Microsoft
Microsoft
MicrosoftHey Rod_Labs from a Microsoft perspective, lot of the customers actually want to educate their end users to distinguish between phish and junk to reduce workload on their SOC teams as they have separate triage for phish vs junk.
Moreover, Microsoft's built-in Report button is a split button. Clicking on the button without using the dropdown list reports the message as phishing. Use the dropdown list to report messages as junk or not junk.
Now why there is a distinction on third party tools, is not something I can answer. Please do reach out to them for their reasoning.
You should educate users with security awareness programs, in my opinion. While SOC may have different playbooks for junk or phish, it shouldn’t rely on end user to determine that. Third-party button such as KnowBe4 doesn’t distinguish it, so users just report it. However, when integrating to MDO, they must distinguish it due to defender requirements, demanding a subject indicating the threat type, along with original msg attached, etc.
my point is that I believe it should be simpler for the user to report bad and good stuff.
MicrosoftWe have security awareness and it is up to the security team on how they want to educate their end users.
Reiterating what was stated above, Microsoft's built-in Report button is a split button. Clicking on the button without using the dropdown list reports the message as phishing. Use the dropdown list to report messages as junk or not junk. So, Users can do specific reporting or just report it if they want.
Correct, they decide how to train the organization and distinguishing between junk and phish, from an end user perspective doesn't help with that. In addition, as far as I know, it makes no difference to MDO; no SOC should rely on end user verdict, but always verify and determine whether the report is junk or phishing or something else.
I think I made point, I don't see real value on distinguishing junk and phishing when reporting, https://learn.microsoft.com/en-us/defender-office-365/submissions-outlook-report-messages#use-the-built-in-report-button-in-outlook-to-report-junk-and-phishing-messages, nor a reason for demanding it from third-party integrations in order to correctly integrate it.
BTW, I do appreciate the ability to now be able to submit to Microsoft for analysis when using third-party button.
Thanks!
