Monday, April 11, 2022

Unified submissions in Microsoft 365 Defender now in public preview

It's time for a new, unified submissions experience 

Your security team now has a “one-stop shop” for submitting emails, URLs, email attachments, and files in one, easy-to-use submission experience. To simplify the submission process, we are excited to announce a new unified submissions experience in the Microsoft 365 Defender portal ( With unified submissions (currently in public preview), you can submit files to Microsoft 365 Defender for review from within the portal. We are also adding the ability to submit a file directly from a Microsoft Defender for Endpoint Alert page.  


Important note: Currently, the new submissions experience is available only in subscriptions that include Microsoft 365 Defender, Microsoft Defender for Endpoint Plan 2, or Microsoft Defender for Office. 


Let’s look at the new unified submissions experience! 




New entry points to submit items for analysis 

With unified submissions in preview, you can submit files from these entry points in Microsoft 365 Defender: 

  • Submissions page. You can add a new submission to report a file as clean (false positive), unwanted software or malicious (false negative).  
  • An Alert page. While viewing an alert, you can choose the action to submit a file for analysis “Submit items to Microsoft for review”. 

The Submissions portal that was previously under Email & collaboration is now in the unified submission surface.  


Tabs you’ll see on the new Submissions page 

The new, unified submissions page includes the following tabs: 

  • Emails 
  • URLs 
  • Email Attachments 
  • Files 
  • User reported messages 

You can now see submission items broken out by type (Emails, Email Attachments, URLs, Files and User reported messages). A security admin can view the collection of emails that your users have submitted for review and create a submission to Microsoft if needed. 


Note: If your subscription includes Microsoft 365 Defender, you’ll see all five tabs. If your subscription only includes Defender for Endpoint Plan 2, you’ll only see the Files tab. And, if your subscription only includes Defender for Office 365, you won’t see the Files tab. 


The Alert page submission experience 

You can now submit a file for analysis from the Alerts page. Open the Microsoft 365 Defender portal. Go to Incidents & alerts, and then select Alerts to view the list of alerts. You can then select a Microsoft Defender for Endpoint alert that contains an item you want to report.  


Notice a checkbox on the alert submission form for “Include alert story.” By choosing this option, you’ll attach a JSON file of the alert story with your submission. That file will be shared with our analysts to improve the quality of results and the response time of your submission. 



Here’s what the alert page submission entry point looks like: 




And here’s an example of an alert page submission form: 




The Submissions list 

Your Submissions list enables you to see all of your company’s submissions in one place, organized by type: Emails, Email attachments, URLs, Files, and User reporting messages. You can also create a new submission on this page. (You must have the Global Administrator, Security Administrator, or Organization Management role assigned.) 


To use the Submissions list, go to the Microsoft 365 Defender portal, and then select Submissions. Then choose one of the available options. In the following example, we are showing the File submission option: 


The File submission list looks like this: 




On the Files tab, we select Add new submission. This action opens the File submission form, which looks like this: 




After submitting the file for analysis, the File submission results now look like this: 



Known issues 

When adding text in the Notes for Microsoft box, the cursor might jump to the end of the line when you try to place the cursor in the middle of an already typed line to add more text. We are working to resolve this issue. 


Learn more 

Want to learn more about Unified submissions? See Submit suspected files in Microsoft Defender for Endpoint for more details. 


Let us know what you think! 

We are excited to bring you this simplified submission experience! Try it out and let us know what you think. Tell us if the new, unified experience is helpful, and share any additional requests or suggestions you have for improving the experience! 

Posted at