MC721853: Microsoft New feedback button

Announcement ID	MC962528		Published Date	12-20-2024
Service	Exchange		Last Updated	12-20-2024
Category	Plan for change		Expiration Date	05-31-2025
Roadmap ID	406167		Action Required by Date
Tags	Admin impact, New feature, User impact

Summary
Defender for Office 365 now allows administrators to configure the system to send messages reported by third-party add-ins to Microsoft for analysis. This feature is part of the Microsoft 365 Roadmap ID 406167 and will be available in early February 2025. Configuration steps are provided for users to enable this setting.

More Information

Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis. When this will happen: General Availability: We will begin rolling out early February 2025 and expect to complete by mid-February 2025. How this will affect your organization: You must configure this setting if you want the benefit of sending third-party reported messages to Microsoft. To enable this setting: Go to User reported settings in the Microsoft Defender portal, select Monitor reported messages in Outlook, and then select Use a non-Microsoft add-in button. In the Reported message destination section, select Microsoft and my reporting mailbox, and then provide the email address of the internal Exchange Online mailbox where user-reported messages by the third-party add-ins are being routed to. If the third-party vendor follows the guidance for message submissions format, Defender for Office 365 will submit these messages automatically to Microsoft for analysis.  The result from Microsoft after analysis is shown on the User reported page in the Defender portal. Alerts are automatically generated for user reported messages in Defender for Office 365. If you have Defender for Office 365 Plan 2, Automated investigation and response (AIR) is also automatically triggered for user reported phishing messages. Both alerts and their investigations are automatically correlated to Defender XDR Incidents, which helps SOC teams with automation to triage, investigate, and respond. Submitting these messages to Microsoft for analysis provides a response of this analysis to security analysts and also helps improve Defender for Office 365 filters. What you need to do to prepare: If your user reporting settings are already set to Use a non-Microsoft add-in button and Microsoft and my reporting mailbox, you don't need to do anything to benefit from this change. However, if the destination is My reporting mailbox only, you need to change the destination to Microsoft and my reporting mailbox to benefit from this change.