Hi All,

It would be helpful if upon review & rejection of suspicious inbox rule incidents, when they were determined to be false positives or benign true positives, we were presented with the option to "reenable" from the console.

As it stands, we are only able to do this by using the Exchange PowerShell module (which I don't necessarily want our lower-level techs working in), or by contacting the end user (which I'd rather not since we're the ones who disabled the rule).

Similar functionality for other 365 detections (e.g., User account locked) would be nice to have, but since those can be reenabled from the web console they're not as critical.

Let me know if you have any questions!

Thanks,

Matt