You can use the details in Phish Alert Report email notification to manually submit the suspected phish to Microsoft 365 Defender for analysis.

IMPORTANT NOTE: Emails over 30 days old cannot be submitted using the method below.

1. Open the Microsoft 365 Defender portal

Go to the Microsoft 365 Defender portal at https://security.microsoft.com

2. Go to the Submissions page

Select Actions & submissions > Submissions from the menu on the left.

3. Complete the Submissions

Click Submit to Microsoft for analysis to open the form below:

  • Select Email from Select the submission type

  • Under Add the network message ID or upload the email file select Add the email network message ID

  • Enter the Network Message ID from your Phish Report Notification

  • Enter the recipient's email under Choose a Recipient who had an issue

  • Select Should not have been block (False negative) under Select a reason for submitting to Microsoft

  • Select Phish under This email should have been categorized as

  • Click Submit to complete the process.

The email will be sent to Microsoft for review to improve the detection of phishing emails in Microsoft 365.

Did this answer your question?