The Report Message and Report Phishing add-ins in classic Outlook let users flag unwanted email as junk or phishing directly from the ribbon. In the new Outlook for Windows, these add-ins are no longer available because the application uses a built-in reporting system instead. This article explains exactly what changed, how the new reporting system works, and what IT administrators need to know about policy settings and end-user behavior.
Key Takeaways: Reporting Junk and Phishing in New Outlook vs Classic Outlook
- Built-in Junk and Phishing buttons in new Outlook: Replace the classic Report Message and Report Phishing add-ins with native ribbon icons that send reports to Microsoft 365 without requiring an add-in installation.
- Submissions to Microsoft 365 and Microsoft: New Outlook sends a copy of the reported message to your organization’s submissions mailbox and optionally to Microsoft for analysis, controlled by the same user-reported message settings in the Microsoft 365 Defender portal.
- No support for third-party reporting add-ins: New Outlook does not load COM add-ins, so any custom or third-party reporting tools that worked in classic Outlook must be replaced by built-in submission policies or the Microsoft Submissions Add-in for new Outlook.
Why the Reporting System Changed in New Outlook
Classic Outlook 2016, 2019, and Microsoft 365 versions used COM add-ins to provide the Report Message and Report Phishing buttons. These add-ins were separate components that had to be enabled per user or deployed via Group Policy. The new Outlook for Windows is built on a different platform that does not support COM add-ins at all. Instead, Microsoft embedded the reporting functionality directly into the application.
This change has two major effects. First, users see a Junk dropdown and a Phishing button in the ribbon by default with no add-in setup required. Second, administrators must configure user-reported message settings in the Microsoft 365 Defender portal rather than relying on add-in management. The underlying reporting pipeline to Microsoft 365 and to Microsoft’s analysis team remains the same, but the client-side trigger point has moved from an add-in to the native app.
What the Built-in Reporting Buttons Look Like
In new Outlook, the Home ribbon contains a Junk dropdown with options for Report as Junk, Report as Phishing, and Report as Not Junk. A separate Phishing button also appears in the ribbon when a message is selected. These buttons are always present and cannot be removed through the ribbon customization menu. If your organization uses a third-party reporting tool, that add-in will not load in new Outlook.
How to Report Junk or Phishing in New Outlook
The steps for end users are simpler than in classic Outlook because no add-in activation is needed.
- Select the suspicious message
Click the email in your inbox to highlight it. You do not need to open the message in a separate window. - Click the Junk dropdown in the Home ribbon
On the Home tab, locate the Junk button in the Delete group. Click the dropdown arrow and choose Report as Phishing or Report as Junk depending on the message type. - Confirm the report in the pop-up dialog
A dialog box appears asking you to confirm the submission. Check the box labeled Send a copy to Microsoft to help improve email filtering if your organization allows this. Click Report to send the message. - Check the confirmation banner
After reporting, a banner appears at the top of the Outlook window confirming that the message was reported and moved to the Junk Email folder or Deleted Items folder.
If you want to report a message that is already in your Junk Email folder, select it and use the same Junk dropdown. The option Report as Not Junk moves the message back to the inbox and sends a false-positive report to your organization.
Administrator Configuration for User-Reported Messages
Administrators control where reported messages go and whether copies are sent to Microsoft. These settings apply to both classic Outlook with add-ins and new Outlook with built-in buttons.
- Open the Microsoft 365 Defender portal
Go to security.microsoft.com and sign in with an account that has Security Administrator or Global Administrator permissions. - Navigate to Policies and rules > Threat policies
In the left navigation, expand Policies and rules, then click Threat policies. Under the Policies section, click User-reported message settings. - Configure the submissions mailbox
Under the User-reported messages tab, select the option Send the reported message to Microsoft for analysis and also to your reporting mailbox. Enter the email address of the mailbox where you want copies of user reports to be stored. This is typically a shared mailbox monitored by your security team. - Choose what happens to the reported message in the user’s mailbox
Select whether the original message is moved to Junk Email, Deleted Items, or Quarantine after reporting. The default is Junk Email for junk reports and Deleted Items for phishing reports. - Save the settings
Click Save at the bottom of the page. Changes take effect within 30 minutes for most tenants.
Common Issues with Reporting in New Outlook
The Report Message or Report Phishing add-in is missing from the ribbon
This is not a problem. New Outlook does not use these add-ins. The built-in Junk and Phishing buttons replace them. If your users are accustomed to the add-in icons, train them to use the Junk dropdown or the Phishing button on the Home tab.
Users report that the Phishing button is grayed out
The Phishing button becomes active only when a message is selected. If no message is highlighted, the button appears dimmed. Select any email in the message list to enable the button. This applies to both the Junk dropdown and the standalone Phishing button.
Reported messages are not appearing in the submissions mailbox
Check the User-reported message settings in the Microsoft 365 Defender portal. Verify that the submissions mailbox address is correct and that the mailbox exists. Also confirm that the policy is applied to the correct user group. If you use a mail flow rule to redirect reports, note that new Outlook sends reports directly to the configured mailbox, not through transport rules.
Third-party reporting add-in does not work in new Outlook
New Outlook does not load COM add-ins. If your organization relies on a third-party reporting tool, you have two options. First, switch to the built-in reporting system and configure the submissions mailbox to forward reports to your third-party system. Second, ask the vendor if they provide a Microsoft 365 Submissions Add-in that works with new Outlook. If neither option works, users must remain on classic Outlook until the vendor releases a compatible solution.
Built-in Reporting in New Outlook vs Classic Outlook with Add-ins
| Item | Classic Outlook with Add-ins | New Outlook Built-in |
|---|---|---|
| Reporting trigger | COM add-in loaded into the ribbon | Native Junk dropdown and Phishing button |
| Add-in installation required | Yes, per user or via Group Policy | No, always present by default |
| Third-party add-in support | Yes, any COM add-in works | No, COM add-ins are not supported |
| Administrator configuration | Add-in deployment plus Defender settings | Defender settings only |
| Message submission to Microsoft | Controlled by Defender settings | Controlled by Defender settings |
| User experience | Click add-in button, confirm dialog | Click Junk or Phishing button, confirm dialog |
Both systems send the same type of report to the same destination. The only difference is how the user initiates the report. New Outlook removes the add-in dependency while keeping the same backend pipeline.
The built-in reporting in new Outlook eliminates the need for add-in management and provides a consistent experience across Windows and web clients. Administrators should verify that their user-reported message settings in the Microsoft 365 Defender portal are configured correctly before migrating users. For organizations that require third-party reporting, consider using the Submissions Add-in from the Microsoft 365 admin center or configure a mail flow rule to forward copies from the submissions mailbox to your external system.