All Collections
PHISH
Initial setup
How-to guide: Change to reporting flow rules following Microsoft change (Q1 2024)
How-to guide: Change to reporting flow rules following Microsoft change (Q1 2024)

A guide to ensure phishing reporting is not impacted after changes to reporting flow rules my Microsoft

Victoria Moody avatar
Written by Victoria Moody
Updated over a week ago

Introduction

Early this year, Microsoft changed the way they honor mail flow rules which help track end user reporting. Mail flow rules for the following addresses, won't be honored:

Step by step guide

If you have user reporting setup, please follow these steps to ensure your user reporting is not impacted.

Step 1

If one doesn’t already exist, create a shared mailbox with an appropriate name and email address. See the Microsoft documentation here for full details → Create a shared mailbox - Microsoft 365 admin

Step 2

If you don’t already have user reporting mail going to a shared mailbox or to add an additional mailbox:

  • Within Defender navigate to Settings > Email & collaboration > User reported settings (https://security.microsoft.com/securitysettings/userSubmission)

  • Select Use the build-in Report button in Outlook

  • Under Reported message destinations select from “My reporting mailbox only” or “Microsoft and my reporting mailbox” which ever is appropriate for your organisation and security requirements.

  • Within Add an exchange online mailbox to send reported messages to, select the mailbox you created in step one

Step 3

Configure the mail flow rule:

  • Within the Exchange admin centre navigate to Mail flow > Rules

  • Add a rule

    • Name - An appropriate name to easily identify the rule

    • Apply this rule if - The recipient → is this person - Select the existing or new mailbox you created in step 1

    • Do the following - Redirect the message to → These recipients - add the [email protected] email address, if you also want these reports to remain going to the shared mailbox you can also include the shared mailbox email address here and the report will be delivered to both destinations.

    • Press next and then finish

    • Select the rule from the list and enable



Did this answer your question?