Microsoft Defender Integration

Phin's Report Phishing Button can now push reported emails to the Microsoft Defender Submission page!

How Does it work?

The Microsoft Defender integration allows you to include a "Reported Message Destination" email address in the Phin Report-a-Phish Integration. Adding this email will submit all non-phin emails reported through the Report-a-Phish button directly to the Microsoft 365 Submission page. 

Now you can automatically submit emails for analysis to Microsoft Defender; without the need to forward reported emails to a designated inbox! Check it out here.

Prerequisites

  1. Turn on the Phin Reporting Phishing Button for the companies that you want to submit emails from.
  2. Enable Microsoft Defender for your Microsoft Tenant and configure a Reported Message Destination.
    1. For more information on how to set this up, see Use the Microsoft Defender portal to configure user-reported settings.
    2. Want to learn more about what you're setting up? Check out Options for Microsoft reporting tools.
    3. For more information on Microsoft's Advanced Delivery, check out the Microsoft 365 Defender Advanced Delivery Guide.

How to Configure in Phin

This integration is configurable within a company level Report Phishing Integration page. The steps to add this configuration are as follows.

  1. Navigate to the Report Phishing Button Integration page.
  2. Under Forwarding Addresses, you will see a new input section titled Microsoft Defender Address.
  3. Add the same email address you used for your Reported Message Destination email forwarding address in Microsoft and click "Save Contacts".
  4. And that's it! Now, emails reported by employees using the Report Phishing Button will be submitted to Microsoft Defender and available in the Submission section.

Screenshot 2024-09-19 at 11.26.23 AM

Automatically submit reported emails for analysis

When you enable the "Submit to Microsoft Defender for Analysis" checkbox, reported emails will automatically be submitted to Microsoft Defender XDR. Below are articles directly from Microsoft pertaining to the submission and analysis process:


Important Notes:

  • ⚠️ For those who enabled the Report Phishing Integration prior to 9/24/2024, you must disconnect and reconnect it to consent to updated permissions before the "Submit for Analysis" checkbox becomes available. You do NOT need to reinstall the Manifest in your tenants.
  • The configuration of the "Submit for Analysis" feature is not dependent on having the "Defender Address" feature configured/enabled. These two features are mutually exclusive.
  • As of now, only the header and body contents of a reported email are submitted for analysis; attachment data is removed due to file size limitations.

Before disconnecting and reconnecting the Report Phishing integration:

After disconnecting and reconnecting, the Report Phishing integration the checkbox becomes available.

Knowledge Base

Phin works to update our Knowledge Base with new features with every release. You can read about the platform and its updates here: https://www.phinsec.io/knowledge.

Thanks for using our product!

We use all provided feedback to help drive Phin's development direction. Please keep reaching out and helping us shape the product's future! All ideas are welcome; please keep them coming!

The Dev Team @ Phin

Need help or have an idea for us? Click here!