cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender e-mail notification for user reported messages

dmarquesgn
Iron Contributor

‎May 04 2023 05:37 AM

‎May 04 2023 05:37 AM

Microsoft Defender e-mail notification for user reported messages

Hi,

I've configured, on Settings -> Email and Collaboration, on User Reported Settings, and Email notifications, some predefined message to be sent when we classify the reported emails, as Phishing, SPAM or No Threats Found.

The problem is that even though I use empty lines to create the message, the email has all the text in the same paragraph, which has an horrible look when reaches a user inbox.

According to MS support, this is by default like this, which I could not really believe, as from a User Experience point of view is really odd.
Anyone using this feature that has the same pain and found some option to overcome this issue?
Thanks

Labels:
2,193 Views
0 Likes
12 Replies
Reply
12 Replies
eliekarkafy

‎May 04 2023 08:36 AM

‎May 04 2023 08:36 AM

Re: Microsoft Defender e-mail notification for user reported messages

try to write the text in notepad and copy it from there and check if your issue will remain.
0 Likes
Reply
dmarquesgn

‎May 04 2023 09:51 AM

‎May 04 2023 09:51 AM

Re: Microsoft Defender e-mail notification for user reported messages

@eliekarkafy 

Thanks for the tip. I just did that, but remains just the same, everything I write has not any formatting.

0 Likes
Reply
eliekarkafy

‎May 04 2023 10:11 AM

‎May 04 2023 10:11 AM

Re: Microsoft Defender e-mail notification for user reported messages

one more thing to try is write your message in an HTML code and copy paste it and see if the output will change
0 Likes
Reply
dmarquesgn

‎May 09 2023 07:52 AM

‎May 09 2023 07:52 AM

Re: Microsoft Defender e-mail notification for user reported messages

Hi,
I've tried HTML code, but it's the same.
I've opened a ticket, and MS says it's default like that, not possible to customize anything.
0 Likes
Reply
rutgersmeets

‎Jun 26 2023 03:38 AM

‎Jun 26 2023 03:38 AM

Re: Microsoft Defender e-mail notification for user reported messages

@dmarquesgn 

 

Good day!

 

The following HTML tags work in my set-up. Other tags may work, but I haven't tested them.

 

<br />
<a href="microsoft.com">Example link</a>

 

Hope these work in your tenant as well.

 

Off-topic, but a related question: Are you running into issues with limitations on the length of the message? It seems to be around 1100 characters, which is lower that I would like it to be. I'm wondering if others can confirm that they are encountering similar limitations.

0 Likes
Reply
rutgersmeets

‎Jan 11 2024 12:57 AM

‎Jan 11 2024 12:57 AM

Re: Microsoft Defender e-mail notification for user reported messages

Hi @dmarquesgn,

 

Following up on this issue as I'm eager to hear if the example that I posted works in your tenant, as it does in mine.

 

Best regards,
Rutger

0 Likes
Reply
dmarquesgn

‎Feb 16 2024 02:11 AM

‎Feb 16 2024 02:11 AM

Re: Microsoft Defender e-mail notification for user reported messages

@rutgersmeets 

Hi, I'm sorry for the delay. But I had some time to test this and it worked fine.
Thanks

0 Likes
Reply
dmarquesgn

‎Feb 16 2024 02:42 AM

‎Feb 16 2024 02:42 AM

Re: Microsoft Defender e-mail notification for user reported messages

I'm looking at this feature, but there's 2 things that I'm still trying to understand.

 

First, the user reports an email as phishing and the message disapears from his inbox. We mark the email as "No threats found". The user gets a message stating the email is not phishing. But the message does not return to the user inbox even though it wasn't considered a threat. Is this configurable anywhere?

 

Second, we selected the option "Replace the Microsoft logo with my organization's logo across all reporting experiences." And in fact we see the logo we have set for our tenant below the option. But when the email reach the inbox, the area of the logo is empty. Any way to troubleshoot this?

 

Thanks

1 Like
Reply
rutgersmeets

‎Feb 16 2024 03:27 PM

‎Feb 16 2024 03:27 PM

Re: Microsoft Defender e-mail notification for user reported messages

Hi,

Glad to hear HTML works!

On your second point, I have experienced the same and traced it to a lack of .svg image support in Outlook. If your logo is an .svg, that might be it.

Best regards,
Rutger

0 Likes
Reply
dmarquesgn

‎Feb 19 2024 06:21 AM

‎Feb 19 2024 06:21 AM

Re: Microsoft Defender e-mail notification for user reported messages

@rutgersmeets 

Hi,

 

Yes, regarding the logo you're right, that was the problem.

Regarding the first issue, have you dealt with it?

 

Thanks

0 Likes
Reply
rutgersmeets

‎Feb 20 2024 02:10 PM

‎Feb 20 2024 02:10 PM

Re: Microsoft Defender e-mail notification for user reported messages

Hello,

To my knowledge, messages reported as Junk/Spam will be moved to the user’s Junk folder. And messages reported as Phishing will be moved to Deleted Items. I haven’t seen any built-in functionality to ‘restore’ a reported message when the Admin uses Mark as & Notify to mark the message as No Threats. A quick improvement would be to add this information to the response templates so users know where to look.

I’m interested in pursuing this, though. I’ll take a look this week at some opportunities to implement this behaviour using Logic Apps or similar.

Rutger
0 Likes
Reply
dmarquesgn

‎Mar 05 2024 09:01 AM

‎Mar 05 2024 09:01 AM

Re: Microsoft Defender e-mail notification for user reported messages

@rutgersmeets 

Hi,

I'm onto this topic again. That would be one option, to instruct the users to go to their junk or deleted folder and recover the email to the inbox, but of course we would like to automate that process. But for that there's something which isn't right on Microsoft tenant, at least I didn't understood until now.

Every time a user submits an email as phishing, it gets deleted for the user and then we can go to Microsoft Defender Submissions page and mark the email as "Phish", "SPAM" or "No threats found". 

But if we go to the Explorer tab and search for one of this reported emails, both the fields "Latest delivery location" and "Original delivery location" are marked "Inbox", where on "Latest delivery location" should be "Junk" or "Deleted", right?

Screenshot_1.png

The problem is that this way we can't do the action to release it again to the inbox, where in fact the message is on the deleted folder.

Anyone experienced this?

0 Likes
Reply