Try below steps
Sign in to the Microsoft 365 Defender portal.
Select “Threat management” > “Policy” > “Threat policies”.
Click on “Anti-phishing” and then click on “Edit policy”.
Scroll down to “Report messages” and select “Custom email address”.
Enter the email address of the mailbox you want to forward actual phishing attempts to.
Click on “Save”.

very valid question. if it deliver to microsoft, it will reenforce, but not when you deliver to your own mailbox. 

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications?view=o365-worldwide

@Amit - Can you send me screen shots of the pages you're referring to? I don't seem to have the same navigation options.

However, I have already configured an address to send reported messages to by going to Settings>Email & Collaboration>User reported settings. The problem is that it sends user reported simulation emails as well as actual phishing emails. Thus it creates a lot of clutter to sort through to determine what we actually need to look into.

thats the problem, because it submit to your reporting mailbox only, hence it did not have the automated capability on the link i provided previously. 

Even when I change the settings to report to Microsoft and my reporting mailbox it still sends simulations to the reporting mailbox.


We want to know about actual phishing emails so that we can take action if needed. However, we don't want the mailbox cluttered up with 100 users reporting a simuated phishing email every time we run a simulation.

The KnowBe4 Phish alert button has this ability to only send actual phishing emails to the reporting mailbox. Is this not possible with Microsoft?