Forum Discussion
user-reported phishing emails
Dear Community
I have a technical question regarding user-reported emails. In Defender, under “Action and Submissions” -> “Submissions,” I can see the emails that users have reported under the “user reported” option. There, we have the option to analyze these emails and mark them as “no threats found,” “phishing,” or “spam.” The user is then informed.
Question: Do these reported emails remain in the user's inbox when they report them? If not, do we have the option to return these reported emails to the user's inbox with the “No threats found” action? Because I don't see this option.
In another tenant, under “Choose response Action,” I see “move or delete,” but the “inbox” option is grayed out. Why is that?
Thank you very much!
1 Reply
Less than concreteness to offer here, but here goes...
Typically when the Inbox is greyed out, the message is thought to already be in Inbox. Sometimes that's not the case and the UI is clearly flawed. They introduced that "Show all response actions" slider sometime in the last year or two, and that helped to unlock the options when the UI is confsued. Even still the UI is confused often. But it totally could be that the emails in your screenshot's case, are already sitting in Inbox (or some other folder that is not Junk/Deleted Items).
When somebody reports a message as Junk/Phish, the message is moved to the Deleted Items folder. When the verdict comes back as "No threats found", the message is NOT moved back to Inbox. As it relates to the Take Action menu where we can move items, to Inbox for example - I believe (cannot guarantee) it will only let you move to Inbox if the system hard previously moved it to Junk or Quarantine.
