Built-in report button is available in Microsoft Outlook across platforms
Outlook and Defender for Office 365 are excited to announce the release of built-in report button in Microsoft Outlook across platforms (web, new Outlook for Windows, classic Outlook for Windows, Outlook for Mac, Outlook for Android, Outlook for iOS, and Outlook for android Lite) for both personal and commercial accounts. You can find the built-in button across Outlook: Outlook on the web. New Outlook for Windows. Outlook for Mac version 16.89 (24090815) or later. Classic Outlook for Windows version Current channel: Version 16.0.17827.15010 or later. Monthly Enterprise Channel: Version 16.0.18025.20000 or later. Semi-Annual Channel (Preview): Release 2502, build 16.0.18526.20024 Semi-Annual Channel: Release 2502, build 16.0.18526.20024 Outlook for iOS version 4.2511 or later and Outlook for Android version 4.2446 or later. Outlook for Android Lite Benefits the built-in report button provides for security admins It works out of the box with no setup required The reporting experience for end user is the same across consumer and commercial accounts The report button is consistent across Outlook clients The report button is front and center on all clients The report button is present on the grid view, reading panel, preview panel, context menu The report button enables the user to select in bulk and report messages at once You can turn on and off the pre and post reporting popups for users in your organization using You can customize the individual pre and post reporting popup by adding text and links in 7 diff languages The report button is present on shared and delegate mailboxes enabling end users to report emails. Now present on outlook for web, new outlook for windows, outlook for mac, outlook for android and outlook for iOS The end user reports made by these clients are routed as per the message reported destination configured in the user reported settings. You can view the user report as soon as they are made on the If you have configured Microsoft only or Microsoft and my reporting mailbox in the user reported settings, the result from Microsoft analysis are available on the result column You can turn off the built-in report button on user reported settings by Selecting non-Microsoft add-in button and providing the address of the reporting mailbox of the 3 rd party add-in, or Deselecting monitor reported messages in outlook Note: The report phish add-in and the report message add-in does not provide support for shared and delegate mailbox. The report phish add-in, the report message add-in, and the built-in report button all read from the same user reported settings and use the same internal reporting API. In a way there are two different doors (entry point) to the same house (the backend). For the moment, the report message and report phish add-in are in maintenance mode to provide enough time for customers to migrate to the built-in button. To learn more, please check out Transition from Report Message or the Report Phishing add-ins - Microsoft Defender for Office 365 | Microsoft Learn Report phishing and suspicious emails in Outlook for admins - Microsoft Defender for Office 365 | Microsoft Learn User reported settings - Microsoft Defender for Office 365 | Microsoft Learn Protect yourself from phishing - Microsoft Support Report phishing - Microsoft Support How do I report phishing or junk email? - Microsoft SupportJoin Merill Fernando and other guests for our Identity and Network Practitioner Webinar Series!
This October, we’re hosting a three-part webinar series led by expert Merill Fernando for Identity and Network Access practitioners. Join us as we journey from high-level strategy to hands-on implementation, unifying identity and network access every step of the way. Each session builds on the last, helping you move from understanding why a unified approach matters to what are the foundations to get started, and finally to how to configure in practice. The goal is to equip you with actionable skills, expert insights, and resources to secure your organization in a unified, Zero Trust way. Register below: Identity and Network Security Practitioner Webinar Series | Microsoft Community Hub
Marking Quarantine Notice senders as safe for entire tenant
Our users get quarantine notices weekly. They're configured to come from mailto:email address removed for privacy reasons (the domain specific to tenant).. sometimes they come from mailto:email address removed for privacy reasons anyways, but this is fine. The thing is, I end up with a LOT of users who end up receiving these in their junk mail. We have a lot of tenants - I don't really have the time to keep checking them, taking action on mis-junked items. Most stuff is configured to go to quarantine anyway. What's the best way to allow these senders? The IB Anti-Spam safe-senders component is not Secure-Score recommended, and we try to keep these scores high. But the tenant allow/block list allows a max of 45days since last use. There's so many options, I'm a little confused as to what's 'right' Thanks
user-reported phishing emails
Dear Community I have a technical question regarding user-reported emails. In Defender, under “Action and Submissions” -> “Submissions,” I can see the emails that users have reported under the “user reported” option. There, we have the option to analyze these emails and mark them as “no threats found,” “phishing,” or “spam.” The user is then informed. Question: Do these reported emails remain in the user's inbox when they report them? If not, do we have the option to return these reported emails to the user's inbox with the “No threats found” action? Because I don't see this option. In another tenant, under “Choose response Action,” I see “move or delete,” but the “inbox” option is grayed out. Why is that? Thank you very much!Disabling Auto Align Feature in Microsoft Defender 365 Console Alerts
The Microsoft Defender 365 console has recently started auto aligning the alert screen upon clicking on an alert name, which seems to be part of the updated alert management experience. This change is quite bothersome and distracting. How can this feature be disabled?
User Identities in EntraID - how to remove?
I have a user that shows up with multiple identities. No other users are like this and we believe its stopping him from logging in with his alias email address. When i run get-entrauser it returns the following under Identities: {@{signInType=federated; issuer=MicrosoftAccount; issuerAssignedId=}, @{signInType=federated; issuer=MicrosoftAccount; issuerAssignedId=}, @{signInType=userPrincipalName; issuer=OURPRIMARYDOMAIN.onmicrosoft.com; issuerAssignedId=UPN}} Every other account just has this @{signInType=userPrincipalName; issuer=OURPRIMARYDOMAIN.onmicrosoft.com; issuerAssignedId=UPN}} How would i go about removing those identies from that user? Struggling to find any info online.
Problems configuring federation to SAML IdP
Hi. I'm trying to configure our Entra domain to federate to our existing IdP, following the guidance found https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-saml-idp#supported-bindings and am having real problems when it comes to using the Microsoft Graph API in PowerShell. After eventually working out what permissions I needed to request (more than what is stated in the doc), I ran the New-MgDomainFederationConfiguration cmdlet, and received the following error: "FederatedIdpMfaBehavior cannot be empty" This parameter is not mentioned in the doc either. So, then I added that parameter, and got the following: "Domain already has Federation Configuration set." But when I run Get-MgDomainFederationConfiguration, I get: "Resource 'federationConfiguration' does not exist or one of its queried reference-property objects are not present." When I run Get-MgDomain, AuthenticationType shows as "Federated", but I still see a managed login when I check. So I seem to be stuck with it seemingly half-configured, with no way to view or remove the configuration. Any ideas? Thanks, Nick
