usecure

You can use the details in Phish Alert Report email notification to manually submit the suspected phish to Microsoft 365 Defender for analysis.

IMPORTANT NOTE: Emails over 30 days old cannot be submitted using the method below.

1. Open the Microsoft 365 Defender portal

Go to the Microsoft 365 Defender portal at <a href="https://security.microsoft.com/" rel="nofollow noopener noreferrer" target="_blank">https://security.microsoft.com</a>

Select Actions &amp; submissions &gt; Submissions from the menu on the left.

Click Submit to Microsoft for analysis to open the form below:

Select Email from Select the submission type

Under Add the network message ID or upload the email file select Add the email network message ID

Enter the Network Message ID from your Phish Report Notification

Enter the recipient's email under Choose a Recipient who had an issue

Select Should not have been block (False negative) under Select a reason for submitting to Microsoft

Select Phish under This email should have been categorized as

Click Submit to complete the process.

- Select Email from Select the submission type
- Under Add the network message ID or upload the email file select Add the email network message ID
- Enter the Network Message ID from your Phish Report Notification
- Enter the recipient's email under Choose a Recipient who had an issue
- Select Should not have been block (False negative) under Select a reason for submitting to Microsoft
- Select Phish under This email should have been categorized as
- Click Submit to complete the process.

The email will be sent to Microsoft for review to improve the detection of phishing emails in Microsoft 365.

Manually Submit Suspected Phishing Emails to Microsoft 365 Defender

Follow us on LinkedIn

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

{assigneeName} needs more information from you