Introduction
Earlier this year, Microsoft officially deprecated support for legacy authentication tokens and urged vendors to adopt OAuth 2.0 as the new standard for secure authentication. To ease the transition, Microsoft introduced temporary support options that allow organizations to continue using legacy tokens while updating their plugins to comply with the new protocol.
This article provides a step-by-step guide to help your organization transition from a legacy authentication-based plugin to the latest Microsoft-recommended approach, ensuring compliance with updated security guidelines and minimizing disruption during the migration process.
Before proceeding with the installation, Right-Hand has an additional recommendation to help simplify the process for your team:
Plugin Migration: Step by Step Guide
Step 1: Clean up your existing installation
Step 1: Clean up your existing installation
Due to a known caching issue with Microsoft, installing the new plugin alongside the existing one may cause conflicts. We recommend uninstalling the existing plugin before proceeding with the new installation.
Please note that, according to Microsoft’s latest guidelines, removing the previous application may take up to 24 hours and fully propagating the new installation may take up to 72 hours
Here is a step by step process to remove your plugin.
1. Disable legacy tokens
If legacy tokens were enabled solely to support the PhishArm plugin and are not required for any other integrations, it is recommended to disable them. You can follow the steps outlined here to disable legacy token support.
2. Remove PhishArm installation
2.1 Go to Microsoft admin centre and in the integrated apps section find PhishArm
2.2 Click on Remove App
2.3 Please allow up to 24 hours for the app to be fully removed from all inboxes.
Important Note on Deployment Timeline
Please note that the removal of the previous application and the propagation of the new installation may take time to complete across your organization.
According to Microsoft’s guidelines, this process may take up to 72 hours.
Step 2: Install New Plugin
Step 2: Install New Plugin
Recommendation Option: Use of Outlook reporting button
While we offer the PhishArm plugin as an option, we strongly recommend using Microsoft's native Outlook reporting button for your phishing response strategy. This approach offers several significant advantages:
Cross platform consistency: Mobile access is available and experience is seamless across browsers
Stability & Reliability: Microsoft's native button is less vulnerable to policy changes, authentication updates, and mail flow rule modifications by Microsoft that frequently impact third-party plugins. This means fewer disruptions to your security operations and less maintenance overhead.
Simplified User Training: By leveraging Microsoft's default reporting mechanism, your organization benefits from a consistent user experience. Employees need to learn reporting method only once
Our integration with Microsoft's built-in reporting feature provides the same comprehensive security benefits while ensuring long-term stability and simplicity for both your IT team and end users. You can use the Microsoft button integration using this help article.
This documentation guides you through configuring the PhishArm plugin for Outlook 365, providing your organization with enhanced phishing detection capabilities.
Before proceeding with installation, ensure you have administrator access to your Microsoft 365 environment and that your organization's security policies permit third-party integrations. The following steps will walk you through the implementation process to ensure a smooth deployment across your organization.
Official list of versions where the new plugin is verified and officially supported:
Windows
Edge - Version 136.0.3240.50 (Official build) (64-bit)
Firefox - 138.0 (64-bit) Mozilla firefox--Browserstack
Desktop App - Version 2503 Build 16.0.18623.20208 64-bit Older version / New Microsoft Outlook Version: 1.2025.430.200 (Production) - Client Version: 20250425004.13
2. MAC
Safari - Version 18.3 (19620.2.4.111.8, 19620)
Chrome - Version 136.0.7103.48 (Official Build) (x86_64)
Desktop App - 16.78.3 ( 23102801 )
Firefox - 138.0 - BrowserStack
1 : Downloading the configuration XML from Right-Hand portal
Click on PhishArm --> Settings --> Outlook Plugin
Click on the Download button, it will open the XML file in a new tab. Save the page as an XML file on your device using the 'Save as' option.
2. Steps to Add PhishArm Plug-in into your Company Domain
Login to your domain Admin center
Go to Settings - Click Integrated Apps and Choose Upload Custom apps
Under Deploy New App select Choose how to upload app Upload manifest File(.xml) / URL downloaded from CyberReady Portal ( Refer Step1 )
Please note the URL link will expire in 60 seconds. If the user uses the old link after 1 minute, they will observe the below error.
In such cases, please return to the Right-Hand Platform, refresh the page, and try again using a new XML link.
After uploading this XML file to your Microsoft Add-in Section, Click on the Next button
Under Users option
Set Entire Organization ( so that all employees under this domain will get this plugin in Outlook )
Click Next
Under Deployment click, Next Accept Permission and click on Finish Deployment
After Successful deployment users can click on Done and see the Plugin-in in the Add-ins list
Now all users under the domain can see this PhishArm plugin in their Outlook emails.
Important Note on Deployment Timeline
Please be aware that the removal of the previous application and propagation of the new installation may take time to complete throughout your organisation.
According to Microsoft’s guidelines, the deployment process may take up to 72 hours
3 : Allow delegated permissions for users for the phishArm plugin
Click on the following link to allow delegated permission and you will be redirected to the following link after MS admin login
Click on Accept
4: Whitelist plugin domains in Firewall/ZeroTrust products
For customers using any firewalls or zerotrust products kindly whitelist the following domain in the perimeter security product/s
https://outlook-plugin.right-hand.ai
5 : Verify Successful Plug-in Installation
Open Your Outlook Inbox and Open any Email
You can now see PhishArm successfully added to Outlook