The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.
Based on the recent rise in malicious apps, attacker trends, and customer feedback, we realized the need to provide the option to report malicious OAuth applications. We are excited to announce a new feature in the MSRC Reporting Portal and the supporting API that allows the reporting of suspicious OAuth applications registered in Entra ID. This enhancement is aimed at streamlining the investigation process and enabling a quicker and more precise response to customer reports, including improving our detections of malicious applications. The step-by-step guidance for reporting apps is provided later in this blog post.
A common concern from this community has been the inability to report multiple related IPs or URLs in a single abuse report, often resulting in the need to submit multiple reports for the same incident. We have addressed this issue by updating the Abuse Portal to allow reporting of up to 10 IPs and URLs for the same abuse type in one report. The API has also been updated to support this feature without any restrictions on the number, which is particularly beneficial in cases like DDoS attacks. The step-by-step guidance for this is provided later in this blog post.
Summary of incident types that can be reported via the Portal and the API
IP Address Threats
a. Brute Force
b. Denial of Service
c. Illegal
d. Malware
e. Spam
URL-related threats
a. Illegal
b. Malware
c. Responsible AI
d. Phishing Website
Security Threats
a. Vulnerability
OAuth Applications (new)
a. Fraudulent Publisher
b. Suspicious Apps
c. Misuse of Data
Community Gallery
a. Malicious Artifact
b. Malicious Text or URL
Other
a. CSEAI
b. Outlook Spam
c. Tech Support
d. Subpoena
e. Unsafe site or URL
f. Infringement
g. Bing Bot
h. Privacy
There are three categories of incident types available here:
Fill in the associated form to provide the incident details:
This option can be leveraged when you would like to report multiple entities associated with the same incident or incident type. This cannot be used to report multiple incident types in the same report. Doing so will result in an incorrect report which can be non-actionable.
Select the incident type you would like to report. This option is available for the following incident types:
While the rest of the form remains the same, you will notice the option to add more IPs and URLs to the report depending on the incident type. You can add up to 10 at a time in a report using the portal. If you need to report more, please use the API.
The API can be reached at https://api.msrc.microsoft.com/report/v3.0/swagger/v2/swagger.json
The MSRC engineering team’s significant investments in the Abuse Report Portal and API reflect our ongoing dedication to security and customer satisfaction. We are committed to continuous improvement and are already exploring further enhancements to ensure that MSRC remains a leader in responding to online threats.
We encourage our community to use these new features and provide feedback, which is invaluable in our quest to safeguard Microsoft Online Services.
For questions or feedback, please either contact us at [email protected] or share your thoughts at https://aka.ms/msrc-report-abuse-feedback.
Neha Arora, Senior Product Manager, Microsoft Security Response Center