All Collections
Allow users to report suspected phishing emails from their mailbox
Manually Submit Suspected Phishing Emails to Microsoft 365 Defender
Manually Submit Suspected Phishing Emails to Microsoft 365 Defender
Courtney Leacock avatar
Written by Courtney Leacock
Updated this week

You can use the details in Phish Alert Report email notification to manually submit the suspected phish to Microsoft 365 Defender for analysis.

IMPORTANT NOTE: Emails over 30 days old cannot be submitted using the method below.

1. Open the Microsoft 365 Defender portal

Go to the Microsoft 365 Defender portal at

2. Go to the Submissions page

Select Actions & submissions > Submissions from the menu on the left.

3. Complete the Submissions

Click Submit to Microsoft for analysis to open the form below:

  • Select Email from Select the submission type

  • Under Add the network message ID or upload the email file select Add the email network message ID

  • Enter the Network Message ID from your Phish Report Notification

  • Enter the recipient's email under Choose a Recipient who had an issue

  • Select Should not have been block (False negative) under Select a reason for submitting to Microsoft

  • Select Phish under This email should have been categorized as

  • Click Submit to complete the process.

The email will be sent to Microsoft for review to improve the detection of phishing emails in Microsoft 365.

Did this answer your question?