Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Emails reported as Phishing not creating Alerts or Incidents

Copper Contributor

Hi all,


From what I have read I am expecting the marking of emails as Phishing using the Report message add-in in Outlook should result in an Alert generating in XDR based on the default "Email reported by user as malware or phish" policy, but this is not happening in my tenant. Alerts for junk email are getting created, along with Incidents.


Some assistance identifying whey Alerts are not generating for emails reported as phishing would be much appreciated.

3 Replies


Hey, alerts for this are default policy. Go to "Policies & Rules" under Email and Collaboration and choose 'Alert Policy', from here make sure the "Email reported by user as malware or phish" rule is enabled.



I've seen the same behavior in the past week. Our default alert is enabled and correct. It hasn't been modified in 7+ months.


We receive *some* email notifications stating an email was reported. There haven't been any incidents created for reported phishing emails since 2/2.

Hi Keenan, the policy is set to enabled.