Office 365 Deployment of Phishing Button


This section will guide you in how to customize and install the Outlook Suspicious Email Reporter Add-In for users' O365 email boxes. When this add-in has been published, users will see Add-in on their devices (Outlook App, OWA, mobile, tablet, laptop) and use it to report suspicious emails.

Customize Suspicious Email Reporter Add-in

Log in to the dashboard and select the Incident Responder > Phishing Reporter page. Customize each field as required, and once completed, click Save Changes.

Then click Download and download the OWA / Exchange XML add-in file or copy the link.

This download/link will be required later in the installation.

If you want to customize your add-in, please change the following fields in bold when editing the XML file before proceeding to the next steps:

  • <ProviderName>Your Company Name</ProviderName>
  • <DisplayName DefaultValue="Suspicious E-Mail Reporter"/>
  • <Description DefaultValue="It is a phishing reporter button that allows the user to turn it into action when they receive a suspicious mail.This provides SOC teams the ability to detect and block attacks early."/>
  • DefaultValue=""/>
  • <SupportUrl DefaultValue=""/>
  • DefaultValue=""/>
  • DefaultValue=""/>
  • DefaultValue=""/>
  • <bt:String id="groupLabel" DefaultValue="Your Company Name"/>
  • <bt:String id="customTabLabel" DefaultValue="Your Company Name"/>
  • <bt:String id="paneReadButtonLabel" DefaultValue="Report as suspicious"/>
  • <bt:String id="paneReadSuperTipTitle" DefaultValue="Report as suspicious"/>
  • <bt:String id="paneReadSuperTipDescription" DefaultValue="This add-in helps to report suspicious email."/>

Deploying Suspicious Email Reporter O365 Add-in

Log in to your Microsoft 365 Admin Center.

Go to Add-ins.

Click +Deploy Add-in and click Next. Under Deploy a custom add-in, click Upload custom apps.

Select the option to Deploy a new add-in. Select one of the following:

  • ‘I have the manifest .xml file’ (the XML file downloaded earlier from Phishing Reporter).
  • ‘I have a URL for the manifest file’ (if the copy link option was chosen)

Then click Upload.

Now proceed to Configure Add-in.

Configure Add-In

Select the Add-in from the Add-in list.

Assign the users who will have access to the add-in. Choose one of the following:

  • Everyone: The add-in will be installed on every user under the O365.
  • Specific Users / Groups: The add-in will be installed to the chosen group or user.
  • Just me: The add-in will be installed on your mail account.

Now proceed to the Deployment Method.

Deployment method

Select the Deployment Method option (it is recommended to choose the option Fixed (Default)).

  • Fixed (Default)
  • Available
  • Optional

After selection, click Deploy.

After deployment is successful, click Next and then Finish to complete the process.

The add-in will now appear in the Add-in list.

A message will appear to say that your add-in has been deployed.

You will also receive an email notification confirming your successful deployment. Important note: It will take up to 12 hours for the add-in to be displayed on users' ribbons - users might need to relaunch ‎Office‎.​

Once the deployment completes, to test that it is successful, launch the applicable ‎Office‎ app to confirm that the add-in is present on the ribbon.

You can force the list of installed add-ins to refresh by launching the ‎Office‎ app and navigating to the Insert tab > My Add-ins > Admin Managed.

How to test installation & deployment

Open your account on Office 365, and report an email as suspicious by using the Phishing Reporter installed on your account.

After the email is reported, you will receive a thank you message.

Now report an email using another device such as mobile to check that the add-in has been successfully installed and deployed. After the email is reported, you will receive a thank you message.