Merge branch 'main' into deniseb-281044

denisebmsft · denisebmsft · commit 8935c2e12ada · 2024-08-20T10:27:00.000-07:00
diff --git a/defender-office-365/advanced-delivery-policy-configure.md b/defender-office-365/advanced-delivery-policy-configure.md
@@ -42,7 +42,7 @@ Use the _advanced delivery policy_ in EOP to prevent inbound messages _in these
 - [AIR and clustering in Defender for Office 365](air-about.md) ignores these messages.
 - Specifically for third-party phishing simulations:
   - [Admin submission](submissions-admin.md) generates an automatic response saying that the message is part of a phishing simulation campaign and isn't a real threat. Alerts and AIR aren't triggered. The admin submissions experience shows these messages as a simulated threat.
-  - When a user reports a phishing simulation message using the [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) or the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook), the system doesn't generate an alert, investigation, or incident. The links or files aren't detonated, but the message appears on the **User reported** tab of the **Submissions** page.
+  - When a user reports a phishing simulation message using the [built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook) or the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook), the system doesn't generate an alert, investigation, or incident. The links or files aren't detonated, but the message appears on the **User reported** tab of the **Submissions** page.
 
 Messages that are identified by the advanced delivery policy aren't security threats, so the messages are marked with system overrides. Admin experiences show these messages as **Phishing simulation** or **SecOps mailbox** system overrides. Admins can use these values to filter and analyze messages in the following experiences:
 
diff --git a/defender-office-365/anti-phishing-protection-tuning.md b/defender-office-365/anti-phishing-protection-tuning.md
@@ -81,7 +81,7 @@ You can also use the [configuration analyzer](configuration-analyzer-for-securit
 
 - Whenever possible, we recommend that you deliver email for your domain directly to Microsoft 365. In other words, point your Microsoft 365 domain's MX record to Microsoft 365. Exchange Online Protection (EOP) is able to provide the best protection for your cloud users when their mail is delivered directly to Microsoft 365. If you must use a third-party email hygiene system in front of EOP, use Enhanced Filtering for Connectors. For instructions, see [Enhanced Filtering for Connectors in Exchange Online](/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
 
--  Have users use the [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) or deploy the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook) in your organization. Configure the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) to send user reported messages to a reporting mailbox, to Microsoft, or both. User reported messages are then available to admins on the **User reported** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user>. Admin can report user reported messages or any messages to Microsoft as described in [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md). User or admin reporting of false positives or false negatives to Microsoft is important, because it helps train our detection systems.
+- Have users use the [built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook) or deploy the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook) in your organization. Configure the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) to send user reported messages to a reporting mailbox, to Microsoft, or both. User reported messages are then available to admins on the **User reported** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user>. Admin can report user reported messages or any messages to Microsoft as described in [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md). User or admin reporting of false positives or false negatives to Microsoft is important, because it helps train our detection systems.
 
 - Multi factor authentication (MFA) is a good way to prevent compromised accounts. You should strongly consider enabling MFA for all of your users. For a phased approach, start by enabling MFA for your most sensitive users (admins, executives, etc.) before you enable MFA for everyone. For instructions, see [Set up multi-factor authentication](/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication).
 
diff --git a/defender-office-365/defender-for-office-365-whats-new.md b/defender-office-365/defender-for-office-365-whats-new.md
@@ -160,7 +160,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 - The new Microsoft Defender XDR role-based access control (RBAC) model, with support for Microsoft Defender for Office, is now available in public preview. For more information, see [Microsoft Defender XDR role-based access control (RBAC)](/defender-xdr/manage-rbac).
 
-- [Use the built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web): Use the built-in Report button in Outlook on the web to report messages as phish, junk, and not junk.
+- [Use the built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): Use the built-in Report button in Outlook on the web to report messages as phish, junk, and not junk.
 
 ## October 2022
 
diff --git a/defender-office-365/migrate-to-defender-for-office-365-setup.md b/defender-office-365/migrate-to-defender-for-office-365-setup.md
@@ -78,7 +78,7 @@ You can specify an Exchange Online mailbox to receive messages that users report
 
 You should also confirm that all users in the pilot have a supported way to report messages that received an incorrect verdict from Defender for Office 365. These options include:
 
-- [The built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web)
+- [The built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook)
 - [The Report Message and Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook)
 - Supported third party reporting tools as described [here](submissions-user-reported-messages-custom-mailbox.md#message-submission-format-for-third-party-reporting-tools).
 
diff --git a/defender-office-365/reports-email-security.md b/defender-office-365/reports-email-security.md
@@ -1009,7 +1009,7 @@ The **URL protection report** is available only in Microsoft Defender for Office
 > [!IMPORTANT]
 > In order for the **User reported messages** report to work correctly, **audit logging must be turned on** in your Microsoft 365 organization (it's on by default). For more information, see [Turn auditing on or off](/purview/audit-log-enable-disable).
 
-The **User reported messages** report shows information about email messages that users have reported as junk, phishing attempts, or good mail by using the [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) or the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook).
+The **User reported messages** report shows information about email messages that users have reported as junk, phishing attempts, or good mail by using the [built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook) or the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook).
 
 On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **User reported messages**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/userSubmissionReport>.
 
diff --git a/defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md b/defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md
@@ -26,9 +26,9 @@ Depending on whether you're licensed for Defender for Office 365, you also get a
 
 ## Choose between which add-in to deploy
 
-- The Report Phishing add-in provides the option to report only phishing messages
-- The Report Message add-in provides the option to report junk, not junk (false positive), and phishing messages
-- The built-in Report button in Outlook on the web *[Learn More](../submissions-outlook-report-messages.md)*
+- The Report Phishing add-in provides the option to report only phishing messages.
+- The Report Message add-in provides the option to report junk, not junk (false positive), and phishing messages.
+- The built-in Report button in supported versions of Outlook. *[Learn More](../submissions-outlook-report-messages.md)*
 
 ## What you need
 
@@ -55,7 +55,7 @@ Depending on whether you're licensed for Defender for Office 365, you also get a
 1. **Login** to the Microsoft Security portal at <https://security.microsoft.com>.
 2. On the left nav, select **Settings** and choose **Email & collaboration**.
 3. Select **User reported settings**.
-4. Ensure **Monitor report messages in outlook** is selected and select **use the built-in report button**.
+4. Ensure **Monitor report messages in outlook** is selected and select **Use the built-in Report button**.
 5. Under **Send the reported messages to** choose **Microsoft Only** (Recommended).
 
 ## Optional steps – configure notifications
diff --git a/defender-office-365/submissions-admin.md b/defender-office-365/submissions-admin.md
@@ -846,8 +846,8 @@ For email messages, admins can see what users are reporting on the **User report
 
 - The [user reported settings](submissions-user-reported-messages-custom-mailbox.md) are turned on.
 - **Email messages**: You're using supported methods for users to report messages:
+  - The [built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook).
   - The [Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md).
-  - The [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web).
   - [Supported third-party reporting tools](submissions-user-reported-messages-custom-mailbox.md#options-for-third-party-reporting-tools)
 - **Teams messages**: [User reporting settings for Teams messages](submissions-teams.md#user-reporting-settings-for-teams-messages) is turned on.
 
diff --git a/defender-office-365/submissions-outlook-report-messages.md b/defender-office-365/submissions-outlook-report-messages.md
@@ -11,10 +11,10 @@ ms.localizationpriority: medium
 ms.collection:
   - m365-security
   - tier1
-description: Learn how to report phishing and suspicious emails in Outlook using the built-in Report button or the Report Message and Report Phishing add-ins.
+description: Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button or the Report Message and Report Phishing add-ins.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 11/9/2023
+ms.date: 08/19/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -38,24 +38,30 @@ Admins configure user reported messages to go to a specified reporting mailbox,
 
 [!INCLUDE [MDO Setup guide](../includes/mdo-setup-guide.md)]
 
-## Use the built-in Report button in Outlook on the web
+## Use the built-in Report button in Outlook
 
-- The built-in **Report** button is available in Outlook on the web *only* if user reporting is turned on *and* the built-in **Report** button in Outlook (not a non-Microsoft add-in button) are configured in the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) at <https://security.microsoft.com/securitysettings/userSubmission>:
+- The built-in **Report** button is available in the following versions of Outlook:
+  - Outlook for Microsoft 365 and Outlook 2021.
+  - The new Outlook for Windows.
+  - Outlook on the web.
 
-  If user reporting is turned off and a non-Microsoft add-in button is selected, the **Report** button isn't available in Outlook on the web.
+  The **Report** button is available in supported versions of Outlook if both of the following conditions are true:
 
-- Currently, the **Report** button in Outlook on the web doesn't honor the before and after notification pop-up options in the user reported settings.
+  - User reporting is turned on.
+  - The built-in **Report** button is configured in the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) at <https://security.microsoft.com/securitysettings/userSubmission>.
 
-- Built-in reporting in Outlook on the web supports reporting messages from shared mailboxes or other mailboxes by a delegate.
+  If user reporting is turned off and a non-Microsoft add-in button is selected, the **Report** button isn't available in supported versions of Outlook.
+
+- The built-in **Report** button in supported versions of Outlook supports reporting messages from shared mailboxes or other mailboxes by a delegate.
   - Shared mailboxes require Send As or Send On Behalf permission for the user.
   - Other mailboxes require Send As or Send On Behalf permission _and_ Read and Manage permissions for the delegate.
 
-### Use the built-in Report button in Outlook on the web to report junk and phishing messages
+### Use the built-in Report button in Outlook to report junk and phishing messages
 
 - Users can report a message as junk from the Inbox or any email folder other than Junk Email folder.
 - Users can report a message as phishing from any email folder.
 
-In Outlook on the web, select one or more messages, select **Report**, and then select **Report phishing** or **Report junk** in the dropdown list.
+In a supported version of Outlook, select one or more messages, select **Report**, and then select **Report phishing** or **Report junk** in the dropdown list.
 
 > [!div class="mx-imgBorder"]
 > :::image type="content" source="media/owa-report-junk-phishing.png" alt-text="The results of selecting the Report button after selecting multiple messages in Outlook on the web." lightbox="media/owa-report-junk-phishing.png":::
@@ -65,9 +71,9 @@ Based on the [User reported settings](submissions-user-reported-messages-custom-
 - **Reported as junk**: The messages are moved to the Junk Email folder.
 - **Reported as phishing**: The messages are deleted.
 
-### Use the built-in Report button in Outlook on the web to report messages that aren't junk
+### Use the built-in Report button in Outlook to report messages that aren't junk
 
-In Outlook on the web, select one or more messages in the Junk Email folder, select **Report**, and then select **Not junk** in the dropdown list.
+In a supported version of Outlook, select one or more messages in the Junk Email folder, select **Report**, and then select **Not junk** in the dropdown list.
 
 > [!div class="mx-imgBorder"]
 > :::image type="content" source="media/owa-report-as-not-junk.png" alt-text="The results of selecting the Report button after selecting multiple messages in the Junk Email folder in Outlook on the web." lightbox="media/owa-report-as-not-junk.png":::
@@ -77,10 +83,9 @@ Based on the [User reported settings](submissions-user-reported-messages-custom-
 ## Use the Report Message and Report Phishing add-ins in Outlook
 
 - The procedures in this section require the Microsoft Report Message or Report Phishing add-ins. For more information, see [Enable the Microsoft Report Message or the Report Phishing add-in](submissions-users-report-message-add-in-configure.md) installed.
-
 - The versions of Outlook that are supported by the Report Message and Report Phishing add-ins are described [here](submissions-users-report-message-add-in-configure.md#what-do-you-need-to-know-before-you-begin).
 
-### Use the Report Message add-in to report junk and phishing messages in Outlook
+### Use the Report Message add-in to report junk and phishing messages
 
 - Users can report a message as junk from the Inbox or any email folder other than the Junk Email folder.
 - Users can report a message as phishing from any email folder.
@@ -105,7 +110,7 @@ Based on the [user reported settings](submissions-user-reported-messages-custom-
 - **Reported as junk**: The messages are moved to the Junk Email folder.
 - **Reported as phishing**: The messages are deleted.
 
-### Use the Report Message add-in to report messages that aren't junk in Outlook
+### Use the Report Message add-in to report messages that aren't junk
 
 1. In Outlook, open a message in the Junk Email folder.
 2. Do one of the following steps based on your **Ribbon Layout** configuration in Outlook:
diff --git a/defender-office-365/submissions-report-messages-files-to-microsoft.md b/defender-office-365/submissions-report-messages-files-to-microsoft.md
@@ -46,7 +46,7 @@ Watch this video that shows more information about the unified submissions exper
 
 |Method|Submission type|Comments|
 |---|---|---|
-|[The built-in Report button](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web)|User|Currently, this method is available only in Outlook on the web (formerly known as Outlook Web App or OWA).|
+|[The built-in Report button in supported versions of Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook)|User||
 |[The Microsoft Report Message and Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook)|User|These free add-ins work in Outlook on all available platforms. For installation instructions, see [Enable the Report Message or the Report Phishing add-ins](submissions-users-report-message-add-in-configure.md).|
 |[The Submissions page in the Microsoft Defender portal](submissions-admin.md)|Admin|Admins can report good (false positives) and bad (false negative) messages, email attachments, and URLs (entities) from the available tabs on the **Submissions** page. <br><br> Admins can also submit user reported messages from the **User reported** tab on the **Submissions** page to Microsoft for analysis. The **Submissions** page is available only in organizations with Exchange Online mailboxes as part of a Microsoft 365 subscription (not available in standalone EOP).|
 |Report messages from quarantine|Admin and User|Admins can [submit quarantined messages to Microsoft for analysis](quarantine-admin-manage-messages-files.md#report-email-to-microsoft-for-review-from-quarantine) (false positives and false negatives). <br><br> If users are allowed to [release their own messages from quarantine](quarantine-end-user.md#release-quarantined-email), and [user reported settings](submissions-user-reported-messages-custom-mailbox.md) is configured to allow users to report quarantined messages, users can select **Report message as having no threats** (false positive) when they release a quarantined message.|
diff --git a/defender-office-365/submissions-user-reported-messages-custom-mailbox.md b/defender-office-365/submissions-user-reported-messages-custom-mailbox.md
diff --git a/defender-office-365/submissions-users-report-message-add-in-configure.md b/defender-office-365/submissions-users-report-message-add-in-configure.md
