There is a new add-in available for Outlook and OWA in Office 365 that can simplify spam and phishing reporting to Microsoft for content in your mailbox. I recommend rolling this add-in out to everyone in your Office 365 tenant and for Office 365 consultants to add this as part of the default steps in deploying a new tenant.
This can be done with the following steps:
In the Exchange Control Panel at https://outlook.office365.com/ecp/ go to the Organization > Add-Ins section
Click the + icon and choose “Add From Office Store”.
In the new tab that appears, search for “Report Message” via the search bar top right:
I’ve noticed that a set of search results appear, then the website notices I am logged in, logs me in and presents a second smaller list of results. It is in this small list that you should see Report Message by Microsoft Corporation
I’ve noticed that clicking “Get it now” does not seem to work all the time (the popup has a Continue button that does nothing)! So if that happens, cancel the popup, click the card for the app and install the add from the Get it now button rather than the get it now link on the card. The Report Message app page is shown below with a “Get It Now” button to the left:
Either the link or the button should work, and you should get this popup:
Click Continue. You are taken to Office 365 to continue. This is the step I eluded to above that sometimes does not work
You are asked to confirm the installation of the App into Office 365
Click Yes and wait a while. I’ve noticed also that sometimes you need to refresh this page manually for the process to continue, though waiting (with no indication that anything is happening for one or two minutes is usually enough as well)
The message above says that the add-in is now visible in the gray bar above your messages. For this add-in this is not correct as this add-in extends the menu in Outlook (2013 and later, as add-ins are not supported in Outlook 2010) and also the app is disabled by default.
Close this tab in your browser and return to the add-in page in Exchange Control Panel that is open in a previous tab.
Refresh the list of apps to see the new app:
From here you can enable the app, select a pilot audience, though this app is quite silent in the users view of Outlook and OWA so a pilot is not needed for determining impact to users, but can be useful for putting together quick documentation or informing the help desk of changes.
Select the app and click the edit button:
I recommend choosing “Mandatory, always enabled. Users can’t disable this add-in” and deploying to all users. Unchecking the option to make it available for all users makes it available for none. For a pilot choose “Optional, disabled by default”.
You are now done installing the add-in.
Users will now see the add-in in Outlook near the Store icon when a message is selected open:
Clicking the icon allows you to mark a messages as “junk”, “phishing” or “not junk” and options and help. Options gives the following:
Where the default is to ask before sending info to Microsoft.
Selecting Junk or Phishing will result in the message being moved to Junk Email folder in Outlook, and if in the Junk Email folder, marking a message “Not Junk” will return it to the inbox. All options will send info on the message, headers and other criteria to Microsoft to help adjust their machine learning algoriths for spam and phishing detection. This add-in replaces the need to email the message as an attachment to Microsoft.
For a pilot, users need to add the add-in themselves to Outlook. Mandatory deployment means it is rolled out to users (usually within a few days). To enable the add-in in OWA, click the options cog to the top right of the OWA interface:
Then click Manage Add-Ins and scroll down until you find the Report Message add-in (or search for it)
And turn the add-in on to view it in OWA as shown:
And also it will appear automatically in Outlook for iOS and Outlook for Android and Outlook (desktop, classic).
Once the app is enabled for all users, and recall the above where it takes a while to appear for all users, then your spam and phish reporting in Office 365 is very simple and easy to do and easy to remove from a helpdesk call and on to the end user directly to report and move messages.