Updates from: 01/14/2021 04:09:51
Category Microsoft Docs article Related commit history on GitHub Change details
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-improvement-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md
@@ -55,6 +55,17 @@ Once you identify the appropriate assignee, be sure they hold a sufficient [Comp
The assigned user can then perform the recommended actions.
+#### Assign multiple improvement actions to a single user
+
+You can assign multiple improvement actions to one user by following these steps:
+
+1. Go to your Improvement actions page.
+2. Select the area to the left of the improvement action's name. A round check icon will appear indicating you've selected that action. Check all the actions you want to assign.
+3. Select the **Assign to user** link at the top of the improvement actions table.
+4. A pop-up window appears. In the **Assign to** field, start typing the name of the person you want to assign the actions to. You can also select from the list of suggested people.
+5. After you populate the **Assign to** field with the assignee's name, select **Assign**.
+6. You'll then see your Improvement actions page with the new assignee listed for the actions you just assigned.
+ ## Perform work and store documentation You can upload files and notes related to implementation and testing work directly to the **Notes and documentation** section. This environment is a secure, centralized repository to help you demonstrate satisfaction of controls to meet compliance standards and regulations. Any user with read-only access can read content in this section. Only users with editing rights can upload and download files and enter or edit notes.
@@ -145,6 +156,12 @@ Accepting updates helps ensure you have the most updated guidance on using solut
If youΓÇÖre in the middle of completing an assessment that includes the improvement action, you may want to ensure youΓÇÖve finished work on it before you accept the update. You can defer the update for a later time by selecting **Cancel** on the review update flyout pane.
+#### Accept all updates at once
+
+If you have multiple updates and want to accept them all at one time, select the **Accept all updates** link at the top of your improvement actions table. A flyout pane will appear which lists the number of actions to be updated. Select the **Accept updates** button to apply all updates.
+
+Note that when you return to your improvement actions page, you may see a message across the top of the page asking you to refresh the page for the updates to be completed.
+ ## Export a report Select **Export** in the upper-left corner of your screen to download an Excel worksheet containing all your improvement actions and the filter categories shown on the improvement actions page.\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
@@ -200,21 +200,28 @@ Note that action titles, both for your improvement actions and for Microsoft act
#### Remove an improvement action
-Deleting an improvement action from a row in a spreadsheet **does not** remove the action from the template you're editing. Instead, follow the process below:
+To remove an improvement action from a template, you'll need to remove it from every control that references it. Follow the steps below to modify your spreadsheet:
-1. On the **Actions** tab, insert a new column as column A and put **Operation** in the header row, which is row number one.
-2. On the row for the improvement action you want to remove, put **Delete** in column A for that row.
-3. Ensure that this improvement action is no longer referenced by a control. Go to the **ControlFamily** tab and look for your improvement action's title in column F, which is **controlActionTitle**.
-4. When you find your improvement action listed in the **controlActionTitle** column, delete it.
-5. Save your spreadsheet.
+1. On the **ControlFamily** tab, search for for the title of the improvement action you want to remove.
+2. Delete the improvement action's title in the cells where it appears. If the improvement action is the only action on that row, delete the entire row (which removes the control).
+3. On the **Actions** tab, delete the row that contains the improvement action you're deleting.
+4. Save your spreadsheet.
-When you import your spreadsheet back into the template, your action will be removed from the template. Removing an action from a template does not completely remove the action. That action can still be referenced by another template.
+When you import your spreadsheet back into the template, your improvement action will be removed from the template.
-If you're removing the last improvement action that a control references, then you need to remove the control.
+Removing an improvement action from a template does not completely remove the improvement action from Compliance Manager. That action can still be referenced by another template.
#### Remove a control
-To remove a control, follow the same process for removing an improvement action as outlined above. In the **ControlFamily** tab, add an **Operation** column and put **Delete** next to the control you want to remove.
+To remove a control, modify your spreadsheet by following the steps below, then re-import your spreadsheet:
+
+1. On the **ControlFamily** tab, find the control you want to remove in the **controlName** column.
+2. Delete the row for that control.
+ - If this deleted control contains improvement actions that aren't referenced by any other control, you'll need to remove those improvement actions from the **Actions** tab. Otherwise, you'll receive a validation error.
+
+3. Save your spreadsheet.
+
+When you import your spreadsheet back into the template, your control will be removed from the template.
## Export a template
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users.md
@@ -137,13 +137,13 @@ For more information using these cmdlets, see:
## Frequently asked questions
- **Where is the cloud-based storage for on-premises users located?**
+**Where is the cloud-based storage for on-premises users located?**
-Cloud-based storage is provisioned in the same datacenter as your organization.
+Teams chat data is stored in the Preferred Data Location (PDL) for an on-premises user. The PDL is honored in both Single-Geo and Multi-Geo environments. For more information, see [Microsoft 365 Multi-Geo](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-multi-geo).
**Are there any other requirements other than submitting a support request?**
- As previously explained, the identities of users with on-prem mailboxes must be synchronized to your cloud-based organization so that a corresponding mail user account is created for each on-premises user account in Office 365. Your organization must also have an Office 365 enterprise subscription, such as an Office 365 Enterprise E1, E3, or E5 subscription.
+As previously explained, the identities of users with on-prem mailboxes must be synchronized to your cloud-based organization so that a corresponding mail user account is created for each on-premises user account in Office 365. Your organization must also have an Office 365 enterprise subscription, such as an Office 365 Enterprise E1, E3, or E5 subscription.
**Is there a risk of losing the Teams chat data if the user's on-premises mailbox is migrated to the cloud?**
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/PortalLaunchScheduler https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/PortalLaunchScheduler.md
@@ -29,7 +29,7 @@ There are two types of redirection:
- bidirectional: launch a new modern SharePoint Online portal to replace an existing SharePoint classic or modern portal - temporary page redirection: launch a new modern SharePoint Online portal with no existing SharePoint portal
-The portal launch scheduler is only available to launch modern SharePoint Online portals, i.e. communication sites and modern team sites. Launches must be scheduled at least 7 days in advance. The number of waves required is determined by the expected number of users. Before scheduling a portal launch, the [Page Diagnostics for SharePoint tool](https://aka.ms/perftool) must be run to verify that the home page on the portal is healthy. At the end of the portal launch, all users with permissions to the site will be able to access the new site.
+The portal launch scheduler is only available to launch modern SharePoint Online portals (i.e. communication sites). Launches must be scheduled at least 7 days in advance. The number of waves required is determined by the expected number of users. Before scheduling a portal launch, the [Page Diagnostics for SharePoint tool](https://aka.ms/perftool) must be run to verify that the home page on the portal is healthy. At the end of the portal launch, all users with permissions to the site will be able to access the new site.
For more information about launching a successful portal, follow the basic principles, practices, and recommendations detailed in [Creating, launching and maintaining a healthy portal](https://docs.microsoft.com/sharepoint/portal-health).
@@ -65,7 +65,7 @@ The number of waves required depends on your expected launch size.
Bidirectional redirection involves launching a new modern SharePoint Online portal to replace an existing SharePoint classic or modern portal. Users in active waves will be redirected to the new site regardless of whether they navigate to the old or new site. Users in a non-launched wave that try to access the new site will be redirected back to the old site until their wave is launched.
-We only support redirection between the default home page on the old site and the default home page on the new site. Should you have administrators or owners that need access to the old and new sites without being redirected, ensure they are listed using the `WaveOverrideUsers` parameter. Should you have administrators or owners that need access to the old and new sites without being redirected, ensure they are listed using the `WaveOverrideUsers` parameter. We only support redirection between the default home page on the old site and the default home page on the new site.
+We only support redirection between the default home page on the old site and the default home page on the new site. Should you have administrators or owners that need access to the old and new sites without being redirected, ensure they are listed using the `WaveOverrideUsers` parameter.
To migrate users from an existing SharePoint site to a new SharePoint site in a staged manner:
@@ -104,7 +104,6 @@ Example:
``` 2. Complete validation. It can take 5-10 minutes for the redirection to complete its configuration across the service.
- - `New-SPOPortalLaunchWaves -LaunchSiteUrl "https://*.sharepoint.com/sites/newsite" -RedirectionType Bidirectional -RedirectUrl "https://*.sharepoint.com/sites/oldsite" -ExpectedNumberOfUsers LessThan10kUsers -WaveOverrideUsers "*@microsoft.com" -Waves ' [{Name:"Wave 1", Groups:["Viewers SG1"], LaunchDateUtc:"2020/10/14"}, {Name:"Wave 2", Groups:["Viewers SG2"], LaunchDateUtc:"2020/10/15"}]' -IsTesting $true`
## Pause or restart a portal launch on the site
@@ -124,16 +123,14 @@ Example:
4. Validate that the redirection is now restored. ## Delete a portal launch on the site
-1. Create a Portal launch Wave.
- - `New-SPOPortalLaunchWaves -LaunchSiteUrl "https://*.sharepoint.com/sites/NewSite" -RedirectionType ToTemporaryPage -RedirectUrl "https://*.sharepoint.com/sites/OldSite" -ExpectedNumberOfUsers From10kTo30kUsers -WaveOverrideUsers *@microsoft.com -Waves [{Name:"Wave 1", Groups:["Viewers SG1"], LaunchDateUtc:"2020/10/14"}, {Name:"Wave 2", Groups:["Viewers SG2"], LaunchDateUtc:"2020/10/15"}]' -IsTesting $true`
-2. Run the following command to delete a portal launch scheduled or in progress for a site.
+1. Run the following command to delete a portal launch scheduled or in progress for a site.
```PowerShell Remove-SPOPortalLaunchWaves -LaunchSiteUrl <object> ```
-3. Validate that no redirection happens for all users.
+2. Validate that no redirection happens for all users.
## Learn more [Planning your portal launch roll-out plan in SharePoint Online](https://docs.microsoft.com/microsoft-365/Enterprise/Planportallaunchroll-out)
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md
@@ -238,7 +238,7 @@ Connect-AzureAD
Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -UserName $acctName
+$sfboSession = New-CsOnlineSession
Import-PSSession $sfboSession #Exchange Online Import-Module ExchangeOnlineManagement
@@ -258,7 +258,7 @@ Connect-AzureAD
Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -UserName $acctName
+$sfboSession = New-CsOnlineSession
Import-PSSession $sfboSession #Security & Compliance Center Import-Module ExchangeOnlineManagement
@@ -280,7 +280,7 @@ Connect-MsolService
Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -UserName $acctName
+$sfboSession = New-CsOnlineSession
Import-PSSession $sfboSession #Exchange Online Import-Module ExchangeOnlineManagement
@@ -300,7 +300,7 @@ Connect-MsolService
Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -UserName $acctName
+$sfboSession = New-CsOnlineSession
Import-PSSession $sfboSession #Security & Compliance Center Import-Module ExchangeOnlineManagement
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/get-incident-notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/get-incident-notifications.md
@@ -27,8 +27,6 @@ search.appverid:
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
->[!IMPORTANT]
-> The email notifications for incidents feature is currently in public preview. Some information about this feature may change before commercial availability. Microsoft makes no warranties, express or implied, with respect to the information provided here.
**Applies to:** - Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
@@ -185,7 +185,7 @@ You can click the **Column options** button near the bottom of the page to add o
## View user submissions to Microsoft
-If you've deployed the [Report Message add-in](enable-the-report-message-add-in.md), or people use the [built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md), you can see what users are reporting on the **User submissions** tab.
+If you've deployed the [Report Message add-in](enable-the-report-message-add-in.md), the [Report Phishing add-in](enable-the-report-phish-add-in.md), or people use the [built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md), you can see what users are reporting on the **User submissions** tab.
1. In the Security & Compliance Center, go to **Threat management** \> **Submissions**.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/automated-investigation-response-office.md
@@ -39,7 +39,7 @@ This article describes how AIR works through several examples. When you're ready
## Example: A user-reported phish message launches an investigation playbook
-Suppose that a user in your organization receives an email that they think is a phishing attempt. The user, trained to report such messages, uses the [Report Message add-in](enable-the-report-message-add-in.md) to send it to Microsoft for analysis. The submission is also sent to your system and is visible in Explorer in the **Submissions** view (formerly referred to as the **User-reported** view). In addition, the user-reported message now triggers a system-based informational alert, which automatically launches the investigation playbook.
+Suppose that a user in your organization receives an email that they think is a phishing attempt. The user, trained to report such messages, uses the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to send it to Microsoft for analysis. The submission is also sent to your system and is visible in Explorer in the **Submissions** view (formerly referred to as the **User-reported** view). In addition, the user-reported message now triggers a system-based informational alert, which automatically launches the investigation playbook.
During the root investigation phase, various aspects of the email are assessed. These aspects include:
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/best-practices-for-configuring-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/best-practices-for-configuring-eop.md
@@ -43,7 +43,7 @@ These settings cover a range of features that are outside of security policies.
|[Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md)|Yes|Yes|| |[Use DKIM to validate outbound email sent from your custom domain in Office 365](use-dkim-to-validate-outbound-email.md)|Yes|Yes|| |[Use DMARC to validate email in Office 365](use-dmarc-to-validate-email.md)|Yes|Yes|Use `action=quarantine` for Standard, and `action=reject` for Strict.|
-|Deploy the [Report Message add-in](enable-the-report-message-add-in.md) to improve end-user reporting of suspicious email|Yes|Yes||
+|Deploy the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to improve end-user reporting of suspicious email|Yes|Yes||
|Schedule Malware and Spam Reports|Yes|Yes|| |Auto-forwarding to external domains should be disallowed or monitored|Yes|Yes|| |Unified Auditing should be enabled|Yes|Yes||
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-message-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-message-add-in.md
@@ -26,13 +26,13 @@ description: "Learn how to enable the Report Message add-in for Outlook and Outl
> [!NOTE] > If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the Submissions portal in the Security & Compliance Center. For more information, see [Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
-The Report Message add-in for Outlook and Outlook on the web (formerly known as Outlook Web App) enables people to easily report false positives (good email marked as bad) or false negatives (bad email allowed) to Microsoft and its affiliates for analysis. Microsoft uses these submissions to improve the effectiveness of email protection technologies.
+The Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App) enables people to easily report false positives (good email marked as bad) or false negatives (bad email allowed) to Microsoft and its affiliates for analysis.
-For example, suppose that people are reporting a lot of messages as phishing. This information surfaces in the [Security Dashboard](security-dashboard.md) and other reports. Your organization's security team can use this information as an indication that anti-phishing policies might need to be updated. Or, if people are reporting a lot of messages that were flagged as junk mail as Not Junk by using the Report Message add-in, your organization's security team might need to adjust [anti-spam policies](configure-your-spam-filter-policies.md).
+Microsoft uses these submissions to improve the effectiveness of email protection technologies. For example, if people are reporting a lot of messages that were flagged as junk mail as Not Junk by using the Report Message add-in, your organization's security team might need to adjust [anti-spam policies](configure-your-spam-filter-policies.md).
-In addition, if your organization is using [Microsoft Defender for Office 365 Plan 1](office-365-atp.md) or [Plan 2](office-365-ti.md), the Report Message add-in provides your organization's security team with useful information they can use to review and update security policies.
+You can install either the Report Message or Report Phishing add-in. If you want your users to report only phishing messages, deploy the Report Phishing add-in in your organization. For more information, see [Enable the Report Phishing add-in](enable-the-report-phish-add-in.md).
-Admins can enable the Report Message add-in for the organization, and individual users can install it for themselves.
+The Report Message add-in provides the option to report both spam and phishing messages. Admins can enable the Report Message add-in for the organization, and individual users can install it for themselves.
If you're an individual user, you can [enable the Report Message add-in for yourself](#get-the-report-message-add-in-for-yourself).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-phish-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-phish-add-in.md new file mode 100644
@@ -0,0 +1,145 @@
+---
+title: "Enable the Report Phish add-in"
+f1.keywords:
+- NOCSH
+ms.author: siosulli
+author: chrisda
+manager: dansimp
+audience: Admin
+ms.topic: how-to
+ms.service: O365-seccomp
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+ms.assetid: 4250c4bc-6102-420b-9e0a-a95064837676
+ms.collection:
+- M365-security-compliance
+description: "Learn how to enable the Report Phishing add-in for Outlook and Outlook on the web, for individual users or your entire organization."
+---
+
+# Enable the Report Phishing add-in
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
++
+> [!NOTE]
+> If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the Submissions portal in the Security & Compliance Center. For more information, see [Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
+
+The Report Message and Report Phishing add-ins for Outlook and Outlook on the web (formerly known as Outlook Web App) enable people to easily report false positives (good email marked as bad) or false negatives (bad email allowed) to Microsoft and its affiliates for analysis.
+
+Microsoft uses these submissions to improve the effectiveness of email protection technologies. For example, suppose that people are reporting many messages using the Report Phishing add-in. This information surfaces in the [Security Dashboard](security-dashboard.md) and other reports. Your organization's security team can use this information as an indication that anti-phishing policies might need to be updated.
+
+You can install either the Report Message or Report Phishing add-in. If you want your users to report both spam and phishing messages, deploy the Report Message add-in in your organization. For more information, see [Enable the Report Message add-in](enable-the-report-message-add-in.md).
+
+The Report Phishing add-in provides the option to report only phishing messages. Admins can enable the Report Phishing add-in for the organization, and individual users can install it for themselves.
+
+If you're an individual user, you can [enable the Report Phishing add-in for yourself](#get-the-report-phishing-add-in-for-yourself).
+
+If you're a global administrator or an Exchange Online administrator, and Exchange is configured to use OAuth authentication, you can [enable the Report Phishing add-in for your organization](#get-and-enable-the-report-phishing-add-in-for-your-organization). The Report Phishing Add-In is now available through [Centralized Deployment](https://docs.microsoft.com/microsoft-365/admin/manage/centralized-deployment-of-add-ins).
+
+## What do you need to know before you begin?
+
+- The Report Phishing add-in works with most Microsoft 365 subscriptions and the following products:
+
+ - Outlook on the web
+ - Outlook 2013 SP1 or later
+ - Outlook 2016 for Mac
+ - Outlook included with Microsoft 365 apps for Enterprise
+
+- The Report Phishing add-in is not available for mailboxes in on-premises Exchange organizations.
+
+- You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).
+
+- Your existing web browser should work with the Report Phishing add-in. But, if you notice the add-in is not available or not working as expected, try a different browser.
+
+- For organizational installs, the organization needs to be configured to use OAuth authentication. For more information, see [Determine if Centralized Deployment of add-ins works for your organization](../../admin/manage/centralized-deployment-of-add-ins.md).
+
+- Admins need to be a member of the Global admins role group. For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+
+## Get the Report Phishing add-in for yourself
+
+1. Go to the Microsoft AppSource at <https://appsource.microsoft.com/marketplace/apps> and search for the Report Phishing add-in.
+
+2. Click **GET IT NOW**.
+
+3. In the dialog that appears, review the terms of use and privacy policy, and then click **Continue**.
+
+4. Sign in using your work or school account (for business use) or your Microsoft account (for personal use).
+
+After the add-in is installed and enabled, you'll see the following icons:
+
+- In Outlook, the icon looks like this:
+
+ ![Report Phishing add-in icon for Outlook](../../media/Outlook-ReportPhishing.png)
+
+- In Outlook on the web, the icon looks like this:
+
+ ![Outlook on the web Report Phishing add-in icon](../../media/OWA-ReportPhishing.png)
+
+## Get and enable the Report Phishing add-in for your organization
+
+> [!NOTE]
+> It could take up to 12 hours for the add-in to appear in your organization.
+
+1. In the Microsoft 365 admin center, go to the **Settings, integrated Apps & Add-ins** page at <https://admin.microsoft.com/AdminPortal/Home#/Settings/AddIns>, and then click **Deploy Add-In**.
+
+ ![Services and add-ins page in the Microsoft 365 admin center](../../media/ServicesAddInsPageNewM365AdminCenter.png)
+
+2. In the **Deploy a new add-in** flyout that appears, review the information, and then click **Next**.
+
+3. On the next page, click **Choose from the Store**.
+
+ ![Deploy a new add-in page](../../media/NewAddInScreen2.png)
+
+4. In the **Select add-in** page that appears, click in the **Search** box, enter **Report Phishing**, and then click **Search** ![Search icon](../../media/search-icon.png). In the list of results, find **Report Phishing** and then click **Add**.
+
+5. In the dialog that appears, review the licensing and privacy information, and then click **Continue**.
+
+6. In the **Configure add-in** page that appears, configure the following settings:
+
+ - **Assigned users**: Select one of the following values:
+
+ - **Everyone** (default)
+ - **Specific users / groups**
+ - **Just me**
+
+ - **Deployment method**: Select one of the following values:
+
+ - **Fixed (Default)**: The add-in is automatically deployed to the specified users and they can't remove it.
+ - **Available**: Users can install the add-in at **Home** \> **Get add-ins** \> **Admin-managed**.
+ - **Optional**: The add-in is automatically deployed to the specified users, but they can choose to remove it.
+
+ When you're finished, click **Deploy**.
+
+7. In the **Deploy Report Phishing** page that appears, you'll see a progress report followed by a confirmation that the add-in was deployed. After you read the information, click **Next**.
+
+8. On the **Announce add-in** page that appears, review the information, and then click **Close**.
+
+## Learn how to use the Report Phishing add-in
+
+People who have the add-in assigned to them will see the following icons:
+
+- In Outlook, the icon looks like this:
+
+ ![Report Phishing add-in icon for Outlook](../../media/Outlook-ReportPhishing.png)
+
+- In Outlook on the web, the icon looks like this:
+
+ ![Outlook on the Web Report Phishing Add-in icon](../../media/OWA-ReportPhishing.png)
+
+## Review or edit settings for the Report Phishing add-in
+
+1. In the Microsoft 365 admin center, go to the **Services & add-ins** page at <https://admin.microsoft.com/AdminPortal/Home#/Settings/ServicesAndAddIns>.
+
+2. Find and select the **Report Phishing** add-in.
+
+3. In the **Edit Report Phishing** flyout that appears, review, and edit settings as appropriate for your organization. When you're finished, click **Save**.
+
+## View and review reported messages
+
+To review messages that users report to Microsoft, you have these options:
+
+- Use the Admin Submissions portal. For more information, see [View user submissions to Microsoft](admin-submission.md#view-user-submissions-to-microsoft).
+
+- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
\ No newline at end of file
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook.md
@@ -22,7 +22,7 @@ description: "Learn how to install and use the Microsoft Junk Email Reporting ad
> [!NOTE]
-> If you aren't currently using the Junk E-mail Reporting add-in, we recommend the [Report Message add-in](enable-the-report-message-add-in.md) instead. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+> If you aren't currently using the Junk E-mail Reporting add-in, we recommend the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) instead. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
The Junk Email Reporting Add-in for Microsoft Outlook allows users to submit false positives (good email marked as spam), false negatives (bad email allowed) and phishing messages to Microsoft. If your organization doesn't use Exchange Online Protection (for example, on-premises Exchange or email services other than Exchange Online), your junk email report submission will not affect your spam filtering.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-air.md
@@ -102,7 +102,7 @@ Microsoft 365 provides many built-in alert policies that help identify Exchange
|Alert|Severity|How the alert is generated| |---|---|---| |A potentially malicious URL click was detected|**High**|This alert is generated when any of the following occurs: <ul><li>A user protected by [Safe Links](atp-safe-links.md) in your organization clicks a malicious link</li><li>Verdict changes for URLs are identified by Microsoft Defender for Office 365</li><li>Users override Safe Links warning pages (based on your organization's [Safe Links policy](set-up-atp-safe-links-policies.md)).</li></ul> <p> For more information on events that trigger this alert, see [Set up Safe Links policies](set-up-atp-safe-links-policies.md).|
-|An email message is reported by a user as malware or phish|**Informational**|This alert is generated when users in your organization report messages as phishing email using the [Report Message add-in](enable-the-report-message-add-in.md).|
+|An email message is reported by a user as malware or phish|**Informational**|This alert is generated when users in your organization report messages as phishing email using the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md).|
|Email messages containing malware are removed after delivery|**Informational**|This alert is generated when any email messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](zero-hour-auto-purge.md).| |Email messages containing phish URLs are removed after delivery|**Informational**|This alert is generated when any messages containing phish are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](zero-hour-auto-purge.md).| |Suspicious email sending patterns are detected|**Medium**|This alert is generated when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that might indicate that the account is compromised, but not severe enough to restrict the user. <p> Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](responding-to-a-compromised-email-account.md).|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
@@ -29,7 +29,8 @@ In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
|Method|Description| |---|---| |[Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md)|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|
-|[Enable the Report Message add-in](enable-the-report-message-add-in.md)|Works with Outlook, Outlook for Mac, and Outlook on the web (formerly known as Outlook Web App), and is the recommended add-in. <p> Depending on your subscription, messages that users reported with the add-in are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Threat Explorer](threat-explorer-views.md#email--submissions). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).|
+|[Enable the Report Message add-in](enable-the-report-message-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <p> Depending on your subscription, messages that users reported with the add-in are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Threat Explorer](threat-explorer-views.md#email--submissions). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).
+|[Enable the Report Phishing add-in](enable-the-report-phish-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <p> Depending on your subscription, messages that users reported with the add-in are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Threat Explorer](threat-explorer-views.md#email--submissions). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).|
|[Install and use the Junk Email Reporting add-in for Microsoft Outlook](junk-email-reporting-add-in-for-microsoft-outlook.md)|Only works in Outlook.| |[Report junk and phishing email in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md)|Use the built-in capabilities in Outlook on the web for organizations with Exchange Online mailboxes (not available in standalone EOP). <p> Messages that users report are available in [the Admin Submissions portal](admin-submission.md). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).| |[Report junk and phishing email in Outlook for iOS and Android](report-junk-email-and-phishing-scams-in-outlook-for-iOS-and-Android.md)|Use the built-in capabilities in Outlook for iOS and Android for organizations with Exchange Online mailboxes (not available in standalone EOP). <p> Messages that users report are available in [the Admin Submissions portal](admin-submission.md). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md
@@ -37,7 +37,7 @@ You and your users can help this process by submitting false positives (good ema
## Submit false negatives to Microsoft > [!TIP]
-> Instead of using the following procedures to report false negatives, users in Outlook and Outlook on the web (formerly known as Outlook Web App) can use the Report Message Add-in for Microsoft Outlook. For information about how to install and use this tool, see [Enable the Report Message add-in](enable-the-report-message-add-in.md).
+> Instead of using the following procedures to report false negatives, users in Outlook and Outlook on the web (formerly known as Outlook Web App) can use the Report Message add-in or the Report Phishing add-in. For information about how to install and use these tools, see [Enable the Report Message add-in](enable-the-report-message-add-in.md) and [Enable the Report Phishing add-in](enable-the-report-phish-add-in.md).
If you receive a message that passed through spam filtering that should have been identified as spam or phishing, you can submit the message to the Microsoft Spam Analysis and Microsoft Phishing Analysis teams as appropriate. The analysts will review the message and add it to the service-wide filters if it meets the classification criteria.
@@ -65,7 +65,8 @@ If you receive a message that passed through spam filtering that should have bee
## Submit false positives to Microsoft > [!TIP]
-> Instead of using the following procedures to report false positives, users in Outlook and Outlook on the web can use the Report Message Add-in for Microsoft Outlook. For information about how to install and use this tool, see [Enable the Report Message add-in](enable-the-report-message-add-in.md).
+> Instead of using the following procedures to report false positives, users in Outlook and Outlook on the web (formerly known as Outlook Web App) can use the Report Message add-in or the Report Phishing add-in. For information about how to install and use these tools, see [Enable the Report Message add-in](enable-the-report-message-add-in.md) and [Enable the Report Phishing add-in](enable-the-report-phish-add-in.md).
+ If a message was incorrectly identified as spam, you can submit the message to the Microsoft Spam Analysis Team. The analysts will evaluate the message, and (depending on the results of the analysis) the service-wide filters can be adjusted to allow the message through.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer.md
@@ -420,7 +420,7 @@ Within the Email or URL flyouts, Top Clicks as well as within our filtering expe
## Review email messages reported by users
-Suppose that you want to see email messages that users in your organization reported as *Junk*, *Not Junk*, or *Phishing* through the [Report Message add-in for Outlook and Outlook on the web](enable-the-report-message-add-in.md). To see them, use the [**Email** > **Submissions**](threat-explorer-views.md#email--submissions) view of Explorer (or Real-time detections).
+Suppose that you want to see email messages that users in your organization reported as *Junk*, *Not Junk*, or *Phishing* through the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md). To see them, use the [**Email** > **Submissions**](threat-explorer-views.md#email--submissions) view of Explorer (or Real-time detections).
1. In the Security & Compliance Center (<https://protection.office.com>), choose **Threat management** \> **Explorer** (or **Real-time detections**). (This example uses Explorer.)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tuning-anti-phishing.md
@@ -78,7 +78,7 @@ Specifically, you should check the **X-Forefront-Antispam-Report** header field
- Whenever possible, we recommend that you deliver email for your domain directly to Microsoft 365. In other words, point your Microsoft 365 domain's MX record to Microsoft 365. Exchange Online Protection (EOP) is able to provide the best protection for your cloud users when their mail is delivered directly to Microsoft 365. If you must use a third-party email hygiene system in front of EOP, use Enhanced Filtering for Connectors. For instructions, see [Enhanced Filtering for Connectors in Exchange Online](https://docs.microsoft.com/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors). -- Users should [report messages](enable-the-report-message-add-in.md) to Microsoft, which can train our system. Admins should also take advantage of [Admin Submission](admin-submission.md) capabilities.
+- Users should use the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to report messages to Microsoft, which can train our system. Admins should also take advantage of [Admin Submission](admin-submission.md) capabilities.
- Multi factor authentication (MFA) is a good way to prevent compromised accounts. You should strongly consider enabling MFA for all of your users. For a phased approach, start by enabling MFA for your most sensitive users (admins, executives, etc.) before you enable MFA for everyone. For instructions, see [Set up multi-factor authentication](../../admin/security-and-compliance/set-up-multi-factor-authentication.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/user-submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md
@@ -27,6 +27,8 @@ In Microsoft 365 organizations with Exchange Online mailboxes, you can specify a
- [The Report Message add-in](enable-the-report-message-add-in.md)
+- [The Report Phishing add-in](enable-the-report-phish-add-in.md)
+ - [Built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md) (formerly known as Outlook Web App) - [Built-in reporting in Outlook for iOS and Android](report-junk-email-and-phishing-scams-in-outlook-for-iOS-and-Android.md)
@@ -71,17 +73,17 @@ After you've verified that your mailbox meets all applicable prerequisites, [Use
2. In the **User submissions** page that appears, select one of the following options:
- 1. **Enable the Report Message feature for Outlook (Recommended)**: Select this option if you use the Report Message add-in or the built-in reporting in Outlook on the web, and then configure the following settings:
+ 1. **Enable the Report Message feature for Outlook (Recommended)**: Select this option if you use the Report Message add-in, the Report Phishing add-in or the built-in reporting in Outlook on the web, and then configure the following settings:
- **Customize the end-user confirmation message**: Click this link. In the **Customize confirmation message** flyout that appears, configure the following settings:
- - **Before submission**: In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see before they report a message using the Report Message add-in. You can use the variable %type% to include the submission type (junk, not junk, phish, etc.).
+ - **Before submission**: In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see before they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable %type% to include the submission type (junk, not junk, phish, etc.).
As noted, if you select an option that sends the reported messages to Microsoft, the following text is also added to the notification: > Your email will be submitted as-is to Microsoft for analysis. Some emails might contain personal or sensitive information.
- - **After submission**: Click ![Expand icon](../../media/scc-expand-icon.png). In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see after they report a message using the Report Message add-in. You can use the variable %type% to include the submission type.
+ - **After submission**: Click ![Expand icon](../../media/scc-expand-icon.png). In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see after they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable %type% to include the submission type.
When you're finished, click **Save**. To clear these values, click **Restore** back on the **User submissions** page.
@@ -99,9 +101,9 @@ After you've verified that your mailbox meets all applicable prerequisites, [Use
When you're finished, click **Confirm**. > [!CAUTION]
- > If you have [disabled junk email reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web) using Outlook on the web mailbox policies, but you configure either of the previous settings to report messages to Microsoft, users will be able to report messages to Microsoft in Outlook on the web using the Report Message add-in.
+ > If you have [disabled junk email reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web) using Outlook on the web mailbox policies, but you configure either of the previous settings to report messages to Microsoft, users will be able to report messages to Microsoft in Outlook on the web using the Report Message add-in or the Report Phishing add-in.
- - **Disable the Report Message feature for Outlook**: Select this option if you use third-party reporting tools instead of the Report Message add-in or the built-in reporting in Outlook on the web, and then configure the following settings:
+ - **Disable the Report Message feature for Outlook**: Select this option if you use third-party reporting tools instead of the Report Message add-in, the Report Phishing add-in or the built-in reporting in Outlook on the web, and then configure the following settings:
Select **Use this custom mailbox to receive user reported submissions**. In the box that appears, enter the email address of an existing mailbox that is already in Office 365. This has to be an existing mailbox in Exchange Online that can receive email.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-email-security-reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-email-security-reports.md
@@ -474,7 +474,7 @@ The **URL threat protection report** is available in Microsoft Defender for Offi
## User-reported messages report
-The **User-reported messages** report shows information about email messages that users have reported as junk, phishing attempts, or good mail by using the [Report Message add-in](enable-the-report-message-add-in.md).
+The **User-reported messages** report shows information about email messages that users have reported as junk, phishing attempts, or good mail by using the [Report Message add-in](enable-the-report-message-add-in.md) or [The Report Phishing add-in](enable-the-report-phish-add-in.md).
Details are available for each message, including the delivery reason, such a spam policy exception or mail flow rule configured for your organization. To view details, select an item in the user-reports list, and then view the information on the **Summary** and **Details** tabs.