This detection rule monitors and identifies emails reported by users in Office 365 that have been deemed malicious after submission via Outlook's built-in report feature. When users report potentially harmful emails, Microsoft analyses these submissions and generates alerts based on whether the reported email is identified as phishing or containing malware. The analytic leverages the O365 Universal Audit Log to detect instances where reported emails return a 'Phish' or 'Malware' verdict. The rule processes the log data, extracting relevant fields such as the sender and subject, counting occurrences, and providing a timeline for the report submissions. This functionality aims to empower users to actively participate in maintaining security while also enabling security teams to respond to and analyze threats effectively.