Manually submit phishing emails to Microsoft for analysis

You can use the details in Phish Alert Report email notification to manually submit the suspected phish to Microsoft 365 Defender for analysis.


IMPORTANT NOTE: Emails over 30 days old cannot be submitted using the method below.


1. Open the Microsoft 365 Defender portal


2. Go to the Submissions page

  • Select Investigation & response > Actions & submissions > Submissions from the menu on the left.

3. Complete the Submissions

  • Click Submit to Microsoft for analysis to open the form below:


  • Select Email from Select the submission type
  • Under Add the network message ID or upload the email file select Add the email network message ID
  • Enter the Network Message ID from your Phish Report Notification
  • Enter the recipient's email under Choose at least one recipient who had an issue
  • Select I've confirmed it's a threat under Why are you submitting this message to Microsoft?
  • Select Phish under Choose a category.
  • Click Submit to complete the process.

The email will be sent to Microsoft for review to improve the detection of phishing emails in Microsoft 365.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.