Small changes will be made to your Microsoft 365 settings to continue ingesting phishing reports via the Microsoft Report Message Add-in

Handling emails reported as phishing by end users is a key part of the SOC team day to day attempts to find threats that were not prevented.

Avanan ingests these phishing reports to create alerts and automated actions and to facilitate incident investigation.
Avanan integrates natively with the Microsoft Report Phishing / Report Message add-in, so that every report submitted using this button generates an incident to be handled by the SOC team.

Microsoft has recently implemented changes to how it processes reports submitted via the button. As a result, some adjustments are required to allow Avanan to continue ingesting the reports.

Therefore, the following changes will be made to Microsoft 365 account settings:

In your Microsoft Defender settings, under Settings -> Email & Collaboration -> User reported settings ->  Reported message destinations:

  1. Send reported messages to – will be set to Microsoft and my reporting mailbox
  2. Add an exchange online mailbox to send reported messages to – if a mailbox is not already filled in, a new mailbox will be created and entered there: report-phishing-checkpoint@<your domain>
    • Note – the created mailbox is a shared mailbox that does not require additional Microsoft licenses.

These changes will take place automatically over the next week.