We've previously been using the Sophos Report Message add-in for Outlook to allow people to report messages to us, and allow reporting in the Phish Threat campaigns. We don't have Sophos Mail, but as far as I was aware this just meant Sophos also received a copy of any malicious emails that did get through our alternate mail filter(?), which wasn't really a concern.
However, we've now upgraded our 365 licences to A5 which means we now have the full ATP suite, and are using Microsoft's 'Report Message' add-in. This, obviously, causes quite a lot of confusion amongst our users, so we've had to remove the Sophos one for now. Is there any way to get the two options working together, or am I just going to have to cope with the loss of stats on who reported the campaigns? Disabling the Microsoft one isn't an option unfortunately An ideal situation would be one button which acts exactly as the MS one does, unless it's a Sophos Phish Threat campaign in which case it congratulates the user and marks them as having reported it in the campaign. I suspect MS are going to receive a lot of campaigns reported to them in our current setup
If there's any alternate method I've missed in the documentation, or anyone has any other advice as to what they're doing, any suggestions will be gratefully received.
Thank you for contacting the Sophos Community!
I am not sure but if you use the Phish Threat, you should be able to configure mailboxes, that will receive a copy of the reported message, you could, in theory, add the email address of the Microsoft Report Message add-in.
Before you upgraded to MS you had only the Phish Threat outlook add-in from Sophos?
Thanks for the reply. While I did use the Sophos Report Message button to send a copy to a specified mailbox previously, this doesn't really work with MS ATP (or 365 Defender as they're calling it now), as there are a number of options on the MS button. Previously we didn't have any reporting method for our users, so anything reported via the Sophos button that wasn't a campaign would be sent to us where we could take action against any malicious links or emails... and I must admit I do like the format the Sophos option send reported messages in!
However, now that we're on 365 with a number of options available to users, we have to keep this one enabled... which unfortunately means campaigns will be reported as spam if the users detect them. I was just wondering if I'd missed something, as there must be other Phish Threat users with MS 365 Defender and it's a shame to lose the stats on our Phish Threat campaigns.
Feature request would be to have a button that integrates with MS and acts accordingly when a campaign message is reported (or if there was some way for MS to detect the campaigns)