You can now integrate the Microsoft Reporting button with Right-Hand PhishArm. This integration will redirect all the phishing emails reported using Microsoft Reporting to Right-Hand’s PhishArm dashboard.
There are five (5) steps to configure the Microsoft Reporting button add-in with Right-Hand PhishArm.
Step 1: Install the Microsoft Report Message Add-in from Microsoft AppSource
To install the Microsoft Report Message plug-in from Microsoft AppSource follow the steps below:
Get the Report Message add-in for me:
Go to the Microsoft AppSource and search for the Report Message add-in. You can directly go to the Report Message add-in by clicking this here
Click Get it now. A dialog box appears with terms of use and privacy policy.
Review the terms of use and privacy policy, and then click Continue.
Now, sign in using your Microsoft account.
Get the Report Message add-in for my organization:
From the Microsoft 365 admin center, go to Settings > Integrated apps. Click Get apps.
On the Microsoft 365 Apps page, in the Search box, type and search Report Message. In the list of results, find and select Report Message.
Select Report Message from the list that appears.
Select Get It Now on the app details page.
Enter the basic profile information, and then click Continue.
A Deploy New App section appears. Configure your settings and click Next to go to the next page to complete the setup.
Add users: Select Entire organization from the following values:
Just me
Entire organization
Specific users/groups
Deployment:
Accept Permissions requests: Read the app permissions and capabilities carefully before going to the next page.
Finish deployment: Review and finish deploying the add-in.
Deployment completed: Select Done to complete the setup.
You can refer to this document from Microsoft for more details.
Step 2: Set up Policies in Microsoft 365 Defender portal
After the Microsoft Report Message add-in is installed, you will have to enable the button and set up a few policies and rules from the Microsoft 365 Defender. The following steps guide you on how to enable and configure the rules:
Login to your Microsoft 365 Defender portal and navigate to Policies & rules > Threat policies > User reported message settings. The User submissions page opens.
On the User submissions page, enable the Microsoft Outlook Report Message button.
In the Send the reported messages to section, choose one from the following options:
Microsoft (Recommended)- The reported emails would be redirected to Right-Hand’s PhirshArm dashboard for analysis.
[Note: If you select Microsoft, the emails reach the Right-Hand PhishArm dashboard.]Microsoft and my organization's mailbox- The reported emails would be sent to Right-Hand’s PhirshArm dashboard and your organization’s internal/ security team for analysis.
We recommend you to select Microsoft and my organization's mailbox > Always report the message.
Always report the message- We recommend selecting this option, as the email would be reported without any confirmation prompt, with one click.
Click Save.
Step 3: Add Mail Contact in the Exchange admin center
After you enable the Reporting Message button, you’ll have to add the mail contact details from the Exchange admin center portal. Follow the steps below to add a mail contact:
Now, log in to your Admin exchange center account and navigate to Recipients > Contacts.
Click Add a mail contact.
In the New Mail Contact pane, type your details:
Display Name: The name that would appear on the Contacts page.
Alias: Type PhishArm as Alias name.
External email address: Type [email protected] as a contact.
Click Next. The Mail contact information (optional) appears.
Click Next.
The Review mail contact displays the summary of data entered.
Review the data and click Create.
It will take a while, for the new contact to appear on the Contacts page. You can refresh the page or wait for some more time for the contact to appear.
Step 4: Add Mail flow rules in the Exchange admin center
In order to redirect the reported emails to the Right-Hand PhishArm dashboard instead of Microsoft, you have to add some rules. The following steps help you add the Mail flow rules:
Now, navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the name of the rule.
From the Apply this rule if… drop-down, select The recipient address includes…
In the specify words or phrases pop-up, copy and paste the following (click the + icon to add multiple fields):
From the Do the following… drop-down, select Redirect the message to… A window with the list of all the contacts will appear.
Select the added contact and click add - >.
Click Ok.
Change the Audit this rule with severity level to High.
Click Save. The new rule will appear on the Rules page.
Step 5: Report the Phishing Email
Now, log in to Outlook and report the email. Below are various ways to report an email from different devices/operating systems. Choose the method that suits you appropriately.
Desktop App- Windows:
Open the email you want to report.
From the top menu, click the Report Message drop-down and select Phishing. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)
Desktop App- Mac:
Right-click on the email you want to report.
Select Report > Report phishing. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)
Mobile:
Open the email you want to report.
Tap on the three dots option.
Tap on Report Junk and then select Phishing.
The reported email will now appear in the Right-Hand portal.
FAQ's
1) What to do if I am a MS GCC customer and I don't have the option to send the reported emails to Microsoft and an email ID of my choice?
In such cases, we recommend you follow the settings below:
Go to security.microsoft.com.
Navigate to Settings → Email and Collaboration → User Reported Settings.
Select My reporting mailbox only.
Add an exchange online mailbox to send reported messages to. This has to be an exchange mailbox and not a mailbox hosted in another server that is added as a contact in your system. Click Save.
Now go to https://admin.exchange.microsoft.com/ → Mailflow → Rules → Add a rule.
In the rule add the settings as follows:
Apply this rule if the recipient is <add the email address added in Step4> redirect the message to “[email protected]'
In the previous step, you can add multiple addresses that you wish to send the forwarded email to. Save the rule and apply the priority of the rule based on your mail-flow rules settings such that the other rule is not applied to the email address added in step 6.
