Contributor

What is the fastest and correct approach to react to phishing emails hitting an organization? What can and should an admin do, as soon as he sees a phishing email in his Inbox?

 

There are two use-cases I would like to consider:

 

  • As an admin, I want to quickly see and react to phishing mails. As of now, I can use the Threat Explorer to search e.g. for the subject of an email, and then trigger a hard delete. This feels laborious. There also seem to be mutiple backends where alerts, actions, incidents and investigations are displayed (security.microsoft.com and protection.office.com). What is the best approach here?
  • As a user, I want to notify the admin about phishing. This seems to be possible with the "Report message" add-in. However, as an admin I see just reports - there is no way to react like: "Yes, this is phishing" or "No, this is not phishing. You can click on the links"

 

Edit: further outlined use-cases.

Hi, this should help https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?vie...

As for the Report Message add-in the message will be analyzed by Microsoft. You only get a ”heads-up” so you can review messages that users report to Microsoft.
www.000webhost.com