(2025-01) Action required: Defender integration must be re-configured by Feb 17th, 2025

UPDATE 04.04.2025

Microsoft has just completed the rollout of a long-awaited feature improvement that allows the reported emails to be automatically forwarded to Microsoft.

To re-configure your Defender integration, please now refer to: (2025-04) Automatically send reported message to Microsoft is now available for Hoxhunt customers using the new Defender integration

Customers who are setting up Defender integration for the first time should follow the instructions here: Submit reported threats to Defender

 

Background information

Hoxhunt’s original Defender integration was based on an API call that sent reported emails directly to your tenant’s user submissions and further to Microsoft. Microsoft is deprecating the said API call, and requires user submissions to be uploaded to Defender via mail-based flow instead.

Many customers have also wanted to hide Microsoft’s native Report button in Outlook clients as it has a very prominent placement compared to third-party reporting add-ins. If you decided to hide the native Microsoft reporting button, you had to utilise Hoxhunt’s Phish forwarding address field to mimic the mail-based reporting flow to Defender, but this approach categorized all reported emails as phish, even when user reported the email as spam.

 

Thanks to the new mail-based submission of reported emails to Defender:

  • Customers can submit reported emails to their tenant’s Defender under User reported messages
  • Customers can configure Defender to automatically forward the reported emails further to Microsoft
  • Submitted emails are correctly categorized as “Phish”, “Spam” and “Not Spam
  • Submitting emails from shared mailboxes to Defender is now natively supported
  • Customers can choose to hide Microsoft’s native report button and display only Hoxhunt’s reporting button
  • Customers can define Phish forwarding, Spam forwarding and Submit to Defender addresses separately if they so wish.

 

Timeline

Deadline for the change is February 17th, 2025. Hoxhunt’s original Defender integration was based on an API call that sent reported emails directly to your tenant’s user submissions. The API call is relying on legacy Exchange Online access tokens, and Microsoft is turning them off February 17th, 2025.

While customers can temporarily re-enable the legacy Exchange Online access tokens in their tenant, the change is inevitable - you must re-configure your Hoxhunt Defender integration by 17th of February 2025 to avoid any service disruption.

Was this article helpful?

6 out of 6 found this helpful

Have more questions? Submit a request