Introduction
Early this year, Microsoft changed the way they honor mail flow rules which help track end user reporting. Mail flow rules for the following addresses, won't be honored:
phish@office365.microsoft.com,junk@office365.microsoft.com,not_junk@office365.microsoft.com,phish@senpluspluseop.onmicrosoft.com,unjunk@senpluspluseop.onmicrosoft.comjunk@senpluspluseop.onmicrosoft.com
Step by step guide
If you have user reporting setup, please follow these steps to ensure your user reporting is not impacted.
Step 1
If one doesn’t already exist, create a shared mailbox with an appropriate name and email address. See the Microsoft documentation here for full details → Create a shared mailbox - Microsoft 365 admin
Step 2
If you don’t already have user reporting mail going to a shared mailbox or to add an additional mailbox:
Within Defender navigate to Settings > Email & collaboration > User reported settings (https://security.microsoft.com/securitysettings/userSubmission)
Select
Use the build-in Report button in OutlookUnder
Reported message destinationsselect from “My reporting mailbox only” or “Microsoft and my reporting mailbox” which ever is appropriate for your organisation and security requirements.Within Add an exchange online mailbox to send reported messages to, select the mailbox you created in step one
Step 3
Configure the mail flow rule:
Within the Exchange admin centre navigate to Mail flow > Rules
Add a rule
Name - An appropriate name to easily identify the rule
Apply this rule if - The recipient → is this person - Select the existing or new mailbox you created in step 1
Do the following - Redirect the message to → These recipients - add the report@reportphish.cybsafe.com email address, if you also want these reports to remain going to the shared mailbox you can also include the shared mailbox email address here and the report will be delivered to both destinations.
Press next and then finish
Select the rule from the list and enable
