Blog Post

Microsoft Defender for Office 365 Blog
2 MIN READ

Streamlining the submissions experience in Microsoft Defender for Office 365

Dhairyya_Agarwal's avatar
Dhairyya_Agarwal
Icon for Microsoft rankMicrosoft
Feb 14, 2022

We are excited to announce a streamlined submissions experience in the Microsoft 365 Defender portal (https://security.microsoft.com) which will make your submission process simpler. With streamlined submissions, security teams can view emails, email attachments, URLs, and User Reported messages from a more convenient location under their respective items tab. 

 

Figure 1: The Submissions experience in the Microsoft 365 Defender portal

 

 Let’s look at the new unified submissions experience! 

 

 

New entry points to submit items for analysis  

You can find the new submissions portal under Actions & submissions in the Microsoft 365 Defender portal. You can add a new submission (as an admin) from here for emails, email attachments, and URLs, along with viewing the user reported messages. 

 

 

Figure 2: You can find the new experience under Actions & submissions in the navigation panel.

 

Tabs you’ll see on the new Submissions page  

The new, streamlined submissions page includes the following tabs: 

  • Emails  
  • Email Attachments  
  • URLs  
  • User reported messages  

 

A Security admin can view the collection of emails that end users have submitted to for review and create a submission to Microsoft if there is a reason to do so.  

 

Figure 3: User submissions in the new Submissions experience

 

All other aspects of the submission experience, such as submitting a sample for analysis and viewing the results, remain as it is.  

 

Let us know what you think! 

The new submissions experience has started rolling out. You can expect to see these changes over the next few weeks. 

The new submissions experience will be available to customers with Exchange Online Protection, Defender for Office 365 Plan 1, Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security licenses. 

We’re excited for you to try out these new capabilities. Let us know what you think! 

 

Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. 

Updated Feb 10, 2022
Version 1.0
Hunting
investigation
microsoft 365 defender
remediation
  • JonasBack's avatar
    JonasBack
    Steel Contributor
    Feb 25, 2022

    Dhairyya_Agarwal Are you aware of the bug (?) that the Analysis tab show SCL and BCL blank (always)?

    This even if the https://mha.azurewebsites.net/ on the e-mail show both Spam confidence level and Bulk complaint level:

     

    I reported this to Microsoft support many months ago but they just confirmed this as a bug.

     

  • Dhairyya_Agarwal's avatar
    Dhairyya_Agarwal
    Icon for Microsoft rankMicrosoft
    Feb 23, 2022

    Explorer with the proper RBAC can let you view or download the email message. For more information check this out
    The email entity page shows you more granular details. For more information check this out.

  • BeefyBeef's avatar
    BeefyBeef
    Copper Contributor
    Feb 18, 2022

    Does this give us the ability to export the message for our own analysis?

  • Dhairyya_Agarwal's avatar
    Dhairyya_Agarwal
    Icon for Microsoft rankMicrosoft
    Feb 17, 2022

    For GCC tenants we are getting a lot of request to bring submission to them. We have still not decided on when and how we want to bring it to them? Will keep you posted about our plans.

  • Dhairyya_Agarwal's avatar
    Dhairyya_Agarwal
    Icon for Microsoft rankMicrosoft
    Feb 17, 2022

    Both user and admin submissions are reviewed by the system/analysts. However, we always consider admin submissions as high priority due to additional round of triage and business importance.

  • JonasBack's avatar
    JonasBack
    Steel Contributor
    Feb 16, 2022

    Dhairyya_Agarwal Awesome to see some updates to Submissions that we use more and more. One question about the process, if a user reports a message and also submit it to Microsoft for analysis, is there any reason for us as IT Admins to ALSO submit it to Microsoft? Does submitting as an admin ”score higher” in your investigation?

  • JasonGates895's avatar
    JasonGates895
    Copper Contributor
    Feb 15, 2022

    Thats great news, but what about GCC tenants? We really need the same ability to submit malicious emails/urls/attachments like commercial tenants!