You can use the details in Phish Alert Report email notification to manually submit the suspected phish to Microsoft 365 Defender for analysis.
IMPORTANT NOTE: Emails over 30 days old cannot be submitted using the method below.
1. Open the Microsoft 365 Defender portal
Go to the Microsoft 365 Defender portal at https://security.microsoft.com
2. Go to the Submissions page
Select Actions & submissions > Submissions from the menu on the left.
3. Complete the Submissions
Click Submit to Microsoft for analysis to open the form below:
Select Email from Select the submission type
Under Add the network message ID or upload the email file select Add the email network message ID
Enter the Network Message ID from your Phish Report Notification
Enter the recipient's email under Choose a Recipient who had an issue
Select Should not have been block (False negative) under Select a reason for submitting to Microsoft
Select Phish under This email should have been categorized as
Click Submit to complete the process.
The email will be sent to Microsoft for review to improve the detection of phishing emails in Microsoft 365.