Configure Positive Phishing - Microsoft

How to configure your organisation to support a positive phishing campaign

Positive phishing is about more than just sending out simulated phishing emails; it's about creating a culture of security awareness and collaboration in schools. When staff feel supported and educated rather than penalised, they are more likely to engage actively in cybersecurity efforts, making the school safer.

Before you start, you'll need to configure your Microsoft Defender implementation to support reporting potential phishing emails as part of your Secure Schools phishing simulation campaign. If you're unsure how to do this, this article at Microsoft provides a good starting point.

Configuring Microsoft Outlook 365's 'Report Phishing'

To incorporate Secure Schools' Phishing simulations into your campaign:

  1. Create a contact for the following email address eu-west@reports.secureschools.com
    Screenshot 2024-09-12 at 12.13.27
  2. Create a distribution list for your users to send our phishing emails to, we recommend something like "phishing@schoolname.com" ensure you also enable the following setting
    Screenshot 2024-09-04 at 12.12.05
  3. Add eu-west@reports.secureschools.com to the new phishing distribution list. 
    Screenshot 2024-09-12 at 12.16.44
  4. In Microsoft Defender, open System, select Settings, and click on Email & collaboration
    Defender Settings-1
  5. In the menu that opens, select User reported settings, then scroll down to Reported message destinations and update the two fields to ensure Send reported messages to is set to My reporting mailbox only and that the phishing email address you created above is added to the second field.

  6. Click Save

Note that these changes may take time to propagate. In most circumstances, this is under an hour, but it may take longer. 

You can review the submissions your users have made at security.microsoft.com/reportsubmission