Forum Discussion

Dkr78's avatar
Dkr78
Copper Contributor
Jun 18, 2022

Feedback to users who report phishing

Hi, is it possible to create a power automate flow to find submissions from users and as soon as MS has added a verdict to a submission as real phish send a notification back to the user who has reported it? Trying to figure out what is needed for such integration and build a flow but I am stuck. Anyone who has built that and like to share learning? 

exchange online
hybrid
office 365

1 Reply

  • checkVTsupport's avatar
    checkVTsupport
    Copper Contributor
    Jan 21, 2026

    Was about to post something similar more than 3 years later because they still haven't properly made the product that takes into consideration the basic simple steps of what happens AFTER the email is scanned and is clean, and for reduced interactions from the IT admin perspective AND the user.

    It is so annoying and frustrating, it's as if the team that designed it has no idea or experience being an IT admin for users and/or tested it with different groups to get feedback..

    The steps are still that once you report an email as phishing, it automatically moves the item to the Deleted items folder, which is ok because until you know if its clean or not then it should not be in your Inbox, but then when the analysis finishes and the user gets an email from microsoft submissions telling them that the reported email is "Clean", then what? Yup, nothing, the user has to take more actions now to find that email that was reported.

    On the email from microsoft submissions, the user only gets the Subject of the email, that's the first annoying thing about the microsoft reply, then, if you are reading that email, you are 99.99% most likely in your Inbox, so if you tried to simply go and search for the subject on the search box/field on Outlook, you will NOT find it, why? because by default, items in the Deleted items folder are not included in the search, so then it means you have to click on the Deleted items folder, and search again, then you are finally seeing the "Clean" email you reported.

    It boggles my mind how no one on this team did not think to say oh hey guys we can use the same method we use for Defender > Quarantine emails where when the IT admin releases the email or the user releases it, it goes to the original delivery folder, aka the Inbox!

    Nope, they either didn't think it through or assumed that every email the users report as phishing is actually phishing so there is nothing else to do about the submission..

    I should not have to create some Power BI automated workflow to improve a multi-trillion dollar company's platform, it is beyond frustrating.

Resources