malicious or not.
  • 来自成绩者的反馈。Feedback from graders.

如果找到了覆盖,则应该会在数分钟内完成重新扫描。If an override was found, the rescan should complete in several minutes. 如果电子邮件身份验证没有问题,或者传递不受替代的影响,则来自成绩认证人员的反馈可能需要一天的时间。If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day.

查看管理员 URL 提交View admin URL submissions

单击 "URL" 选项卡。Click the URL tab.

You can click the Column options button near of the bottom of the page to add or remove columns from the view:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交 IDSubmission ID

  • 提交者*Submitted by*

  • URL*URL*

  • 提交类型Submission type

  • 状态*Status*

    * 如果单击此值,将在一个飞出内容中显示详细信息。* If you click this value, detailed information is displayed in a flyout.

查看管理员附件提交View admin attachment submissions

单击" 附件" 选项卡。Click the Attachments tab.

You can click the Column options button near of the bottom of the page to add or remove columns from the view:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交 IDSubmission ID

  • 提交者*Submitted by*

  • 文件名*File name*

  • 提交类型Submission type

  • 状态*Status*

    * 如果单击此值,将在一个飞出内容中显示详细信息。* If you click this value, detailed information is displayed in a flyout.

查看向 Microsoft 提交用户View user submissions to Microsoft

如果已部署报告邮件外接程序、报告网络钓鱼外接程序或用户使用 Outlook 网页中的内置报告,您可以在"用户提交"选项卡上查看报告哪些用户。 If you've deployed the Report Message add-in, the Report Phishing add-in, or people use the built-in reporting in Outlook on the web, you can see what users are reporting on the User submissions tab.

  1. 在安全与&中心中,转到"威胁管理 > 提交"。In the Security & Compliance Center, go to Threat management > Submissions.

  2. 选择"用户提交" 选项卡,然后单击"新建 提交"。Select the User submissions tab, and then click New submission.

You can click the Column options button near of the bottom of the page to add or remove columns from the view:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • 提交者Submitted on
  • 提交者*Submitted by*
  • 主题*Subject*
  • SenderSender
  • 发件人 IP*Sender IP*
  • 提交类型Submission type

* 如果单击此值,将在一个飞出内容中显示详细信息。* If you click this value, detailed information is displayed in a flyout.

在页面顶部附近,可以输入开始日期、结束日期和 (默认情况下) 可以通过在框中输入值并单击"刷新"按钮按 发件人 进行  筛选 Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by Sender by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要更改筛选条件,请单击"发件人 " 按钮并选择下列值之一:To change the filter criteria, click the Sender button and choose one of the following values:

  • 发件人域Sender domain
  • SubjectSubject
  • 提交者Submitted by
  • 提交类型Submission type
  • 发件人 IPSender IP

用户提交的筛选器选项

若要导出结果,请单击页面 顶部附近的"导出",然后选择"图表数据"或"表 "。To export the results, click Export near the top of the page and select Chart data or Table. 在出现的对话框中,保存 .csv 文件。In the dialog that appears, save the .csv file.

查看自定义邮箱的用户提交View user submissions to the custom mailbox

如果 已配置 自定义邮箱 以接收用户报告的邮件,则还可以查看并提交已传递到报告邮箱的邮件。If you've configured a custom mailbox to receive user reported messages, you can view and also submit messages that were delivered to the reporting mailbox.

  1. 在安全与&中心中,转到"威胁管理 > 提交"。In the Security & Compliance Center, go to Threat management > Submissions.

  2. 选择" 自定义邮箱" 选项卡。Select the Custom mailbox tab.

You can click the Column options button near of the bottom of the page to add or remove columns from the view:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • 提交者Submitted on
  • 提交者*Submitted by*
  • 主题*Subject*
  • SenderSender
  • 发件人 IP*Sender IP*
  • 提交类型Submission type

在页面顶部附近,可以输入开始日期、结束日期,并且可以通过在框中输入值并单击"刷新"按钮来按"提交  "进行筛选 Near the top of the page, you can enter a start date, an end date, and you can filter by Submitted by by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要导出结果,请单击页面 顶部附近的"导出",然后选择"图表数据"或"表 "。To export the results, click Export near the top of the page and select Chart data or Table. 在出现的对话框中,保存 .csv 文件。In the dialog that appears, save the .csv file.

备注

如果组织配置为仅发送到自定义邮箱,将不会发送报告的邮件进行重新扫描,并且用户报告的邮件门户中的结果将始终为空。If organizations are configured to send to custom mailbox only, reported messages will not be sent for rescan and results in the User reported messages portal will always be empty.

撤消用户提交Undo user submissions

用户向自定义邮箱提交可疑电子邮件后,用户和管理员将无法撤消提交。Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. 如果用户希望恢复电子邮件,可以在"已删除邮件"或"垃圾邮件"文件夹中进行恢复。If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders.

从自定义邮箱向 Microsoft 提交邮件Submit messages to Microsoft from the custom mailbox

如果已配置自定义邮箱,以截获用户报告的邮件,而不将邮件发送到 Microsoft,您可以查找特定邮件并将其发送给 Microsoft 进行分析。If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis. 这有效地将用户提交移动到管理员提交。This effectively moves a user submission to an admin submission.

在"自定义邮箱"选项卡上,在列表中选择一封邮件,单击"操作"按钮,然后进行以下选择之一:On the Custom mailbox tab, select a message in the list, click the Action button, and make one of the following selections:

  • 报告干净Report clean
  • 报告网络钓鱼Report phishing
  • 报告恶意软件Report malware
  • 报告垃圾邮件Report spam

"操作"按钮上的选项