Submission and notification for 3rd Party Phishing Simulations

Copper Contributor

Hi folks,

 

we are currently using a 3rd party phishing simulation tool which works fine and Advanced Delivery is activated so the emails are tagged correctly as "Phish simulation". Also we have implemented the "Report Phishing" button so we see the reported emails in the User Submission in M365 Defender Security Center and can notify the user from there.

 

The problem is now when a user reports an email from the phishing simulation tool we are unable to notify the user that this email is phishing. So if we click the "mark and notify as" phishing we get the message "The selected items contain phish simulation training mail, please unselect them.". 

 

Syping_0-1646676225588.png

I found out that by manipulating the response from the server I can still inform the user, however it does not save what category it was tagged into. 

 

Is there a solution or workaround to also use the notify function in case the email is a phishing simulation?

 

Thank you!

 

6 Replies
Dont worry we have an upcoming change from Microsoft Defender for Office 365 which should help streamline this for you. There is no ETA for that. also we cannot share anything more than this at the moment
Has there been any update on this issue? We are trying to use the native attack simulation training feature in defender but have the same issue as above - not able to notify user that the email was related to a phishing test.
@vpatil99 have you not setup notification from the attack simulation tool or the 3rd party phishing simulation tool you are using? Is there a reason why you want to notify the end users from here?
We are using the native capability within Defender to run phishing campaigns. We can notify the end users when they submit phishing emails from the wild but when they report on simulation emails, we get the message that we cannot "Mark and Notify" as the email is related to training. This is a critical feature as our users would like to know what happens when they report for all emails not just those from the wild.

@vpatil99 the mark and notify feature is designed to provide feedback on messages reported from the wild. For the phish simulation one, you need to configure follow up notifications for your end users from the native phish simulation tool. 

 

 

Thanks. I was able to set it up.