Fastest and best approach to react to phishing mails hitting an organization

Steel Contributor

What is the fastest and correct approach to react to phishing emails hitting an organization? What can and should an admin do, as soon as he sees a phishing email in his Inbox?

 

There are two use-cases I would like to consider:

 

  • As an admin, I want to quickly see and react to phishing mails. As of now, I can use the Threat Explorer to search e.g. for the subject of an email, and then trigger a hard delete. This feels laborious. There also seem to be mutiple backends where alerts, actions, incidents and investigations are displayed (security.microsoft.com and protection.office.com). What is the best approach here?
  • As a user, I want to notify the admin about phishing. This seems to be possible with the "Report message" add-in. However, as an admin I see just reports - there is no way to react like: "Yes, this is phishing" or "No, this is not phishing. You can click on the links"

 

Edit: further outlined use-cases.

1 Reply
Hi, this should help https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?vie...

As for the Report Message add-in the message will be analyzed by Microsoft. You only get a ”heads-up” so you can review messages that users report to Microsoft.