Microsoft 365 - NCSC Reporting Button

This article is for customers who want to report phishing emails to NCSC.

Reporting suspicious emails to the NCSC helps fight phishing. Within seconds of a user report, the NCSC will investigate your report, and if deemed suitable, take down the malicious website.

Users can report emails to the NCSC using a standard Phishing Report Button available from Microsoft, the button looks like this:

To avoid the reporting service from interacting with training simulations, we can apply some mail flow rules to ensure only genuine phishing emails are forwarded to Microsoft and the NCSC. This will help to reduce the load on these services. 

A two-part mail flow rule is required, the first rule will add an additional message header to training simulations and the second rule will stop reports going to Microsoft and the NCSC.

1.) Setup the Phishing Report Button following this guidance: https://www.ncsc.gov.uk/guidance/configuring-o365-outlook-report-phishing-for-sers

2.) Create a second mail rule called 'Exclude Training Simulations' with a higher priority than the NCSC rule that excludes training simulation emails from being sent to Microsoft/NCSC:  

The 'Exclude Training Simulations' rule will take reported training simulations and send them to the bin, if you wish to receive internal notifications of staff reported emails you can change this rule to send reports to a phishingreports@yourorganisation.com email address.