check before: 2025-02-01
Product:
Defender, Defender for Office 365, Exchange, Outlook
Platform:
Online, Web, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message, User impact
Links:

Details:
Summary:
Microsoft Defender for Office 365 now allows administrators using third-party add-ins to configure automatic sending of user-reported suspicious messages to Microsoft for analysis. This update is associated with Roadmap ID 406167 and will be rolled out in mid-May 2025. Configuration details and benefits are provided.
Details:
Updated January 23, 2025: We have updated the content. Thank you for your patience.
Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis.
This message is associated with Microsoft 365 Roadmap ID 406167.
[When this will happen:]
General Availability: We will begin rolling out mid-May 2025 (previously early February) and expect to complete by late May 2025 (previously mid-February).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2024-12-21
updated:
2025-01-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Reporting Configuration
If the configuration is not properly set before the change, users may not be able to report suspicious messages effectively, leading to potential security risks.
- roles: Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-office-365/submissions-report-messages-files-to-microsoft#report-suspicious-email-messages-to-microsoft, https://learn.microsoft.com/defender-office-365/submissions-user-reported-messages-custom-mailbox?#message-submission-format-for-third-party-reporting-tools
Automated Investigation and Response
Failure to configure the new settings may result in missed automated investigations for reported phishing messages, increasing the response time to threats.
- roles: Security Operations Center (SOC) Teams, Security Analysts
- references: https://learn.microsoft.com/defender-office-365/air-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=406167
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

change history
Date | Property | old | new |
2025-01-24 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
2025-01-24 | MC Summary | Defender for Office 365 now allows administrators to configure the system to send messages reported by third-party add-ins to Microsoft for analysis. This feature is part of the Microsoft 365 Roadmap ID 406167 and will be available in early February 2025. Configuration steps are provided for users to enable this setting. | Microsoft Defender for Office 365 now allows administrators using third-party add-ins to configure automatic sending of user-reported suspicious messages to Microsoft for analysis. This update is associated with Roadmap ID 406167 and will be rolled out in mid-May 2025. Configuration details and benefits are provided. |
2025-01-24 | MC Last Updated | 12/20/2024 23:46:15 | 2025-01-23T22:03:09Z |
2025-01-24 | MC Messages | Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis.
This message is associated with Microsoft 365 Roadmap ID 406167. [When this will happen:] General Availability: We will begin rolling out early February 2025 and expect to complete by mid-February 2025. | Updated January 23, 2025: We have updated the content. Thank you for your patience.
Administrators and security operators who are using third-party report message solutions in Microsoft Outlook to allow their users to report suspicious messages (for example, Knowbe4, Hoxhunt, Cofense, Proofpoint add-ins, and so on) can now configure Defender for Office 365 to automatically send these messages to Microsoft for analysis. This message is associated with Microsoft 365 Roadmap ID 406167. [When this will happen:] General Availability: We will begin rolling out mid-May 2025 (previously early February) and expect to complete by late May 2025 (previously mid-February). |
2025-01-24 | MC Title | Microsoft Defender for Office 365: Third-party add-in user report can be sent to Microsoft for analysis | (Updated) Microsoft Defender for Office 365: Third-party add-in user report can be sent to Microsoft for analysis |
2025-01-24 | MC End Time | 05/31/2025 09:00:00 | 2025-07-07T09:00:00Z |
Last updated 2 weeks ago