It's time for a new, unified submissions experience
Your security team now has a “one-stop shop” for submitting emails, URLs, email attachments, and files in one, easy-to-use submission experience. To simplify the submission process, we are excited to announce a new unified submissions experience in the Microsoft 365 Defender portal (https://security.microsoft.com). With unified submissions, you can submit files to Microsoft 365 Defender for review from within the portal. We are also adding the ability to submit a file directly from a Microsoft Defender for Endpoint Alert page.
Important note: Currently, the new submissions experience is available only in subscriptions that include Microsoft 365 Defender, Microsoft Defender for Endpoint Plan 2, or Microsoft Defender for Office.
Let’s look at the new unified submissions experience!
New entry points to submit items for analysis
With unified submissions in preview, you can submit files from these entry points in Microsoft 365 Defender:
Submissions page. You can add a new submission to report a file as clean (false positive), unwanted software or malicious (false negative).
An Alert page. While viewing an alert, you can choose the action to submit a file for analysis “Submit items to Microsoft for review”.
The Submissions portal that was previously under Email & collaboration is now in the unified submission surface.
Tabs you’ll see on the new Submissions page
The new, unified submissions page includes the following tabs:
User reported messages
You can now see submission items broken out by type (Emails, Email Attachments, URLs, Files and User reported messages). A security admin can view the collection of emails that your users have submitted for review and create a submission to Microsoft if needed.
Note: If your subscription includes Microsoft 365 Defender, you’ll see all five tabs. If your subscription only includes Defender for Endpoint Plan 2, you’ll only see the Files tab. And, if your subscription only includes Defender for Office 365, you won’t see the Files tab.
The Alert page submission experience
You can now submit a file for analysis from the Alerts page. Open the Microsoft 365 Defender portal. Go to Incidents & alerts, and then select Alerts to view the list of alerts. You can then select a Microsoft Defender for Endpoint alert that contains an item you want to report.
Notice a checkbox on the alert submission form for “Include alert story.” By choosing this option, you’ll attach a JSON file of the alert story with your submission. That file will be shared with our analysts to improve the quality of results and the response time of your submission.
Here’s what the alert page submission entry point looks like:
And here’s an example of an alert page submission form:
The Submissions list
Your Submissions list enables you to see all of your company’s submissions in one place, organized by type: Emails, Email attachments, URLs, Files, and User reporting messages. You can also create a new submission on this page. (You must have the Global Administrator, Security Administrator, Security Reader, or Organization Management role assigned.)
To use the Submissions list, go to the Microsoft 365 Defender portal, and then select Submissions. Then choose one of the available options. In the following example, we are showing the File submission option:
The File submission list looks like this:
On the Files tab, we select Add new submission. This action opens the File submission form, which looks like this:
After submitting the file for analysis, theFile submission results now look like this:
When adding text in the Notes for Microsoft box, the cursor might jump to the end of the line when you try to place the cursor in the middle of an already typed line to add more text. We are working to resolve this issue.
We are excited to bring you this simplified submission experience!Try it outand let us know what you think. Tell us if the new, unified experience is helpful, and share any additional requests or suggestions you have for improving the experience!