Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Integrating the Microsoft Phishing Reporter Button with our Phishing Tool

This integration allows your organization to continue using Microsoft’s Phishing Reporting button while forwarding reports to our Phishing Tool for deeper analysis and tracking.

- Key Benefits
- Steps to Set Up the Integration
- Possible Limitations

Key Benefits

  • Dual Reporting: Emails reported via the Microsoft Phishing Reporting Button are sent to both Microsoft Defender and our Phishing Tool for advanced analysis.

  • Simulation Tracking: During phishing simulation campaigns, we track employees who report simulated phishing emails, helping administrators measure awareness and deliver targeted training.

Steps to Set Up the Integration


Step 1: Create a Shared Mailbox for Reports

If you don’t already have a shared inbox for phishing reports:

  1. Log into the Microsoft Exchange Admin Center.

  2. Navigate to Recipients > Mailboxes > Add a Shared Mailbox.

  3. Enter a Display Name and Email Address for the shared mailbox.

  4. Click the Create button to create a shared mailbox.

Step 2: Set Up a Mail Flow Rule

Forward reported phishing emails to us using a mail flow rule:

  1. Please submit a request to our support team to get an email address for forwarding.

  2. Log into the Microsoft 365 Admin Center and open the Exchange Admin Center.

  3. Go to Mail Flow > Rules and click Create New Rule.

  4. Configure the rule:

    • Name: Enter a name such as "Forward Reported Emails to Living Security".

    • Set Apply this rule if:  Select the "The recipient" and then select the "is this person" option. Please enter the shared mailbox email address that you created in the previous section.

    • Do the following: Select the "Add Recipients" and then select the "to the To box" option. Please enter the email address that you got from the Support Team.

  5. Leave the "Except if" option as default and then click Next.

  6. Leave the "Set rule settings" page settings as default and then click Next.

  7. Click Finish to create the rule.

Step 3: Configure the Microsoft Phishing Reporting Add-In

  1. Open User Submission Settings in your Microsoft 365 portal.

  2. Ensure “Monitor reported messages in Outlook” is active.

  3. Choose “Use the built-in Report button in Outlook”.

  4. Set “Reported message destinations” to “Microsoft and my reporting mailbox” or “My reporting mailbox only”.

  5. Add your shared mailbox that you created at the beginning of the document to the "Add an exchange online mailbox to send reported messages to:" field and save.

Step 4: Install the Microsoft Outlook 365 'Report Phishing' Add-In

If not already installed:

  1. Visit Microsoft AppSource and search for “Report Phishing”.

  2. Click Get it now and follow the installation instructions.

  3. Wait up to 12 hours for the add-in to appear in Outlook.

Step 5: Test the Integration

  1. Launch a phishing simulation campaign.

  2. Report a simulation email using the Microsoft Phishing Reporting button. Then, go to your campaign report and click the Reporters menu to verify that you reported the simulation email.

  3. Verify the email is also visible on the Incident Responder page, if applicable.

Possible Limitations

  • Reporting Delays: When Microsoft forwards reported emails to the specified email destination, there may be a delay caused by Microsoft’s internal processing. For example, some emails may appear immediately whilst other emails may take 10 minutes to get reported to us from Microsoft.

     

  • Blocked Emails: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.

     

  • Interference: External security solutions, such as Data Loss Prevention (DLP) systems, may interfere with email forwarding from Microsoft to our Phishing Tool. This can result in delays or prevent emails from being reported altogether.

     

  • Email Quarantine: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.

     

  • Policy Conflicts: Custom email policies on the customer’s Microsoft tenant could block or redirect reported emails, affecting our tool's tracking.

     

  • Server Downtime: Temporary unavailability of Microsoft or our email servers can result in reporting delays.