Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Integrating Microsoft Phishing Reporting Button with the Phishing Tool

This integration enables dual reporting, sending emails reported via Microsoft’s Phishing Reporting Button to both Microsoft Defender and our Phishing Tool for advanced analysis.

- Key Benefits
- Set Up The Integration
- Possible Considerations

Key Benefits:

  •  Dual Reporting: Emails reported via the Microsoft Phishing Reporting Button are sent to both Microsoft Defender and our Incident Responder product for advanced analysis.
  •  Simulation Tracking: During phishing simulation campaigns, we track employees who report simulated phishing emails, helping administrators measure awareness and provide training.

Set Up The Integration

Step 1: Create a Shared Mailbox for Reports

If you don’t already have a shared inbox for phishing reports:

  2.  Navigate to Recipients > Mailboxes > Add a Shared Mailbox.
  3.  Enter a Display Name and Email Address for the shared mailbox.
  4.  Click the Create button to create a shared mailbox.

Step 2: Set Up a Mail Flow Rule

Forward reported phishing emails to us using a mail flow rule:

  1.  Please contact the support team to get an email address for forwarding.
  2.  Log into the Microsoft 365 Admin Center and open the Exchange Admin Center.
  3. Go to Mail Flow > Rules and click Create New Rule.
  4. Configure the rule:
    •  Name: Enter a name such as "Forward Reported Emails to Living Security Phish".
    •  Set Apply this rule if: Select the "The recipient" and then select the "is this person" option. Please enter the shared mailbox email address that you created in the previous section.
    •  Do the following: Select the "Add Recipients" and then select the "to the To box" option. Please enter the email address that you got from the Support Team.
  5.  Leave the "Except if" option as default and then click Next.
  6.  Leave the "Set rule settings" page settings as default and then click Next.
  7.  Click Finish to create the rule.

Step 3: Configure the Microsoft Phishing Reporting Add-In

  1.  Open User Submission Settings in your Microsoft 365 portal.
  2.  Ensure “Monitor reported messages in Outlook” is active.
  3.  Choose “Use the built-in Report button in Outlook”.
  4.  Set “Reported message destinations” to “Microsoft and my reporting mailbox” or “My reporting mailbox only”.
  5.  Add your shared mailbox that you created at the beginning of the document to the "Add an exchange online mailbox to send reported messages to:" field and save.

Step 4: Install the Microsoft Outlook 365 'Report Phishing' Add-In

If not already installed:

  1.  Visit Microsoft AppSource and search for “Report Phishing”.
  2.  Click Get it now and follow the installation instructions.
  3.  Wait up to 12 hours for the add-in to appear in Outlook.

Step 5: Test the Integration

  1.  Launch a phishing simulation campaign through our Phishing Simulation Tool.
  2.  Report a simulation email using the Microsoft Phishing Reporting button. Then, go to your campaign report and click the Reporters menu to verify that you reported the simulation email.
  3.  Verify the email is also visible on our Incident Responder page.

Possible Considerations

  •  Reporting Delays: When Microsoft forwards reported emails to the specified email destination, there may be a delay caused by Microsoft’s internal processing. For example, some emails may appear immediately whilst other emails may take 10 minutes to get reported to Living Security from Microsoft.
  •  Blocked Emails: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.
  •  Interference: External security solutions, such as Data Loss Prevention (DLP) systems, may interfere with email forwarding from Microsoft to Living Security. This can result in delays or prevent emails from being reported altogether.
  •  Email Quarantine: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.
  •  Policy Conflicts: Custom email policies on the customer’s Microsoft tenant could block or redirect reported emails, affecting Living Security's tracking.
  •  Server Downtime: Temporary unavailability of Microsoft or Living Security's email servers can result in reporting delays.