Office 365 – It is now simpler to submit suspicious content to Microsoft for investigation

As you may already know, with Office 365 and Exchange Online you already had the possibility to report suspicious content (in that case email). This was achieved through using the Report Message add-in (and the other way around to, if an email was incorrectly identified as spam).


Well, now it is becoming simpler for Office 365 administrators to monitor, and also report, suspicious content to Microsoft.

With this new capability, you can report emails, attachments or URLs for investigation to Microsoft.

To start submitting suspicious content, logon to your Security and Compliance portal ( and reach out the Submission blade, available below the Threat Management section


You can then submit the suspicious content by using the New submission button.


You can now fill a report with the details to be provided, including if required the email ID, email as EML file or attachment, with the action which should have been taken – blocked or not being blocked.

The options vary depending of the type of reporting (email, URL or attachment)


From this, blade administrator can also follow user’s reports by using the User reports tab (using the Report message add-in; hopefully there will be a way to also report URLs in the future).


Administrators can then initiate an investigation on this/these item(s) by using the Investigate button; this will send the information to the automated investigation system.


Once the investigation is completed you can then review if more users/machines may have been impacted, the details of the threat and so on.



Happy hunting

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies