Integrating Microsoft Report Phish Button with Dune Security – Dune Security Support Center

Share report report data with Dune Security

Integrating Microsoft Report Phish data with Dune Security allows organizations to automatically forward simulated phishing attack from users to Dune Security for real-time analysis and risk adjustment. This integration is critical to improving user behavior insights, enhancing security training, and dynamically lowering risk scores for employees who report phishing attempts.By setting up an automatic forwarding rule in Microsoft Exchange, phishing reports are seamlessly shared with Dune Security, ensuring users’ vigilance is rewarded while improving the organization’s overall risk posture.

Why Integrate Microsoft Report Phish with Dune Security?

1.Enhance User Risk Scores: Automatically adjust user risk scores in Dune Security based on proactive behavior like phishing reporting.

2.Streamline Phishing Analysis: Centralize phishing incident reporting to Dune’s AI-driven platform for better decision-making and training adjustments.

3.Strengthen Organizational Security: Encourage end-user vigilance, creating a stronger first line of defense.

Steps to Set Up Integration

Step 1: Access Microsoft Defender Console

Log in to your Microsoft Defender console.
Navigate to the System > Settings menu
- Click on the Email & Collaboration item
  1. Click on the User reported settings menu item
    1. Select the following:
      - Monitor reported messages in Outlook
      - Ask the user to confirm before reporting
      - Show a success message after the message is reported
  2. Navigate to the Reported item destinations
    - In the Send reported items to dropdown box select Microsoft and my reporting mailbox
    - In the Add an exchange online mailbox to send reported items to field add the destination email address (e.g., distribution list, shared mailbox or email address) of the phish reporting email address.
      - E.G., abusemailbox@customer.com
    - Unselect the Allow reporting for quarantined messages. Only admins can report quarantined Team messages box.

Step 2: Access Microsoft Exchange Admin Console

Log in to your Microsoft Exchange admin center.
Navigate to the Mail Flow section under the Admin Console and select Rules.

Step 3: Create an Automatic Forwarding Rule

Locate Rules Configuration:
- In the Rules section, click Add a Rule and select Create a New Rule.
Add Conditions:
- Name: Dune Simulated Phish Forwarding
- Apply this rule if:
  - The subject or body; subject or body includes any of these words:
    - Enter the Dune email header "dunesecurity-phishing-simulation"
- And:
  - Any recipient; address matches any of these text patterns
    - Enter your organizations email address of where reported phishing emails are sent to.
    - A "^" must be added prior to the email address and a $ must be added following the email address
      - E.g., ^abusemailbox@customer.com$
- Do the following:
  1. Add recipients: to the Cc box
    - Copy the message to secops@dunewatchtower.com

3.Set Rule Settings:

Rule mode: Enforce
Severity: Not specified
Match sender address in message: Header

4.Save the Rule:

Click Review and Finish to enable automatic forwarding.

Step 4: Test Functionality

Contact your Customer Success Engineer or support@dune.security to test this integration.

Related to