Report a Phish add-in buttons - include original reported email as an attachment | Voters

Report a Phish add-in buttons - include original reported email as an attachment

planned

Matthew

When a user reports a phish using the DeeDee add-in buttons, it currently forwards the email content as a message and not an attachment. These are then sent back as attachments from the Forward Reported Phishing Attempts. Our third-party email filtering system from can't ingest these reports into their Phishing component, as the original email is not included as an attachment.

The DeeDee button add-in should function the same way as the built-in Microsoft reporting option and include the original reported email as an .eml attachment that can be processed directly by other systems.

December 2, 2025

Dima Kumets [Product Manager - Huntress]

marked this post as

planned

Andrew Pearson

We have a similar requirement to support this Defender feature. This is critical to ensure we continue to provide AIR capability to our customers after rolling out Huntress SAT. 
https://www.microsoft.com/en-au/microsoft-365/roadmap?id=406167
https://m365admin.handsontek.net/microsoft-defender-for-office-365-third-party-add-in-user-report-can-be-sent-to-microsoft-for-analysis-2/