Step By Step: Adding Email Reporting to Office 365

Email security is a war between security professionals and malicious actors. Security professionals are often following malicious actors and reacting to changes. Unfortunately, success in this war is dependant on information. To aid in that effort, every major security vendor that works in the email world has some way to report bad emails. Each report can be examined to figure out what techniques were used to bypass existing security. Reporting malicious emails is often a more complicated and time-consuming process than users are willing to follow, so many attacks are able to continue bypassing security.

Luckily, in Office 365 there is a tool to make email reports easier for users and admins alike. This add-in, when enabled in Office 365, will add a Report Message button with options for flagging emails for examination by Microsoft’s security teams and systems, which will allow them to quickly develop signatures that will block similar messages in the future. Here’s how to add it:

Adding the Report Message Add-In

  1. To get the add-in, start in the Admin Portal, go to Settings, then select Add-Ins to bring up the Add-Ins blade.
    Add-ins
  2. Click Deploy Add-In to bring up the add-ins wizard. Click next on the window that appears to begin.
    Deploy Add-in
  3. Select the option to Choose from the Store to get a list of add-ons available in the Office 365 Store (Look around in there for some other useful add-ons if you like)
    Choose Add on from store
  4. Once the store screen appears, select the Outlook section to show add-ons specifically for Outlook. The Report Message add-on will show in the list (it looks like the circled option)
    Report Message Entry
  5. After clicking the Add button on the Report Message option, you’ll see a screen that allows you to customize how the add-on is deployed to users. Select the default options shown below to register the add-on. This can take a while to complete, so you may need to wait for the installation to complete.
    Deployment options
  6. Once the registration is completed, users will begin to see the button below in Outlook.
    Report button
  7. The button is also available in Outlook on the Web (OWA) for O365 by selecting a message, clicking on the “…” at the top right of the message, then selecting the report button and the reporting option (Junk, Not Junk, Phishing, and Options).
    OWA Reports

Results

With this add-on deployed and a bit of end-user training, your users can report malicious messages quickly and easily. This will reduce the impact of malicious message attacks by giving security professionals the information they need to protect everyone.

Leave a Reply