使用系統管理提交,將可疑的垃圾郵件、網路釣魚詐騙、URL 和檔案提交給 MicrosoftUse Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

適用於Applies to

在使用 Exchange Online 信箱的 Microsoft 365 組織中,系統管理員可以使用安全性 & 合規性中心內的提交入口網站,將電子郵件訊息、URLs 和附件提交給 Microsoft 以供掃描。In Microsoft 365 organizations with mailboxes in Exchange Online, admins can use the Submissions portal in the Security & Compliance Center to submit email messages, URLs, and attachments to Microsoft for scanning.

當您提交電子郵件訊息時,您會收到:When you submit an email message, you will get:

  1. 電子郵件驗證檢查:傳送電子郵件時的驗證是否已通過或失敗的詳細資料。Email authentication check: Details on whether email authentication passed or failed when it was delivered.
  2. 原則點擊:有關任何可能允許或封鎖內送電子郵件進入您租使用者之原則的資訊,請覆寫我們的服務篩選 verdicts。Policy hits: Information about any policies that may have allowed or blocked the incoming email into your tenant, overriding our service filter verdicts.
  3. 負載信譽/引爆:檢查郵件中的任何 URLs 和附件。Payload reputation/detonation: Examination of any URLs and attachments in the message.
  4. 評分分析:檢查是否有惡意的「人工 graders 完成」。Grader analysis: Review done by human graders in order to confirm whether or not messages are malicious.

重要

在所有承租人中都不會進行負載信譽/引爆和評分分析。Payload reputation/detonation and grader analysis are not done in all tenants. 當資料不應該保留租使用者界限以符合合規性目的時,就會封鎖資訊,避免進入組織外部。Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes.

如需其他方式將電子郵件訊息、URLs 和附件提交給 Microsoft,請參閱 向 Microsoft 報告訊息和檔案。For other ways to submit email messages, URLs, and attachments to Microsoft, see Report messages and files to Microsoft.

開始之前有哪些須知?What do you need to know before you begin?

向 Microsoft 報告可疑內容Report suspicious content to Microsoft

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 提交],確認您在 [系統 管理提交 ] 索引標籤上,然後按一下 [ 新增提交]。In the Security & Compliance Center, go to Threat management > Submissions, verify that you're on the Admin submissions tab, and then click New submission.

  2. 使用看似送出的 送出控制項,如下列各節所述提交郵件、URL 或附件。Use New submission flyout that appears to submit the message, URL, or attachment as described in the following sections.

將可疑的電子郵件提交給 MicrosoftSubmit a questionable email to Microsoft

  1. 在 [ 物件類型 ] 區段中,選取 [ 電子郵件]。In the Object type section, select Email. 在 [ 提交格式 ] 區段中,使用下列其中一個選項:In the Submission format section, use one of the following options:

    • 網路消息識別碼:這是在郵件中 X-MS-Exchange-Organization-網路 Message-Id 標頭中可用的 GUID 值,或是隔離郵件中的 X Office365-篩選關聯識別碼 標頭中可用的 GUID 值。Network Message ID: This is a GUID value that's available in the X-MS-Exchange-Organization-Network-Message-Id header in the message, or in the X-MS-Office365-Filtering-Correlation-Id header in quarantined messages.

    • 檔案:按一下 [選擇 檔案]。File: Click Choose file. 在開啟的對話方塊中,尋找並選取 .eml 或 .msg 檔案,然後按一下 [ 開啟]。In the dialog that opens, find and select the .eml or .msg file, and then click Open.

    注意

    管理員搭配 Office 的 Defender for Office 365 方案1或計畫2可將郵件提交為30天的舊郵件。Admins with Defender for Office 365 Plan 1 or Plan 2 are able to submit messages as old as 30 days. 其他系統管理員只可以回復7天。Other admins will only be able to go back 7 days.

  2. 在 [收 件者] 區段中,指定您想要執行原則檢查的一或多個收件者。In the Recipients section, specify one or more recipients that you would like to run a policy check against. 原則檢查會決定是否因使用者或組織原則而略過掃描的電子郵件。The policy check will determine if the email bypassed scanning due to user or organization policies.

  3. 在 [ 提交原因 ] 區段中,選取下列其中一個選項:In the Reason for submission section, select one of the following options:

    • 不應該封鎖Should not have been blocked

    • 應該已封鎖:請選取 [垃圾郵件]、[ 網路釣魚] 或 [ 惡意 代碼]。Should have been blocked: Select Spam, Phishing, or Malware. 如果您不確定,請使用您的最佳判斷。If you're not sure, use your best judgment.

  4. 完成作業後,請按一下 [ 提交 ] 按鈕。When you're finished, click the Submit button.

    URL 提交範例

將可疑 URL 傳送給 MicrosoftSend a suspect URL to Microsoft

  1. 在 [ 物件類型 ] 區段中,選取 [ URL]。In the Object type section, select URL. 在出現的方塊中,輸入完整的 URL (例如, https://www.fabrikam.com/marketing.html) 。In the box that appears, enter the full URL (for example, https://www.fabrikam.com/marketing.html).

  2. 在 [ 提交原因 ] 區段中,選取下列其中一個選項:In the Reason for submission section, select one of the following options:

    • 不應該封鎖Should not have been blocked

    • 應該已封鎖:請選取 [ 網路釣魚惡意 代碼]。Should have been blocked: Select Phishing or Malware.

  3. 完成作業後,請按一下 [ 提交 ] 按鈕。When you're finished, click the Submit button.

    電子郵件提交範例

將可疑檔提交至 MicrosoftSubmit a suspected file to Microsoft

  1. 在 [ 物件類型 ] 區段中,選取 [ 附件]。In the Object type section, select Attachment.

  2. 按一下 [選擇 檔案]。Click Choose File. 在開啟的對話方塊中,尋找並選取檔,然後按一下 [ 開啟]。In the dialog that opens, find and select the file, and then click Open.

  3. 在 [ 提交原因 ] 區段中,選取下列其中一個選項:In the Reason for submission section, select one of the following options:

    • 不應該封鎖Should not have been blocked

    • 應該已封鎖惡意 代碼是唯一的選擇,而且會自動加以選取。Should have been blocked: Malware is the only choice, and is automatically selected..

  4. 完成作業後,請按一下 [ 提交 ] 按鈕。When you're finished, click the Submit button.

    附件提交範例

查看系統管理員報送View admin submissions

在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 提交],確認您在 [系統 管理提交 ] 索引標籤上,然後按一下 [ 新增提交]。In the Security & Compliance Center, go to Threat management > Submissions, verify that you're on the Admin submissions tab, and then click New submission.

在頁面頂端附近,您可以輸入開始日期、結束日期和 (預設值) 您可以依 提交識別碼 (指派給每個提交) 的 GUID 值進行篩選,方法是在方塊中輸入值,然後按一下 [重新整理]  按鈕 Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by Submission ID (a GUID value that's assigned to every submission) by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要變更篩選準則,請按一下 [ 提交識別碼 ] 按鈕,然後選擇下列其中一個值:To change the filter criteria, click the Submission ID button and choose one of the following values:

  • SenderSender
  • Subject/URL/檔案名Subject/URL/File name
  • 提交者Submitted by
  • 提交類型Submission type
  • 狀態Status

管理員報送的篩選選項

若要匯出結果,請按一下頁面頂端附近的 [ 匯出 ],然後選取 [ 圖表資料表格]。To export the results, click Export near the top of the page and select Chart data or Table. 在出現的對話方塊中,儲存 .csv 檔案。In the dialog that appears, save the .csv file.

在圖形下方有三個索引標籤: 電子郵件 (預設) 、 URL附件Below the graph, there are three tabs: Email (default), URL, and Attachment.

查看系統管理電子郵件報送View admin email submissions

按一下 [ 電子郵件 ] 索引標籤。Click the Email tab.

您可以按一下頁面底部附近的 [ 欄選項 ] 按鈕,從該視圖新增或移除欄:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交識別碼:指派給每個提交的 GUID 值。Submission ID: A GUID value that's assigned to every submission.

  • 提交者*Submitted by*

  • 主旨*Subject*

  • SenderSender

  • 寄件者 IP*Sender IP*

  • 提交類型Submission type

  • 傳遞原因Delivery reason

  • 地位*Status*

    * 如果您按一下此值,詳細資訊就會顯示在浮出控制項中。* If you click this value, detailed information is displayed in a flyout.

系統管理員提交重新掃描詳細資料Admin submission rescan details

在系統管理報送中送出的郵件會重新掃描,並顯示在 [詳細資料] 快顯視窗中的結果:Messages that are submitted in admin submissions are rescanned and results shown in the details flyout:

  • 傳遞時,如果寄件者的電子郵件驗證失敗。If there was a failure in the sender's email authentication at the time of delivery.
  • 有關可能影響或覆寫郵件之任何原則點擊內容的資訊。Information about any policy hits that could have affected or overridden the verdict of a message.
  • 目前的引爆結果,以查看郵件中所包含的 URLs 或檔案是否惡意。Current detonation results to see if the URLs or files contained in the message were malicious or not.
  • Graders 的意見反應。Feedback from graders.

如果找到覆寫,重新掃描應該會在幾分鐘內完成。If an override was found, the rescan should complete in several minutes. 如果電子郵件驗證或傳遞中沒有問題,則不會受到覆寫的影響,來自 graders 的意見反應可能需要一天。If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day.

查看管理 URL 提交View admin URL submissions

按一下 [ URL ] 索引標籤。Click the URL tab.

您可以按一下頁面底部附近的 [ 欄選項 ] 按鈕,從該視圖新增或移除欄:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交識別碼Submission ID

  • 提交者*Submitted by*

  • URL*URL*

  • 提交類型Submission type

  • 地位*Status*

    * 如果您按一下此值,詳細資訊就會顯示在浮出控制項中。* If you click this value, detailed information is displayed in a flyout.

View admin 附件提交View admin attachment submissions

按一下 [ 附件 ] 索引標籤。Click the Attachments tab.

您可以按一下頁面底部附近的 [ 欄選項 ] 按鈕,從該視圖新增或移除欄:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • DateDate

  • 提交識別碼Submission ID

  • 提交者*Submitted by*

  • 檔案名*File name*

  • 提交類型Submission type

  • 地位*Status*

    * 如果您按一下此值,詳細資訊就會顯示在浮出控制項中。* If you click this value, detailed information is displayed in a flyout.

查看 Microsoft 的使用者報送View user submissions to Microsoft

如果您已部署 報表訊息增益集報告網路釣魚增益集或人員使用 網頁型 Outlook 中內建的報表,您可以在 [ 使用者報送 ] 索引標籤上看到要報告的使用者。If you've deployed the Report Message add-in, the Report Phishing add-in, or people use the built-in reporting in Outlook on the web, you can see what users are reporting on the User submissions tab.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 提交]。In the Security & Compliance Center, go to Threat management > Submissions.

  2. 選取 [ 使用者報送 ] 索引標籤,然後按一下 [ 新增提交]。Select the User submissions tab, and then click New submission.

您可以按一下頁面底部附近的 [ 欄選項 ] 按鈕,從該視圖新增或移除欄:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • 提交于Submitted on
  • 提交者*Submitted by*
  • 主旨*Subject*
  • SenderSender
  • 寄件者 IP*Sender IP*
  • 提交類型Submission type

* 如果您按一下此值,詳細資訊就會顯示在浮出控制項中。* If you click this value, detailed information is displayed in a flyout.

在頁面頂端附近,您可以輸入開始日期、結束日期和 (預設值) 您可以在 [收件者] 方塊中輸入值,然後按一下 [重新整理] 按鈕,以篩選收  Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by Sender by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要變更篩選準則,請按一下 [ 寄件者 ] 按鈕,然後選擇下列其中一個值:To change the filter criteria, click the Sender button and choose one of the following values:

  • 寄件者網域Sender domain
  • 主旨Subject
  • 提交者Submitted by
  • 提交類型Submission type
  • 寄件者 IPSender IP

使用者提交的篩選選項

若要匯出結果,請按一下頁面頂端附近的 [ 匯出 ],然後選取 [ 圖表資料表格]。To export the results, click Export near the top of the page and select Chart data or Table. 在出現的對話方塊中,儲存 .csv 檔案。In the dialog that appears, save the .csv file.

查看自訂信箱的使用者報送View user submissions to the custom mailbox

如果 您已 將自訂信箱設定 為接收使用者報告的郵件,您可以查看並提交傳遞到報表信箱的郵件。If you've configured a custom mailbox to receive user reported messages, you can view and also submit messages that were delivered to the reporting mailbox.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 提交]。In the Security & Compliance Center, go to Threat management > Submissions.

  2. 選取 [ 自訂信箱 ] 索引標籤。Select the Custom mailbox tab.

您可以按一下頁面底部附近的 [ 欄選項 ] 按鈕,從該視圖新增或移除欄:You can click the Column options button near the bottom of the page to add or remove columns from the view:

  • 提交于Submitted on
  • 提交者*Submitted by*
  • 主旨*Subject*
  • SenderSender
  • 寄件者 IP*Sender IP*
  • 提交類型Submission type

在頁面頂端附近,您可以輸入開始日期、結束日期,也可以透過在方塊中輸入值,然後按一下 [重新整理] 按鈕 來篩選  Near the top of the page, you can enter a start date, an end date, and you can filter by Submitted by by entering a value in the box and clicking Refresh button. UpdateYou can enter multiple values separated by commas.

若要匯出結果,請按一下頁面頂端附近的 [ 匯出 ],然後選取 [ 圖表資料表格]。To export the results, click Export near the top of the page and select Chart data or Table. 在出現的對話方塊中,儲存 .csv 檔案。In the dialog that appears, save the .csv file.

撤銷使用者報送Undo user submissions

一旦使用者將可疑的電子郵件提交至自訂信箱,使用者和系統管理員就沒有任何可復原提交的選項。Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. 如果使用者想要復原電子郵件,將可在 [刪除的郵件] 或 [垃圾郵件] 資料夾中復原。If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders.

從自訂信箱將郵件提交給 MicrosoftSubmit messages to Microsoft from the custom mailbox

如果您已將自訂信箱設定為在未傳送郵件給 Microsoft 的情況下截獲使用者報告的郵件,您可以尋找特定郵件並將其傳送給 Microsoft 進行分析。If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis. 這會有效地將使用者提交權移至系統管理員提交。This effectively moves a user submission to an admin submission.

在 [ 自訂信箱 ] 索引標籤上,選取清單中的訊息,按一下 [ 動作 ] 按鈕,然後進行下列其中一項選擇:On the Custom mailbox tab, select a message in the list, click the Action button, and make one of the following selections:

  • 報告清理Report clean
  • 報告網路釣魚Report phishing
  • 報告惡意程式碼Report malware
  • 報告垃圾郵件Report spam

動作按鈕上的選項