Microsoft Report Message


3 kommenttia

  • Virallinen kommentti
    Max Garczynski

    Hi All,

    Thank you for your comments and posts regarding this issue! This is something we commonly assist our customers with in the technical support department. To receive technical assistance, please submit requests to and a Technical Support Agent will be able to assist you!

    At this time, Microsoft's report as phishing button does not connect well with the KMSAT console and does create false positives. This is because Microsoft will sandbox and detonate any "malicious" content when scanning emails that have been reported. At this time, we do recommend not using that button as it will create False-Positives, and we suggest using the Phish Alert Button instead. For more information on the PAB, please see

    Thank you for reaching out and we hope to assist you soon!

    Thank you,

    Kommenttitoiminnot Pysyvä linkki
  • Avatar
    Michael Barnard

    I believe you would need to tell Microsoft to find a way to not scan the individualized links in emails with KnowBe4 headers in them...which, unfortunately, I do not believe there is any functionality admin-wise to do this as it's all on Microsoft's end what they do after that button is clicked.

    Those "Scans" by Microsoft are done all over the world with various browser agents and the links are "opened" which registers a click.

    You can Automate reporting back with the KnowBe4 button with PhishER, we went down that road and only occasionally get an issue with some Microsoft Safelinks rewrites and Forwarded emails but we have stopped that practice with most people. I realize that's extra cost to a free tool, but we found it invaluable.

    Kommenttitoiminnot Pysyvä linkki
  • Avatar
    Matt Carlone

    We are struggling with the same issue. We recently dropped PhishER and have migrated to Microsoft's Report Message functionality (from PAB) because of its robust automated investigation response. Safe Links does not come into play for simulated messages because KnowBe4 is set up to direct inject messages into user mailboxes. Yet, Microsoft is exploding the reported message in a manner that is causing false positive clicks. I have yet to find a way to "whitelist" the domains--seems like it's out of our control.

    I see that there is a feature request for PAB to report to Microsoft, but it doesn't look like there has been movement on it for over two years. I'm not holding my breath. I'm also not keen on switching our user base back to the PAB.

    Kommenttitoiminnot Pysyvä linkki

Kirjaudu sisään jättääksesi kommentin.