Microsoft 365's Native “Report phishing” feature

You can configure Sublime's Abuse Mailbox to ingest reports from Microsoft 365's native "Report Phishing" button.

  1. Navigate to the User reported settings in Microsoft Defender
  2. Select the "Send reported messages to:" dropdown (pictured below) and choose "Microsoft and my reporting mailbox" or "My reporting mailbox only"
  1. Enter the Abuse Mailbox that you have configured in Sublime
  1. Click "Save"


Report Message Options

Outlook users may have multiple "Report message" buttons, depending on configuration. These include Report as Phish, Report as Junk, and Report as Not Junk.

The Abuse Mailbox will ignore any message reports for Junk and Not Junk.

Only Phish reports generated through the native button will be processed as abuse reports.