Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Microsoft Page View Phishing Reporter

The Microsoft Page View Phishing Reporter is a Living Security Outlook add-in that lets users report suspicious emails with one click, helping your organization quickly detect and respond to phishing threats.

- Compatibility
  - Supported Outlook Platforms
  - Supported Browsers
- Where Are Reported Emails Sent?
- Reporting A Simulation
- Reporting A Suspected Phish
- User Experience
- Install Steps
- Understanding Required Graph Permissions
- How the button looks on different platforms
- Why Do Some Users See a Popup or Redirection?
- FAQ

Which Outlook Platforms and Browsers Are Supported?

The Microsoft Page View Phishing Reporter is built using the Microsoft Graph API and is designed to provide a seamless, modern experience across all major Outlook platforms. Unlike the traditional Microsoft Ribbon Phishing Reporter that appears in the toolbar, the Page View version is embedded directly within the email view pane, providing a more integrated user interface.

✅ Supported Outlook Platforms:

  • Outlook Web App (OWA)
  • Outlook Classic Desktop (Windows)
  • Outlook New Desktop (Windows)
  • Outlook Desktop App (macOS)
  • Outlook Mobile App (iOS and Android)

✅ Supported Browsers (on both Mac and Windows):

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Safari
  • Opera

This cross-platform and cross-browser support ensures that your users can report suspicious emails consistently and securely on Outlook platforms, regardless of the device or environment they’re using.

Where Are Reported Emails Sent?

When a user clicks the Phishing Reporter button, the reported suspicious email is sent to one or more destinations, depending on your organization's needs:

  •  📌 Microsoft 365 Defender portal Emails can be submitted directly to Microsoft for further analysis and contribution to spam/phishing intelligence (optional setup). Please refer to this document for setup.
  •  📌 SOC or IT team's inbox The reported email can be forwarded to your designated inbox for internal analysis and response (optional setup). Please visit here for more information.
  •  📌 Incident Responder (if licensed) If your organization uses Incident Responder, the reported email is also logged in the portal for case management, automated response, and automated analysis.

This flexible approach allows your organization to respond quickly to threats using your preferred tools and workflows.

What Happens When Users Report Simulated Emails?

If you are running simulated phishing campaigns such as Phishing Simulator, Callback Simulator, Quishing Simulator through Living Security, the Phishing Reporter can automatically detect and log when a user reports a simulated phishing emails.

This allows you to:

  •  Track individual user performance,
  •  Identify who successfully recognized phishing simulation campaign emails

This feature helps improve your organization’s overall security posture by providing real-time insight into user vigilance.

What Happens When an Employee Reports an Email

When an employee uses the Page View Phishing Reporter Add-in to report a suspicious email, the reported email will be sent with a detailed report directly to your designated SOC or IT email address.

The email that is sent to the SOC/IT team inbox includes:

  •  The attached original email as an .eml or .msg file
  •  The attached full message header of the original reported email as a headers.txt file
  •  The reporting reason selected by the employee (e.g., spam, phishing, unsure)
  •  Any additional comments the employee entered in the message box

This structured report helps your security team quickly understand the context and take action, without needing to follow up with the reporting user.

Microsoft Page View Phishing Reporter User Experience

Here is an example view of the Microsoft Page View Phishing Reporter button on the New Outlook Desktop.

View of Microsoft Page View Phishing Reporter button on New Outlook Desktop App

When using the Phishing Reporter button, clicking the report button opens a side panel instead of the pop-up window.

How to Install the Microsoft Page View Phishing Reporter

  1. Log in to the phishing tool at https://phishing-embed.livingsecurity.com.
  2. Before deploying the button, we recommend customizing it. This can be done in the Add-In Settings tab under the Phishing Reporter menu on the Living Security platform.
  3. Once customization is complete, stay on the Settings tab. Scroll down to the bottom and click Manage and Download. A pop-up will appear. Select Connect Account to proceed.Download Button panel on Phishing Reporter page
  4. Log in to your Microsoft 365 account using your global admin credentials.
  5. Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.
  6. Click the Download button for the Page View button under the Microsoft 365 to download the Microsoft365PhishingReporterAddin.xml file.
  7. In a new tab of your browser, log in to your Microsoft 365 admin center.Microsoft 365 Admin Center
  8. From the menu on the left side of the page, click Settings.
  9. From the Settings drop-down menu, select Integrated apps.Integrated Apps on Microsoft 365 Admin Center
  10. Click Add-ins at the top-right corner of the page.Add-Ins button access on Integrated Apps page
  11. On the add-ins page, click Deploy Add-In.Click deploy add-In button
  12. In the pop-up window, click Next.Deploy a new add-in pop-up message.
  13. Click the Upload custom apps button.
  14. Select the 'I have the manifest file (.xml) on this device' option. Then, click Choose File and select the Microsoft365PhishingReporterAddin.xml file that you downloaded in step 6.Deploy a custom add-in page
  15. Click Upload to install the Microsoft Page View Phishing Reporter add-in.Deployment Settings for Microsoft Page View Phishing Reporter add-in
  16. From the pop-up window, select which users will have access to the Microsoft Page View Phishing Reporter and which method you would like to use to deploy the Phishing Reporter.Deployment Settings for Microsoft Page View Phishing Reporter add-in
  17. Click Next, and additional app permissions will display.
  18. Once you have read the permissions, click Save.Successful deployment message of Microosft Page View Phishing Reporter add-in
  19. Once the pop-up window displays a confirmation that the add-in has been successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about announcement recommendations from Microsoft.Default announcement message provided by Microsoft to inform employees
  20. Click Close to close the pop-up window.

     

Understanding Required Microsoft Graph API Permissions

The Microsoft Page View Phishing Reporter requires specific Microsoft Graph API permissions to function effectively within an organization’s Microsoft 365 environment. These permissions allow the application to interact with users’ emails, retrieve necessary details for reporting phishing attempts, and ensure smooth integration with the email infrastructure.

Below is a breakdown of the permissions required and their purpose:

1. Mail Permissions

  •  Mail.Read: Allows the Phishing Reporter to read the user’s email to retrieve necessary email details such as headers, attachments, and content.
  •  Mail.Read.Shared: Extends read access to shared mailboxes, ensuring that the application can retrieve phishing emails reported from shared accounts.
  •  Mail.ReadWrite: Provides both read and write access to the user’s mailbox, enabling modifications or tagging of emails as needed.
  •  Mail.ReadWrite.Shared: Extends read and write permissions to shared mailboxes for better handling of phishing reports.
  •  Mail.Send: Enables the application to send emails, which may be necessary when forwarding reported phishing emails.
  •  Mail.Send.Shared: Allows the application to send emails from shared mailboxes when the user has the appropriate permissions.

2. User Profile Permissions

  •  profile: Allows the Microsoft Page View Phishing Reporter to retrieve basic user profile information, ensuring accurate reporting and tracking.
  •  Once you accept the permissions, the GRAPH Authorization Successful window will display.

How Microsoft Page View Phishing Reporter Buttons Look on Outlook Platforms

The Microsoft Page View Phishing Reporter button enables users to report suspicious emails quickly and efficiently across various Outlook environments. This guide visually demonstrates how the Phishing Reporter button appears and can be accessed in different Outlook platforms: New Outlook, Classic Outlook, Outlook Web App (OWA), Outlook for Mac, and Outlook Mobile (iOS/Android).

New Outlook

In the redesigned New Outlook interface, the Phishing Reporter button is located in the right-hand apps panel while viewing an email.

  1.  Go to your Inbox.
  2. Select the suspicious email.
  3. Click the Apps icon (grid icon) on the right-hand side panel.
  4. Choose Phishing Reporter from the list.

Classic Outlook

In the Classic Outlook interface, the button is integrated into the ribbon toolbar at the top.

  1.  Navigate to your Inbox.
  2. Open the email you want to report.
  3. Click the Phishing Reporter button on the ribbon at the top of the message window.

Outlook Web App (OWA)

For users accessing Outlook via a web browser:

  1. Open your Inbox in Outlook on the web.
  2. Select the suspicious email.
  3. Click the Apps icon (grid icon) located in the message view panel.
  4. Click on Phishing Reporter.

Outlook for Mac

In macOS versions of Outlook, the button is accessible through the top toolbar options.

  1. Go to your Inbox and select the suspicious email.
  2. Click the three-dot icon (•••) in the top-right corner.
  3. Select Phishing Reporter from the dropdown menu.

Outlook Mobile (iOS / Android)

On mobile devices, the reporting option is available via the message action menu:

  1. While viewing the suspicious email, tap the three-dot menu (•••) in the top-right corner.
  2. Tap on the Phishing Reporter icon from the list of options.


Why Do Some Users See a Popup or Redirection?

When using Living Security’s Phishing Reporter, most users can report phishing emails with a single click, seamlessly and silently. However, some users may occasionally see a popup window or get redirected briefly to Microsoft’s login screen.

This behavior is expected, safe, and part of Microsoft’s secure authentication process.

What Is Supposed to Happen?

Living Security’s Phishing Reporter is designed to authenticate users automatically in the background. In most cases, if the user is already signed into Microsoft 365, the system can confirm their identity silently without any additional steps.

So Why Is There Sometimes a Pop-up or Redirection?

A small number of users may see a sign-in prompt because:

  • They haven’t used the add-in before, and the system needs their permission
  • Their Microsoft 365 session has expired, and reauthentication is required
  • Their browser or security settings block silent sign-in, which is common in private/incognito mode or stricter corporate environments
  • Microsoft requires additional verification, such as multi-factor authentication
  • They’re on a new device or browser that Microsoft doesn’t recognize

In any of these cases, the system must briefly show a popup or redirect them to sign in securely before proceeding.

Will This Happen Every Time?

No. Once a user has signed in and given the necessary permissions, their session is remembered. They typically won’t be asked to sign in again unless:

  •  Their session expires (after days or weeks)
  • Company policy or security tools clear their session
  • New permissions are requested

Bottom Line

Popups or redirections are not errors, they’re part of Microsoft’s secure identity verification process. They ensure that only authorized users can access sensitive data and perform actions like reporting emails.

Living Security follows Microsoft’s best practices to provide the most seamless experience possible, while maintaining strict security and compliance.

Frequently Asked Questions (FAQs)

Q. Can I show a confirmation prompt before deleting a reported email?

A. Yes. To enable a confirmation prompt, go to the Phishing Reporter menu and select the Settings tab. Within the tab, scroll down to the Dialog Box Settings section. Locate the Delete Reported Emails option, and select With Confirmation from the dropdown menu.

 
Q. Does the Microsoft Page View Phishing Reporter work on Outlook Mobile for iPhone or Android?

A. Yes.

 
Q. Can I customize the Microsoft Page View Phishing Reporter side panel message, such as setting a fixed width and height?

A. No, Microsoft does not allow customization of the size of the side panel. Its size is automatically adjusted.

 
Q. Can users choose their preferred language for the Phishing Reporter button pop-up messages?

A. Yes, you can add multiple languages from the Phishing Reporter customization page. When an employee reports an email, the reporting side panel will appear, and they will be able to select their preferred language from the available language options before proceeding with the reporting.

 
Q. If we set the Phishing Reporter button to delete reported emails automatically, can the email be recovered?

A. Yes, if you use the 'Delete reported emails' option with 'Automatically', the reported email will be deleted automatically. The email will be sent to the Trash folder, where you can visit the folder and restore the deleted email.