We send phishing simulation emails to user's Outlook clients with a 3rd party SaaS. I've also have globally enrolled the 'Report Message' add-in for all our users, that they're actively using. (Add-in from Microsoft themselves)
I've seen in the Defender 365 Admin portal that Microsoft automatically detects these simulation emails and puts them under "Phishing simulations".
Now, I want to make some sort of Exhange rule that 'rewards' the user after they've succesfully reported a simulation email from us. This could either be a notification that pops up, or an email.
The whole point of making this is to let users see that they've succesfully reported a simulation email, + minimizing labor to manually reply to these simulation emails in the 365 Defender portal.
Can someone guide me in the right direction to make such a rule?
I've already looked at numerous of Exchange rules, but I don't see an option anywhere to detect if a user has reported an email. On the other hand, detecting a phishing simulation of ours is quite easy since there's always an unique value in the email header that we can detect.
I was thinking about something like this:
User reports email > system checks if certain header value matches that of our phishing simulations > send notification/email to user who reported the email.
Thanks!
(Please go easy on me, since I'm quite new to this stuff!)
