Combined Phish Alert Button with Report Message to Microsoft
Vastattu
The Phish Alert button is great for reporting messages to our helpdesk, and for notifying users when they report a phish test email. It does nothing for actually improving our mail filters to prevent such messages from getting through in the future though. Microsoft offers a Report Message function which submits suspicious messages to them for the purpose of improving the Office 365/Exchange Online Protection filters, but that doesn't check to see if the message is a phish test and notify the users that they caught one.
I can't tell users to submit messages using Microsoft's button if they think it's just spam, but PAB if they think it's phishing. Is there any other way to get the functionality of PAB while also submitting the message to Microsoft for review?
-
+1 on this topic
Following up to the workaround of configuring KB4 to forward any non-simulation reports to Microsoft at "phish@office365.microsoft.com". Have any of the community here put this in place and observed a negative experience as a result?
Our team isn't actively managing/reporting on what the users are reporting to MS via the native "Report Message" button so trying to identify the impact of inserting the PAB until this updated functionality is squared away. Thanks!
-
Hello Kris,
I have added you to the feature request form for this thread. In regards to your question, I have seen a few customers set the PAB (Phish Alert Button) to forward to Microsoft's reporting email address (phish@office365.microsoft.com) but I have not heard about any negative experiences after doing so. I hope you have a wonderful rest of your day.
-
I found a workaround: Phish Alert Button + https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/user-submission?view=o365-worldwide#third-party-reporting-tools
The non-simulated email is reported to the Office 365 ATP as phish email + all non-simulated reported emails are in the SOC shared mailbox for further investigation.
-
The help article mentioned by Ondřej was updated about a month ago and does appear to get us closer to a solution - it allows phish reports sent using KnowBe4's phish alert button to be forwarded to Microsoft and reported as phishing without KnowBe4 modifying its message format. There's still some holes here though - KnowBe4 provides no ability to report junk/not junk email like Microsoft does, which is something our user's need to be able to do.
If KnowBe4 added junk and not junk reporting to their add-in (along with associated behaviors for moving the messages to the appropriate folder in the mailbox) and conformed with Microsoft's format for third-party submitted messages, their add-in would have feature parity with Microsoft's and be able to tell users when they correctly report a PST.
Thanks to Microsoft's changes, it is now possible for KnowBe4 to modify their add-in and create something that is truly better than the Microsoft Report Messages addon. We're closer than ever to getting this resolved! -
Alex, I understand that the current version of the PAB allows users to report emails as either phishing, spam or Unknown based on the updated article here: https://support.knowbe4.com/hc/en-us/articles/4410882366611.
I have not tested this version yet - interested to understand if others have though.
-
Hello Alex,
with this feature provided by MS, the reporting button is easy to change, because it is possible to send out emails to the defined Mailbox with prefix:
- 1| or Junk:
- 2| or Not junk
- 3| or Phishing
and it will be proceeded properly by MS. Fingers crossed for the PAB update!
-
@Alex - KnowBe4 does allow users to report Junk now via the fairly new Disposition feature, however it's unclear what exactly happens differently (I assume a different subject prefix, but I haven't tested it).
Adding User Comments and Email Disposition to the Phish Alert Button – Knowledge Base (knowbe4.com)
-
Add me onto the +1 list. The microsoft formatting method posted by Ondřej was definitely helpful (going to use that for now, combined with forwarding .EML to us, Microsoft, and Vade submission emails), but would prefer an API/MS Graph tie-in. Even better - why not both? Using Vade (direct ProofPoint competitor). The report message button from MS also reports to Vade so that if enough people report a phish, it will be yanked out of everyone's boxes if it didn't get caught beforehand. That said, Microsoft's Report Message button is limited to people's direct inboxes, and is not available when viewing shared mailboxes. So KB4 has a real opportunity here to make the Phish Alert Button superior to Microsoft's.
-
+1
It's been over 2 years since this was first requested. We are getting false 'clicks' when our Users report a KB4 phishing test via the Microsoft Report Message plug-in in Outlook. Obviously this messes up our reporting and we have to manually remove the User from an auto-enrolled remedial training.
-
Hello Chuck,
Thanks for your feedback and patience while we have been working on this issue with the Microsoft Phishing Button. We appreciate your input and I have gone ahead and added your request to the feature so you do not have to continue to remove the false/positives.
Thanks,
Christian
-
+1 and following. We would also like to integrate KnowBe4 reporting with the Microsoft report button. We use the Microsoft button due to the functionality provided by Microsoft for it. Currently, we aren't able to track via the phishing campaigns who reported a phishing email from the simulation as we use the Microsoft button. I would also like to be able to provide a message that the email was part of the simulation.
-
As a new customer it is a bit disappointing to see this feature request, after 29 months since originally posted in January of 2020, is still not resolved. Please add me to the list of customers that would like a way to deal with both PST reporting and take advantage of o365 mail features for non KnowBe4 junk/phishing/non junk email. Perhaps I'm misreading this post and there is a solution.
-
Hi Jeroen,
Thanks for your feedback and patience while we have been working on this issue with the Microsoft Phishing Button. Currently, the support department has not received an ETA or timeline from the development team regarding this feature. We appreciate your input and I have gone ahead and added your request to the feature!
Thanks,
Kirjaudu sisään jättääksesi kommentin.
Kommentit
95 kommenttia