When you turn on the Approval step, the administrator you specify will get a notification each time a user reports a potential phishing attack.
The email notification can have an embedded URL which takes the approver directly to the approval page. This should be configured automatically during setup but if it’s not, do this: