Microsoft Defender for Office 365: User submission automatic feedback response

Originally posted by Microsoft Mar 6, 2024 Uncategorized 0 Comments

Microsoft Defender for Office 365 now allows organizations to automatically respond to end user submissions of phish based on the verdict from the automated investigation and response (AIR) investigation. This feature is configurable and allows organizations to dictate which threat scenarios they would like end users to receive feedback emails about. The feature may be configured in Settings > Email & collaboration > User reported settings within the Email notifications > Results email section. This will be rolled out worldwide by late February 2024. Customers may review the learn document for additional details.

In Microsoft Defender for Office 365 (MDO), the user submission automatic feedback response enables organizations to automatically respond to end user submissions of phish based on the verdict from the automated investigation and response (AIR) investigation. This feature is configurable and allows organizations to dictate which threat scenarios they would like end users to receive feedback emails about. Once enabled, Microsoft Defender for Office 365 will automatically respond to end user submissions based on the investigation verdict and the configured settings.

This message is associated with Microsoft 365 Roadmap ID 186575

When this will happen:

Worldwide, GCC: Rollout completed in late February 2024.

How this will affect your organization:

Customers will have the ability to automatically respond to end user reports of phish based on the verdict of the AIR investigation.

The feature may be configured in Settings > Email & collaboration > User reported settings within the Email notifications > Results email section. On this page, the first step to enabling this feature is to check the box to Automatically email users the results of the investigation. Includes results for reported messages from all monitored platforms. Upon making this selection, three additional checkboxes will appear titled Phishing or Malware, and No threats found. These three checkboxes represent the options for the user submission automatic feedback response and allow organizations to dictate which threat scenarios they would like end users to receive feedback emails about. At least one of these options should be selected to enable this feature.

View image in new tab

Responses to end users will be sent at the conclusion of the automated investigation based on the verdict, if configured.

What you need to do to prepare:

  • Phishing or Malware: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation identifies a threat of normal phish, high confidence phish, or malware.
  • Spam: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation shows the threat of spam.
  • No threats found: Selecting this box indicates that the organization would like end users to receive an automatic response email on email submissions of phish when the associated user submission investigation finds no threats.

Customers may further familiarize themselves with the new feature by reviewing the learn document Automatic user notifications for user reported phishing results in AIR | Microsoft Learn that contains additional details. To learn more about automated investigation and response (AIR) in Microsoft Defender for Office 365 visit Automated investigation and response in Microsoft Defender for Office 365 – Office 365 | Microsoft Learn.

Message ID: MC724832

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: