MC466195: Outlook for the web – End user Reporting integrated with Microsoft Defender for Office 365 (Exchange Online Protection)

Updated November 15, 2022: We have updated the content below with additional information. Thank you for your patience.

New built-in report buttons will be added to Outlook on the web (OWA) starting the end of November 2022. Admins can control the appearance and behavior of these buttons that allow users to report emails as phishing/ junk / not junk from the User Reported setting page in the Microsoft 365 Defender portal (security.microsoft.com). Admins can also customize where messages get reported to (custom mailbox, Microsoft, or both) and what the user sees when they report a message from these buttons.

Information to keep in mind:

• Other Outlook clients such as Mac, Windows 32, Mobile (iPhone and android) will remain unaffected by this change. The reporting buttons in other Outlook clients are still being worked upon.
• If you have the reporting feature turned off in the Microsoft 365 Defender user reported settings page or are using a third-party add-in, the report buttons in OWA won’t be visible.
• The Microsoft reporting add-in (the Microsoft report message add-in & Microsoft phishing add-in) will be supported till further notice. It will exist alongside the built-in reporting buttons for the time being, but the goal is to have a consistent button reporting experience across all the Outlook clients in the future.
• The selections you make on the user reported settings page will determine the reporting experience for your users whether they choose the add-in or built-in reporting option in Outlook. Either option will report to the same place (Microsoft, custom mailbox or both) based on the settings selected.
• The built-in reporting buttons in OWA will not include the customizable pre and post reporting pop-ups like the Microsoft reporting add-in currently does. We are working to include the pop-ups in 2023.
• The settings for enabling/disabling the popup’s during reporting won’t be honored during this migration. So, you need to disable the popups if it has been enabled again.

This message is associated with Microsoft 365 Roadmap ID 101515.

Description: The appearance and behavior of report phishing/junk actions in Outlook on the web can be controlled by admins using User Reported Settings in security.microsoft.com. Admins will be able to control whether the built-in Report actions appear in Outlook on the web, where these messages get reported to, and whether the user is prompted as they report phishing and junk.

When this will happen

We will begin rolling out the change for Outlook for the web by the late November 2022 with the goal of having it completed late December 2022.

How this will affect your organization

If you are using Microsoft reporting add-ins in Outlook for web, your users will see two reporting surfaces – one from the built-in Outlook buttons (added by this change) and one from the add-in. Both options will behave the same for the users (except for the customized pop-ups) and the reported messages will end up in the same place, causing minimal disruption.

What you need to do to prepare

No changes are required from your end as your current settings in the user reported settings page will not be changed.

If you have any feedback, please provide it from this Message center post using the text box after you do thumbs up or thumbs down as it will directly reach the responsible team.

Message ID: MC466195
Published: 2022-11-12
Updated: 2022-12-16
Product(s): Defender, Defender for Office 365, Exchange, Microsoft 365 Defender, Outlook
Cloud instance(s): Worldwide (Standard Multi-Tenant), DoD, GCC High, GCC
Platform(s): Android, iOS, Mac, mobile, Online, US Instances, Web, Windows Desktop, World tenant
Release phase(s): General Availability
Status: In development