The PhishNotify integrations feature allows Infosec’s PhishNotify add-in to send learner reported emails to Microsoft report submissions for triage and analysis. If you have not yet deployed the PhishNotify add-in follow the instructions found here.
Parts of this article are based on instructions provided by Microsoft found here.
Part 1: Configure Microsoft 365 to ingest emails Reported with PhishNotify
- Login to your Microsoft 365 account and go to Settings > Email & collaboration > User Reported
- Verify that User Reported emails are enabled and the toggle is in the On position
- Select the option to Use a non-Microsoft add-in button
- Key in and select the inbox that will be used to send all reported emails to. This inbox will be used to consume reported emails for threat analysis.
Part 2: Configure PhishNotify to send to Microsoft
- In the Infosec IQ admin portal, navigate to PhishNotify & PhishHunter > PhishNotify Setup.
- On the " PhishNotify setup and settings" page, under “Select what happens to an email in IQ once a learner reports it,” select one of the following:
- Save email contents and attachments - reported emails will also be saved in the Infosec IQ quarantine.
- Bypass Infosec IQ - reported emails will not be saved in Infosec IQ.
- Save.
- Navigate to PhishNotify Integtrations in the left sidebar.
- Select Microsoft Defender from the drop-down.
- Enter an email address to which messages will be forwarded. The other fields will be configured according to Microsoft’s requirements.
- Save.
Part 3: Test the configuration
Please note when testing that there is a slight delay from the time it takes for the email notifications to be sent and delivered, and for when Microsoft scans the inbox and displays the message.
- Report a non PhishSim email with PhishNotify.
- Verify the email was delivered successfully to the inbox you configured above.
- Go into the Report Submissions section of Microsoft 365 and verify the email appears in this list.