Office 365 – It is now simpler to submit suspicious content to Microsoft for investigation

As you may already know, with Office 365 and Exchange Online you already had to the possibility to report suspicious content (in that case email) by using the Report Message add-in (an the other way around too if an email was identified as spam but was not).

image

Well, now it is becoming simpler for Office 365 administrator to monitor and also report suspicious content to Microsoft.

With this new capability, you can report email, attachment or URL for investigation to Microsoft.

To start submitting suspicious content, logon to your Security and Compliance portal (https://protection.office.com) and reach out the Submission blade, available below the Threat Management section

image

Then you can submit the content you are suspecting by using the New submission button

image

You can now fill a report with the details to be provided, including if required the email ID, email as EML file or attachment, with the action which should have been taken – blocked or not being blocked

The options vary depending of the type of reporting (email, URL or attachment)

image

From this blade administrator can also follow user’s reports by using the User reports tab (using the Report message add-in; hopefully there will be a way to report also URL in the future).

image

Administrator can then initiate an investigation on this/these item(s) by using the Investigate button; this will send the information to the automated investigation system

image  image

Once the investigation is completed you can then review if more users/machine may have been impacted, the details of the threat and so on

image  image

Happy hunting Smile

Leave a Comment

Your email address will not be published.