As a system administrator, you can deploy Microsoft’s Report Message button in Outlook clients (desktop, web, and mobile app). This feature gives your users the opportunity to report emails as spam/junk, phishing, or not junk. By default, users can report messages and send them to Microsoft, but as an administrator you’ll never know that a user reported an email unless you go into the Microsoft Security & Compliance Center Threat Management Dashboard or create reports.
Add a Custom Mailbox to User Submissions
This method will report the messages to Microsoft and also send a copy of all reported messages to the custom mailbox you specify.
- Log into the Microsoft Security & Compliance Center
- Navigate to Threat Management > Policy > User Submissions
- Select the option for Both Microsoft and a Custom Mailbox
- Click Confirm
Reminder, setting this custom mailbox will send you a copy of both reported phishing and junk emails. If you wish to only receive a copy of one or the other, please follow the steps in the next section.
In the Threat Management Policy, you can also setup a custom message to the user before and after submissions.
Add a Mail Flow Transport Rule for User Submissions
By implementing this method, you can specify whether to get a copy of only Junk emails, Phishing emails, or both.
- Log into the Microsoft Exchange Admin Center
- Navigate to Mail Flow > Rules
- Create a New Rule
- Since Microsoft sends a copy of the email to an address, Set the condition for Apply this rule if The Recipient is and add either phish@office365.microsoft.com, junk@office365.microsoft.com, or both depending on which messages you want a copy of
- Next, add the action Do the following BCC the message to and add your reporting mailbox
- Save the rule
You can add exceptions to this rule and set the priority. By adding the BCC, you’ll still have the message delivered to Microsoft, but you’ll also receive a copy in your reporting mailbox.