To configure the client Microsoft Windows Defender to record the reported phishing data, please follow the steps below.

1. Access the Advanced Delivery Settings

• In the Microsoft Defender portal (at https://security.microsoft.com), go to Email & Collaboration → Policies & Rules → Threat policies → Advanced delivery (in the Rules section).
  • Alternatively, you can go directly to the Advanced delivery page by using: https://security.microsoft.com/advanceddelivery.
• On the Advanced delivery page, verify that the SecOps mailbox tab is selected. 

2. Configure the SecOps Mailbox

• If no SecOps mailboxes have been configured, select Add in the No SecOps mailboxes configured area.
  • If there are already entries listed, select Edit instead. The Add button will not be available when entries exist.

• In the Add SecOps mailboxes flyout, designate an existing Exchange Online mailbox as the SecOps mailbox by:

  • Clicking and selecting the mailbox, or
  • Typing part of the mailbox name, display name, alias, email address, or account name in the search box and choosing it from the results.
  • ⚠️ Note: Distribution groups are not allowed.
• Repeat the step above for any additional mailboxes you want to add.
• To remove an existing value, select Remove next to the value.
• When you're finished in the Add SecOps mailboxes flyout, select Add.
• Review the information in the Changes to SecOps mailbox override saved flyout, then select Close.

Back on the SecOps mailbox tab, the configured entries will now be visible. (You may switch between normal and compact list spacing by selecting Change list spacing and choosing Compact list.)

• Display name column: Contains the mailbox display names
• Email column: Contains the email address for each entry

⚠️ Important Requirement

• The mailbox designated as the SecOps mailbox must match the email address used in the Microsoft Outlook installer builder. Therefore, this information must be included in the client’s installer build request.
• Source from the Microsoft website here.

3. Enable User Reported Settings in Microsoft Defender

You must also remember to enable the User reported settings in Microsoft Defender.

• In the Microsoft Defender portal (at https://security.microsoft.com), navigate to Settings → Email & collaboration → User reported settings tab.
  • To go directly to this page, use: https://security.microsoft.com/securitysettings/userSubmission.
• On the User reported settings page, the available configuration options depend on the Monitor reported messages in Outlook setting.
• Ensure Monitor reported messages in Outlook is selected, then select Use a non-Microsoft add-in button. 

4. Configure Reporting Options

• Ensure the reporting mailbox matches the one configured earlier.

• Decide whether to customise the feedback email that is sent to users after an admin reviews and marks the message on the User submissions tab on the Submissions page.
• Choose whether users can report emails directly from Quarantine during message release.

5. Save the Configuration

• Select Save to complete the setup.