Forum Discussion
user-reported phishing emails
Dear Community
I have a technical question regarding user-reported emails. In Defender, under “Action and Submissions” -> “Submissions,” I can see the emails that users have reported under the “user reported” option. There, we have the option to analyze these emails and mark them as “no threats found,” “phishing,” or “spam.” The user is then informed.
Question: Do these reported emails remain in the user's inbox when they report them? If not, do we have the option to return these reported emails to the user's inbox with the “No threats found” action? Because I don't see this option.
In another tenant, under “Choose response Action,” I see “move or delete,” but the “inbox” option is grayed out. Why is that?
Thank you very much!
2 Replies
As I posted here:
Feedback to users who report phishing | Microsoft Community Hub
It is extremely annoying to have to take some extra action after a user reports an email as phishing, microsoft analyzes it and determines that there is no threat, and then it just sends them an email back saying ok the email with subject blahblahblah is clean... doesnt show the sender address of the email reported, only subject, doesnt tell them to then go and search for the email or that it should be in the deleted items folder and find it, if they search the inbox it wont be found because search results dont include items in the deleted items folder, so they have done such a bad execution job with this, it's not surprising people choose alternative platforms for almost everything they can vs microsoft's own.
Less than concreteness to offer here, but here goes...
Typically when the Inbox is greyed out, the message is thought to already be in Inbox. Sometimes that's not the case and the UI is clearly flawed. They introduced that "Show all response actions" slider sometime in the last year or two, and that helped to unlock the options when the UI is confsued. Even still the UI is confused often. But it totally could be that the emails in your screenshot's case, are already sitting in Inbox (or some other folder that is not Junk/Deleted Items).
When somebody reports a message as Junk/Phish, the message is moved to the Deleted Items folder. When the verdict comes back as "No threats found", the message is NOT moved back to Inbox. As it relates to the Take Action menu where we can move items, to Inbox for example - I believe (cannot guarantee) it will only let you move to Inbox if the system hard previously moved it to Junk or Quarantine.
