O365 Security Identify User Submissions Work Instruction

This work instruction will allow an administrator to view submissions that end users have reported as being false positive or false negative; additional review will need to be conducted to determine if an allow or block is necessary.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity

  1. Navigate to User Reported Submissions – O365 Defender, to view the applicable submissions, the start date may need to be altered. Select Filters, followed by entering a Start Date and End Date. Click Apply.
  2. The submissions will be displayed, along with pertinent information.
  3. As the administrator, you will be able to view the message and make any troubleshooting decisions dealing with message handling.

You're Finished!

You should have successfully viewed all user submissions; it will be left up to you to figure out the legitimacy of the sender and determine if a domain allowance or block is necessary on the sender. For any other problems or questions, reach out to us!