Although an essential business tool, email is also one of the greatest threats to an organization’s IT security. Every day, organizations are bombarded by messages with malicious attachments, phishing schemes, and the like. Of course, the vast majority of organizations use mail filtering tools to block these types of messages, but as we all know, those tools are not perfect. Malicious messages sometimes slip past the filter, and legitimate messages may occasionally be blocked. Fortunately, Microsoft provides a tool for Microsoft 365 that can help organizations to filter messages more effectively. The tool is called the Microsoft 365 Report Message add-in. On the surface, this tool would seem to do little to keep an organization safe. After all, the tool is simply a mechanism for allowing users to report misidentified messages. When combined with other Microsoft 365 mechanisms, however, this simple add-in can actually be used to improve an organization’s email security. Let me show you how.
Threat management dashboard
As I’m sure you know, Microsoft 365 automatically attempts to filter malicious messages. Although this process is often thought of as something that happens invisibly, behind the scenes, it is possible to see what Microsoft 365 has been up to. To do so, open the Office 365 Security and Compliance Center, expand the Threat Management container, and choose the Dashboard option. You can see what this looks like in the image below.
As you look at the image above, you will notice that it displays metrics for the number of malware messages blocked and the number of phishing messages detected in the last seven days. You might also notice that there is a currently unconfigured metric for messages reported by users. This is where the Microsoft 365 Report Message add-in comes into play. Users can use this add-in to report messages as junk, not junk, or as phishing messages.
Before I get too far into this, it’s important to know that what I am about to show you won’t work with on-premises Exchange Server deployments. It only works for users whose mailboxes reside in the Microsoft 365 cloud. Additionally, users must access their mailboxes through a compatible version of Outlook. Most newer versions are compatible, however. This includes Outlook on the Web, Outlook 2013 SP1 or higher, and Outlook 2016 for Mac. The version of Outlook that is included with the Microsoft 365 apps for Enterprise is also supported.
Acquiring the Microsoft 365 Report Message add-in
Because the Report Message add-in is indeed an add-in, you will have to download and deploy it before your users can use it. You can get the add-in here.
The site associated with the URL above provides some detail about the Add-in. When you are ready to download the add-in, just click the Get It Now button, shown in the image below.
Somewhat surprisingly, clicking on the Get It Now button doesn’t initiate a download, at least not in the usual way. Instead, this action takes you into the Microsoft 365 Admin Center. The browser quickly progresses through several different screens before eventually arriving at the Services and add-ins screen shown below.
Click Next on the screen above, and you will be taken to the screen shown below. This screen prompts you to choose who in your organization will be able to report messages. It also prompts you to choose the deployment method that you want to use. The deployment method essentially gives you a choice of whether or not to make the add-in mandatory for users.
Click Next to deploy the add-in. When you do, you will see a message indicating that it could take up to 12 hours for the add-in to show up on the user’s ribbons. Additionally, some users may need to relaunch Office in order to receive the add-in.
How does Report Message help you?
At the beginning of this article, I mentioned that the Report Message add-on is really nothing more than a simple reporting mechanism. It allows users to identify messages that Outlook has identified incorrectly. This might be legitimate messages that were accidentally mistaken for spam or phishing messages, or it might be a harmful message that was not identified as such. The real question, however, is how does this type of reporting help you with your mail security initiatives?
There are actually two different things that user identification of messages does for you. First, allowing users to report messages as good or bad gives you, as the admin, the opportunity to submit those messages to Microsoft. The Submissions tab, found under the Threat Management portion of the Security and Compliance Center, lets you submit messages on behalf of your users. This can help Microsoft to better identify both legitimate and harmful messages.
The other thing that that allowing users to report messages can do for you is that it can help you to get a better feel for how well your current filtering policies are working. If, for example, you find that users are reporting a lot of legitimate messages that are being incorrectly identified as spam or as something harmful, then it’s a good indication that you need to consider loosening your filtering policies a bit. If, on the other hand, users are reporting lots of phishing messages, then that is a clear indicator that your filtering efforts are ineffective and that you need to consider more aggressive filtering. This might mean doing something as simple as adjusting a setting, or it could end up justifying the purchase of a new mail filtering service.
Featured image: Designed by D3Images / Freepik