MC962528 – (Updated) Microsoft Defender for Office 365: Third-party add-in user report can be sent to Microsoft for analysis

Microsoft Exchange Logo

check before: 2025-02-01

Product:

Defender, Defender for Office 365, Exchange, Outlook

Platform:

Online, Web, World tenant

Status:

In development

Change type:

Admin impact, New feature, Updated message, User impact

Links:

406167

Details:

Summary:
Microsoft Defender for Office 365 now allows administrators using third-party add-ins to configure automatic sending of user-reported suspicious messages to Microsoft for analysis. This update is associated with Roadmap ID 406167 and will be rolled out in mid-May 2025. Configuration details and benefits are provided.

Details:
Updated January 23, 2025: We have updated the content. Thank you for your patience.
Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis.
This message is associated with Microsoft 365 Roadmap ID 406167.
[When this will happen:]
General Availability: We will begin rolling out mid-May 2025 (previously early February) and expect to complete by late May 2025 (previously mid-February).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2024-12-21

updated:
2025-01-24

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Reporting Configuration
If the configuration is not properly set before the change, users may not be able to report suspicious messages effectively, leading to potential security risks.
   - roles: Administrators, Security Analysts
   - references: https://learn.microsoft.com/defender-office-365/submissions-report-messages-files-to-microsoft#report-suspicious-email-messages-to-microsoft, https://learn.microsoft.com/defender-office-365/submissions-user-reported-messages-custom-mailbox?#message-submission-format-for-third-party-reporting-tools

Automated Investigation and Response
Failure to configure the new settings may result in missed automated investigations for reported phishing messages, increasing the response time to threats.
   - roles: Security Operations Center (SOC) Teams, Security Analysts
   - references: https://learn.microsoft.com/defender-office-365/air-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=406167

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2025-01-24MC MessageTagNamesNew feature, User impact, Admin impactUpdated message, New feature, User impact, Admin impact
2025-01-24MC SummaryDefender for Office 365 now allows administrators to configure the system to send messages reported by third-party add-ins to Microsoft for analysis. This feature is part of the Microsoft 365 Roadmap ID 406167 and will be available in early February 2025. Configuration steps are provided for users to enable this setting.Microsoft Defender for Office 365 now allows administrators using third-party add-ins to configure automatic sending of user-reported suspicious messages to Microsoft for analysis. This update is associated with Roadmap ID 406167 and will be rolled out in mid-May 2025. Configuration details and benefits are provided.
2025-01-24MC Last Updated12/20/2024 23:46:152025-01-23T22:03:09Z
2025-01-24MC MessagesAdministrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis.
This message is associated with Microsoft 365 Roadmap ID 406167.
[When this will happen:]
General Availability: We will begin rolling out early February 2025 and expect to complete by mid-February 2025.
Updated January 23, 2025: We have updated the content. Thank you for your patience.
Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis.
This message is associated with Microsoft 365 Roadmap ID 406167.
[When this will happen:]
General Availability: We will begin rolling out mid-May 2025 (previously early February) and expect to complete by late May 2025 (previously mid-February).
2025-01-24MC TitleMicrosoft Defender for Office 365: Third-party add-in user report can be sent to Microsoft for analysis(Updated) Microsoft Defender for Office 365: Third-party add-in user report can be sent to Microsoft for analysis
2025-01-24MC End Time05/31/2025 09:00:002025-07-07T09:00:00Z

Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!