Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Microsoft Ribbon Phishing Reporter

The Microsoft Ribbon Phishing Reporter lets users report suspicious emails from the Outlook ribbon, helping IT detect threats early. Reports appear in Microsoft 365 Defender and our Incident Responder, with tracking for simulated phishing reports.

- Microsoft Ribbon Phishing Reporter User Experience
- Prerequisites
- How to Install the Microsoft Ribbon Phishing Reporter
- Troubleshooting the Microsoft Ribbon Phishing Reporter
- FAQ
  - Graph Permissions Required

Microsoft Ribbon Phishing Reporter User Experience

Here is an example view of the ribbon phishing reporter on Outlook.

  •  When using the new Outlook Ribbon, clicking the Phishing Report button opens a pop-up window instead of a side panel.
  •  The pop-up provides the same reporting options but appears as a temporary dialog in the center of the screen.
  •  This is the default experience for some Outlook versions, including Outlook on Windows with the new Ribbon UI.

Supported clients

The following table identifies which Outlook clients support the integrated spam-reporting feature. See the full list here from Microsoft official documentation.

Client Status
Outlook on the web Supported*
New Outlook on Windows Supported*

Classic Outlook on Windows

Version 2404 (Build 17530.15000)

 Supported

Outlook on Mac

Version 16.81 (23121700) or later

 Only in Preview, Not Fully Functional (see Preview the integrated spam-reporting feature in Outlook on Mac)
Outlook on Android Not available
Outlook on iOS Not available

ℹ️ * In Outlook on the web and the new Outlook on Windows, the integrated spam-reporting feature isn't supported for Microsoft 365 consumer accounts. Microsoft 365 Consumer accounts (Outlook.com, Hotmail, Live.com) are for personal use and don’t support the integrated spam-reporting feature in Outlook on the web or the new Outlook on Windows.

Prerequisites

Before you can install the Microsoft Ribbon Phishing Reporter for your organization, your organization will need to have a Microsoft 365 mail server and license. The Phishing Reporter is compatible with the following email clients and requirements.

ℹ️ The Microsoft Ribbon Phishing Reporter supports installation for shared mailboxes. This feature requires that Graph API and Nested App Authentication single sign-on (NAA-SSO) permissions are authorized in your Microsoft 365 tenant. See installation steps 5 through 9 below for how to authorize these permissions.

How to Install the Microsoft Ribbon Phishing Reporter

1. Access the phishing simulation tool using this link.
2. Customize Phishing Reporter for your organization's needs
3. Go to Phishing Reporter > Manage and Download section and click “Connect Account”
4. Log in to your Microsoft 365 account using your admin credentials.
5. Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.
6. Once you accept the permissions, the GRAPH Authorization Successful window will display.
7. Click the Download icon below the Microsoft Ribbon Phishing Reporter option to download the PhishingReporterRibbon.xml file.
8. In a new tab of your browser, log in to your Microsoft 365 admin center.
9. From the menu on the left side of the page, click Settings
10. From the Settings drop-down menu, select Integrated apps.
11. Click Add-ins at the top-right corner of the page. The Add-ins page will open
12. On the Add-ins page, click Deploy Add-In. The Deploy a new add-in pop-up window will open.
13. In the pop-up window, click Next.
14.  Click Upload custom apps.
15. Select the I have the manifest file (.xml) on this device option. Then, click Choose File and select the PhishingReporterRibbon.xml file that you downloaded in step 6.
16. Click Upload to install the Phishing Reporter. The Configure add-in pop-up window will open.
17. From the pop-up window, select which users will have access to the Phishing Reporter and which method you would like to use to deploy the Phishing Reporter.

ℹ️ We recommend that you allow all users to access the Phishing Reporter. We also recommend that you use the Fixed deployment method.

18. Click Next, and additional app permissions will display.

19. Once you have read the permissions, click Save. The Deploy Phishing Reporter pop-up window will open.

ℹ️ The expected timeframe for the Phishing Reporter to deploy is 24 hours, but timeframes can vary. For more information about deploying add-ins, see Microsoft's Deploy add-ins in the Microsoft 365 admin center article.

20. Once the pop-up window displays a confirmation that the add-in successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about announcement recommendations from Microsoft.

ℹ️ After you install and deploy the Phishing Reporter, you might receive an email from your mail service provider that contains information you can use to help you announce the Phishing Reporter add-in to your users. Living Security does not send the email about the Phishing Reporter’s intended usage and benefits.

21. Click Close to close the pop-up window.

Troubleshooting Microsoft Ribbon Phishing Reporter

We were unable to process this item. Please try again later.

"We were unable to process this item. Please try again later." message in the Ribbon Phishing Reporter in Outlook.

We were unable to process this item issue on Microsoft Ribbon Phishing Reporter

The suggested solution is to "Toggling on New Outlook"

We recommend this because:

  • Compatibility Issues with Classic Outlook

    • The Microsoft Ribbon Phishing Reporter add-in might not be fully supported or optimized in the classic (legacy) Outlook for Windows except Version 2404 (Build 17530.15000). See Supported Clients

    • Microsoft is shifting support toward New Outlook, which has improved integration with cloud-based services and add-ins.

  • Performance & Connectivity Fixes in New Outlook

    • New Outlook is built on a web-based architecture, offering better compatibility with Microsoft 365 cloud services, including phishing reporting.

    • It resolves time-out errors caused by outdated local add-in frameworks.

  • Bug Fixes & Updates

    • Microsoft frequently updates the New Outlook, while the classic version may have outdated code that affects add-in performance.

  • Cloud Integration & Service Connectivity

    • The Phishing Reporter add-in relies on Microsoft 365 cloud APIs to submit reports.

    • If the classic Outlook version struggles with these connections, switching to the New Outlook can ensure a more stable connection.

       

      Try Enabling "New Outlook" as suggested.

FAQ

Q. Can I show a confirmation prompt before deleting a reported email?

A. No, Microsoft Ribbon Phishing Reporter automatically deletes the reported email and does not provide an option to prompt employees for confirmation before deletion.

 
Q. Does the Ribbon work on Outlook Mobile for iPhone or Android?

A. As of March 2025, Microsoft does not support Outlook Mobile. Please refer to the supported clients list for updates: Supported Clients

 
Q. Can I change the window size of the Ribbon message (e.g., set a fixed width and height)?

A. No, Microsoft does not allow modifications to the pop-up box. Its size is automatically adjusted.

 
Q. Can I provide a language selection option for users to choose their preferred language for pop-up messages?

A. No, Microsoft does not support adding a language selection option within the pop-up. The language is automatically set based on the user’s Outlook language settings.

 
Q. I see the Microsoft Ribbon Phishing Reporter in Outlook Desktop on my MacBook, but it doesn't work. Why?

A. Microsoft currently provides the Ribbon Phishing Reporter for preview purposes only on Outlook Desktop for Mac. While it may be visible, it is not fully functional. Please refer to the supported clients list for details: Supported Clients

 
Q. If Microsoft automatically deletes the reported email, can it be recovered?

A. Yes, after an email is reported, Microsoft displays a message confirming its deletion. This message includes an "Undo" option, allowing employees to recover the reported email if needed.

 
Q. Can I use the Ribbon Add-in and Page View Add-in together?

A. Yes, you can deploy both of them, and your employees can use either the Ribbon Add-in or the Page View Add-in based on their preference.

 
Q. Why can't I report multiple emails at the same time in Classic Outlook on Windows?

A. In classic Outlook on Windows, the Phishing Reporter processes one reported message at a time. If you attempt to report another email while the first one is still being processed, a notification dialog will appear, informing you that the previous report is still in progress.

To report multiple emails, please wait for the current report to complete before submitting the next one. This limitation ensures that each report is properly processed without conflicts.

 
Q. What Permissions are Required for Microsoft Graph API

A. The Microsoft Ribbon Phishing Reporter requires specific Microsoft Graph API permissions to function effectively within an organization’s Microsoft 365 environment. These permissions allow the application to interact with users’ emails, retrieve necessary details for reporting phishing attempts, and ensure smooth integration with the email infrastructure.

Below is a breakdown of the permissions required and their purpose:

  • Mail Permissions
    • Mail.Read: Allows the Phishing Reporter to read the user’s email to retrieve necessary email details such as headers, attachments, and content.
    • Mail.Read.Shared: Extends read access to shared mailboxes, ensuring that the application can retrieve phishing emails reported from shared accounts.
    • Mail.ReadWrite: Provides both read and write access to the user’s mailbox, enabling modifications or tagging of emails as needed.
    • Mail.ReadWrite.Shared: Extends read and write permissions to shared mailboxes for better handling of phishing reports.
    • Mail.Send: Enables the application to send emails, which may be necessary when forwarding reported phishing emails.
    • Mail.Send.Shared: Allows the application to send emails from shared mailboxes when the user has the appropriate permissions.
  • User Profile Permissions
    • openid: Grants access to the user's unique ID, helping in authentication and identity verification.
    • profile: Allows the Microsoft Ribbon Phishing Reporter to retrieve basic user profile information, ensuring accurate reporting and tracking.