Preventing Microsoft 365's Mark as Phishing Feature from Creating False Clicks
If your users use Microsoft 365's Mark as Phishing feature on a simulated phishing email, this option can cause a false positive click. False positive clicks will cause the user to "fail" a phishing test even though they never clicked on the link. If you want to prevent false positive clicks from happening, you will need to disable the junk email and phishing email reporting feature through Exchange PowerShell. To do this, follow the steps below.
- Open Exchange PowerShell and run the following command to locate the policy:
Get-OwaMailboxPolicy | Format-Table Name,ReportJunkEmailEnabled
- Set the ReportJunkEmailEnabled to False (see example below):
Set-OwaMailboxPolicy -Identity "OwaMailboxPolicy-Default"
- Verify your change has worked by opening a users' account and selecting the Mark as Phishing option from the drop-down menu (click to view). After you make the selection, the reporting message should not display.
After disabling this feature, the option will still be available to the user from the email drop-down menu but the user will not be able to report the message and the successful reporting message will not display.