Microsoft's Reporting Feature/Button Guide

Team: Huntress SAT 
Product: Microsoft Office 365
Environment: Windows, Security Awareness Training, exchange online
Summary: Setting up Microsoft reporting feature 

This guide will walk you though setting up and adjusting the function of Microsofts Reporting Feature/Button to send reported Phishing attempts to SAT.

Step 1. Creating a Contact in the Exchange Admin Center (EAC)

Sign into Microsofts Exchange Admin Center

1. Select Contacts under the Recipients section
2. Click the “+Add a New Mail Contact” button
3. In the contact fields add the following information

• First Name : Phishing

• Last name : Report

• Display Name : SAT or Prefered name
• Email : report@phish.mycurricula.com

  4.  Click Save

 

Step 2. Create a shared mailbox

Shared Mailboxes do not use or require a license.

1. Select Mailboxes under the Recipients section
2. Click the Add a shared mailbox button
3. In the Shared Mailbox fields add the following

• Display Name : PhishReport

• Email address : PhishReport

• @ : Use the Select Domain drop down to select your domain.

  4.  Click Create.

Step 3. Hide the shared mailbox from the (GAL) Global Address List

Hiding the address from the (GAL) prevents this address from displaying in the (GAL) for employees.

1. Select the Share Mailbox that was created in Step 2

2. Click the Hide Mailbox or Manage Hide from GAL button

3. Toggle the option from Off to On

4. Select Save

   

Step 4. Set up Forwarding on the Shared Mailbox to the Contact

Now that you have a Contact and a Shared Mailbox created, we need to set up forwarding on the shared mailbox to send email to the contact.

1. Click on the Shared Mailbox you created to bring up a Settings Menu
2. Select Email Forwarding

 3.   Toggle “Forward all emails sent to this mailbox to ON

 4.    In the "Forward to an internal email address section, use the Search Email button to search for the contact that was created earlier.

• report@phish.mycurricula.com

  5.    If you want to keep a copy of the email that is sent to our reporting mailbox make sure to check the box next to "Deliver Messages to both forwarding address and mailbox"

  6.   Click Save

 

Step 5. Microsofts Reporting Button in Microsoft Defender

This covers setting up Microsofts' Reporting button and adjusting the functionality. This will forward emails directly to SAT and not to Microsoft. This prevents Microsoft from running additional scanning on the email which Triggers Recurring training on Phishing email. Please note that some of these options recently changed

Sign in to Microsoft 365 Defender portal

 

1. Scroll down on the left column and expand Settings and select Email & Collaboration

2. Select User Reported Settings 

3. Select the On/Off button to turn the feature on.

4. Select the Use Built-In "Report button option".

  5. Toggle the Microsoft Outlook Report Message button to ON

  6.   Check the box next to My organization’s mailbox only

  7.   In the email address field put in the Shared mailbox Email address that was created earlier. It would be something like PhishReport@yourdomain.com

  8.   Uncheck the box for Let users choose if they want to report

  9.   Scroll down and Toggle OFF the quarantine report message button

  10.  Select Save

Step 6. Configure Reporting within SAT

1. Log into SAT as the domain administrator

2. Select Settings at the top of the page

3. Select Phishing in the left menu

   

4. Scroll down to Report Phishing Services and enter the Shared Mailbox address created in Step 2. It would be something like PhishReport@yourdomain.com

5. Click Update

   

This Concludes setting up a Reporting button within Microsoft and Reporting feature to Security Awareness Training Reporting Services