This guide walks you through connecting the Phish Reporter button with Microsoft Defender. Once set up, any non-simulation phishing emails reported by users are automatically routed to your Microsoft Defender Submissions page. There, you can review them, investigate, and submit to Microsoft if needed. This helps you quickly spot real threats while supporting both internal triage and Microsoft’s threat analysis.
-
Make sure you have access to a shared mailbox for reported emails.
If one already exists and you're using it for reporting, you're good to go. If not, you (or your admin) can create one here: Microsoft 365 Shared Mailboxes
Steps: Add a shared mailbox > enter a Name and Email > click Save Changes. -
Add the shared mailbox as a SecOps mailbox in Microsoft Defender.
This ensures you receive unfiltered messages for proper investigation.
Go to: Microsoft Defender – Advanced Delivery
Steps: Click Add > enter the shared mailbox email > click Add again.
Note: If you already have a shared mailbox but haven’t added it here, you still need to complete this step. -
Add the SecOps mailbox to the Phriendly Phishing platform.
Go to the Phriendly Phishing platform.
Steps: Select the Phish Reporter tab > enter the SecOps mailbox email > click Save Settings. -
Configure Microsoft Defender to send reported messages to the SecOps mailbox.
Go to: Microsoft Defender – User Submission Settings
Steps: Scroll to Reported message destinations > click Add an exchange online mailbox > enter the SecOps mailbox email. -
Review reported messages in the Microsoft Defender portal.
Any non–Phriendly Phishing reported emails will now appear here:
Microsoft Defender Submissions – User Reported
Please reach out to support@phriendlyphishing.com with any questions.
Comments
0 comments
Article is closed for comments.