SOLVED

Outlook report add-in

%3CLINGO-SUB%20id%3D%22lingo-sub-2657964%22%20slang%3D%22en-US%22%3EOutlook%20report%20add-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2657964%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3EIn%20an%20effort%20to%20move%20away%20from%20users%20using%20%22safe%20senders%22%20in%20outlook%20we%20are%20considering%20using%20the%20report%20add-in.%20However%20when%20i%20review%20the%20permissions%20the%20add-in%20has%20its%20a%20bit%20concerning.%20Im%20reluctant%20to%20push%20out%20this%20add-in%20because%20the%20add-in%20has%20permissions%20to%20read%20and%20change%20email%20in%20a%20users%20mailbox.%20Seems%20excessive%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Skipster3111_0-1629236344281.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303885i6A8AEBE2329143BC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Skipster3111_0-1629236344281.png%22%20alt%3D%22Skipster3111_0-1629236344281.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2657964%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Defender%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2659018%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20report%20add-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2659018%22%20slang%3D%22en-US%22%3EWell%20it%20does%20perform%20a%20Send%20operation%2C%20so%20it%20needs%20to%20be%20able%20to%20read%20the%20content%20of%20the%20message.%20It%20also%20deletes%20it%20(move%20to%20junk)%20when%20you%20press%20the%20report%20button%2C%20thus%20the%20%22change%22%20permissions.%3CBR%20%2F%3EIf%20you%20are%20not%20happy%20with%20this%2C%20you%20can%20send%20messages%20directly%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fsubmit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fsubmit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis%3Fview%3Do365-worldwide%3C%2FA%3E)%20or%20write%20your%20own%20addin.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2660966%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20report%20add-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2660966%22%20slang%3D%22en-US%22%3EUnderstood.%20Is%20this%20feature%20Microsoft's%20approach%20to%20replacing%20%22safe%20senders%22%20in%20outlook%3F%20I%20notice%20Microsoft%20doesn't%20recommend%20using%20%22safe%20senders%22%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2661275%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20report%20add-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2661275%22%20slang%3D%22en-US%22%3ENo%2C%20it's%20not%20a%20replacement%20for%20safe%20senders.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2661386%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20report%20add-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2661386%22%20slang%3D%22en-US%22%3EOkay.%20From%20my%20understanding%20Microsoft%20does%20not%20recommend%20using%20safe%20senders.%20This%20appears%20to%20create%20more%20work%20for%20the%20O365%20admin%2C%20because%20Microsoft%20recommends%20using%20transport%20rules%20to%20allow%20the%20email%20to%20go%20to%20the%20users%20inbox%20%2C%20and%20i%20understand%20why%2C%20but%20this%20creates%20overhead%20for%20the%20O365%20admin.%20What%20is%20your%20thought%20on%20this%20%3F%20do%20you%20recommend%20using%20safe%20senders%20in%20outlook%20%3F%20or%20disabling%20the%20ability%20using%20GPO%20%3F%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello

In an effort to move away from users using "safe senders" in outlook we are considering using the report add-in. However when i review the permissions the add-in has its a bit concerning. Im reluctant to push out this add-in because the add-in has permissions to read and change email in a users mailbox. Seems excessive 

 

Skipster3111_0-1629236344281.png

 

7 Replies

After reading the below article, Microsoft doesn't recommend using "safe senders". in large company this could create a lot of overhead for the O365 admin. I would like to know what other admin's are doing ? 

 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists... 

Well it does perform a Send operation, so it needs to be able to read the content of the message. It also deletes it (move to junk) when you press the report button, thus the "change" permissions.
If you are not happy with this, you can send messages directly (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/submit-spam-non-spam-and...) or write your own addin.
Understood. Is this feature Microsoft's approach to replacing "safe senders" in outlook? I notice Microsoft doesn't recommend using "safe senders"
No, it's not a replacement for safe senders.
Okay. From my understanding Microsoft does not recommend using safe senders. This appears to create more work for the O365 admin, because Microsoft recommends using transport rules to allow the email to go to the users inbox , and i understand why, but this creates overhead for the O365 admin. What is your thought on this ? do you recommend using safe senders in outlook ? or disabling the ability using GPO ?
That should only be a concern if your Outlook clients are driven by on-premises Exchange intentionally to keep any other party out of your mailboxes. For the average Exchange Online customer, the add-in does not confer any access that Microsoft do not already have. If you have an on-premises Exchange server screened by a third-party system, you might want to consider the third party's Outlook add-in instead or ask why they have not developed one.

Weight against that the fact that unless you have some very good detection rules running, the add-in is important in shortening your organisation's feedback time to Defender for O365. Prompt reactions by your recipients will improve your ZAP response times.
best response confirmed by Giulian Garruba (Microsoft)
Solution

@Skipster311-1 

 

Hi,

 

Users or admins can add senders to the Safe Senders list of the mailbox, but this is not desirable in most situations since senders will bypass parts of the filtering stack. Although you trust the sender, the sender can still be compromised and send malicious content. It is best that you let our filters do what is needed to check every message and then report the false positive/negative to Microsoft if our filters got it wrong. Bypassing the filtering stack also interferes with ZAP.

 

As far as the Report Message add-in is concerned, the permissions are necessary. As stated in other comments, we do need to read the contents, but that is based on and only for what the end-user wants to report. The change permission is similar in that we move the message between folders when users report something. For example, if you report a phish, we will move the item from the Inbox to the Deleted Items folder if necessary.

 

I hope this addresses your concerns. By the way, admin submissions is also another way to submit messages to Microsoft for review without installing the add-in but it does require the admin to find instead. More details can be found here: Manage submissions - Office 365 | Microsoft Docs.

 

Thanks!

 

 

www.000webhost.com