The Microsoft Outlook “Report Message” feature enables an end-user to report an email as per this screenshot:
Should a User report one of the CSA specially created e-mail templates to Microsoft, then Microsoft will use their URL scanning solutions to test the safety of the e-mail and the link. In doing so, this will create a false/positive in the CSA reporting system because the link will have, in effect, been clicked as if the end-user clicked the link
This document has been created to assist those organisations who have deployed this service and will outline how to create a Microsoft Office 365 Mail Flow rule to stop these e-mails being sent to Microsoft’s specific phishing and SPAM email addresses.
Note: Only our specific emails will be prevented from being sent. All other suspected Malware and SPAM will be forwarded to Microsoft as you would expect.
Create a Mail Flow Rule within Office 365 Exchange
Log into Microsoft Office with an Administrator user profile and select “Admin”
From “Admin”, then select “Exchange”
From within “Exchange” either select “Mail Flow” from the left-hand menu or select “Rules” from “Mail Flow” section of the Dashboard.
Create a new Rule:
Name the rule with a logical description. We suggest “Block Outbound Mail – “CSATraining” in the body for SATT”.
Within “Apply this rule if….” Select “The subject or body includes…”
And add the text “CSATraining” – note: This is case-sensitive and has zero spaces. Please remember to press the “+” button so the text is listed as below. Press “OK”.
Then add the “Recipient” criteria
Within “and” (following your first rule), select “The recipient address matches…”
Junk@office365.microsoft.com(remember to press “+”)
And then add:
firstname.lastname@example.org (again, remember to press “+”)
Once you have pressed “OK”, your new rule should look like the following screenshot:
We recommend setting the “Priority” as “0” (Zero) so the rule is processed first and not bypassed by other rules in your list.
Check that “Enforce” is selected in the “Mode” rule:
Enter a “Comments” to description to ensure you are aware of the reasoning behind this rule for future audits.
Click “Save” and your rule is activated.
You are able to check to see if the rule is working by returning to Outlook and reporting one of our emails to Microsoft.