Microsoft
MicrosoftI'm wondering real benefit on distinguishing between 'report junk' or 'report phishing' when reporting from Outlook. Ultimately it's up to the admins decide what the reported message really is based on manual review or by submitting to MS for analysis?
MicrosoftHey Rod_Labs from a Microsoft perspective, lot of the customers actually want to educate their end users to distinguish between phish and junk to reduce workload on their SOC teams as they have separate triage for phish vs junk.
Moreover, Microsoft's built-in Report button is a split button. Clicking on the button without using the dropdown list reports the message as phishing. Use the dropdown list to report messages as junk or not junk.
Now why there is a distinction on third party tools, is not something I can answer. Please do reach out to them for their reasoning.
You should educate users with security awareness programs, in my opinion. While SOC may have different playbooks for junk or phish, it shouldn’t rely on end user to determine that. Third-party button such as KnowBe4 doesn’t distinguish it, so users just report it. However, when integrating to MDO, they must distinguish it due to defender requirements, demanding a subject indicating the threat type, along with original msg attached, etc.
my point is that I believe it should be simpler for the user to report bad and good stuff.
MicrosoftWe have security awareness and it is up to the security team on how they want to educate their end users.
Reiterating what was stated above, Microsoft's built-in Report button is a split button. Clicking on the button without using the dropdown list reports the message as phishing. Use the dropdown list to report messages as junk or not junk. So, Users can do specific reporting or just report it if they want.
