Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
May 04, 2023

Microsoft Defender e-mail notification for user reported messages

Hi, I've configured, on Settings -> Email and Collaboration, on User Reported Settings, and Email notifications, some predefined message to be sent when we classify the reported emails, as Phishing...
Response Actions
dmarquesgn's avatar
dmarquesgn
Iron Contributor
Feb 16, 2024

I'm looking at this feature, but there's 2 things that I'm still trying to understand.

 

First, the user reports an email as phishing and the message disapears from his inbox. We mark the email as "No threats found". The user gets a message stating the email is not phishing. But the message does not return to the user inbox even though it wasn't considered a threat. Is this configurable anywhere?

 

Second, we selected the option "Replace the Microsoft logo with my organization's logo across all reporting experiences." And in fact we see the logo we have set for our tenant below the option. But when the email reach the inbox, the area of the logo is empty. Any way to troubleshoot this?

 

Thanks

rutgersmeets's avatar
rutgersmeets
Brass Contributor
Feb 16, 2024
Hi,

Glad to hear HTML works!

On your second point, I have experienced the same and traced it to a lack of .svg image support in Outlook. If your logo is an .svg, that might be it.

Best regards,
Rutger

  • dmarquesgn's avatar
    dmarquesgn
    Iron Contributor
    Feb 19, 2024

    rutgersmeets 

    Hi,

     

    Yes, regarding the logo you're right, that was the problem.

    Regarding the first issue, have you dealt with it?

     

    Thanks

    • rutgersmeets's avatar
      rutgersmeets
      Brass Contributor
      Feb 20, 2024
      Hello,

      To my knowledge, messages reported as Junk/Spam will be moved to the user’s Junk folder. And messages reported as Phishing will be moved to Deleted Items. I haven’t seen any built-in functionality to ‘restore’ a reported message when the Admin uses Mark as & Notify to mark the message as No Threats. A quick improvement would be to add this information to the response templates so users know where to look.

      I’m interested in pursuing this, though. I’ll take a look this week at some opportunities to implement this behaviour using Logic Apps or similar.

      Rutger
      • dmarquesgn's avatar
        dmarquesgn
        Iron Contributor
        Mar 05, 2024

        rutgersmeets 

        Hi,

        I'm onto this topic again. That would be one option, to instruct the users to go to their junk or deleted folder and recover the email to the inbox, but of course we would like to automate that process. But for that there's something which isn't right on Microsoft tenant, at least I didn't understood until now.

        Every time a user submits an email as phishing, it gets deleted for the user and then we can go to Microsoft Defender Submissions page and mark the email as "Phish", "SPAM" or "No threats found". 

        But if we go to the Explorer tab and search for one of this reported emails, both the fields "Latest delivery location" and "Original delivery location" are marked "Inbox", where on "Latest delivery location" should be "Junk" or "Deleted", right?

        The problem is that this way we can't do the action to release it again to the inbox, where in fact the message is on the deleted folder.

        Anyone experienced this?