Skip to main content

How do I integrate the Microsoft Reporting Add-In with Right-Hand PhishArm?

K
Written by Karthek S
Updated over a week ago

  1. Step 1: Add Mail Contact in the Exchange admin center

  2. Step 2: Configure the Microsoft native report button and Internal mailbox

  3. Step 3: Add Mail flow rules in the Exchange admin center

    a) Rule A - Send all reported emails to PhishArm (Simulation and Non-Simulation)

    b) Rule B - Send Right-Hand simulation emails to PhishArm

    c) Rule C - Send Non-Simulated Reported Emails to the SOC team

  4. Step 4: Report the Phishing Email

    a) Desktop App- Windows

    b) Desktop App- Mac

    c) Mobile

Frequently Asked Questions (FAQ)

  1. What should you do if your company wants to send all emails to PhishArm Dashboard?

  2. What should you do if your company wants to send all emails to Microsoft except simulation emails, which need to go to PhishArm Dashboard?

Overall Flow Diagram

IMPORTANT: If you already see a Report button in Outlook, there’s no need to install the Report Message add-in—the reporting feature is already available to you.

However, if the Report button is missing in your Outlook, please proceed with Step 1 to install the Report Message add-in.

Step 1: Add Mail Contact in the Exchange admin center

  1. Now that the plugin is installed, it’s time to set up the Right-Hand reporting email contact.

    To do this, log in to your Exchange Admin Center, then go to Recipients > Contacts to add the reporting email.

  2. Click Add a mail contact.

  3. In the New Mail Contact pane, type your details:

    a) Display Name: The name that would appear on the Contacts page.

    b) Alias: Type PhishArm as the Alias name.

    c) External email address: Type [email protected] as a contact.

  4. Click Next. The Mail contact information (optional) appears.

  5. Click Next.

  6. The Review mail contact displays the summary of data entered.

  7. Review the data and click Create.

    The new contact will take a while to appear on the Contacts page. You can refresh the page or wait for some more time for the contact to occur.

Step 2: Configure the Microsoft native report button and Internal mailbox

Important: As per Microsoft’s latest guidelines, phishing simulation reports should be sent to a dedicated internal mailbox. Please create one for your organization.

Once the mail contact is set up, the next step is to enable the feature and configure a few important policies and rules in Microsoft 365 Defender.

Follow the steps below to enable the settings and set up the necessary rules:

  1. Log in to your Microsoft 365 Defender portal and navigate to Settings > Email & collaboration > User reported settings.

  2. On the User reported settings page, enable the toggle button.

  3. Select the built-in reporting option, as it is easy to report.

  4. You can configure messaging criteria based on your company’s needs. Select the Customize messages option, choose your preferred language for the prompt, set new messages in each tab, and click save.

  5. Inside the reported email destination, select Microsoft and My reporting mailbox only" or "My reporting mailbox only" from Send reported messages to: field.

Important: Provide the email address of the internal reporting mailbox where these reports will be sent.

6. Click on the Save button.

Now, the Microsoft plugin has been configured.

Step 3: Add Mail flow rules in the Exchange admin center

Rule A - Send all reported emails to PhishArm (Simulation and Non-Simulation).

The following steps will help you add the Mail flow rules:

  1. Navigate to Mail flow > Rules, then click the + icon to create a new rule.

    It’s a good idea to copy any existing rules first, just in case you need to refer back to them later.

  2. From the + (Add new rule) drop-down menu, select Create a new rule… to get started.

  3. In the New Rule window, enter a name for your rule in the Name field—this will help you easily identify it later.

  4. From the Apply this rule if… drop-down menu, choose The recipient address includes…

  5. In the Specified words or phrases pop-up, enter the email address of the internal mailbox you set up earlier.

Scenario 01: Don't send a copy of the reported email to the Internal Mailbox

6. Now that the condition is set, it’s time to define the action.

From the Do the following… drop-down menu, select Redirect the message to, then choose these recipients from the options.

7. Click Select One, and a window will open showing all contacts.

Search for the right-hand reporting email (for example, [email protected]), select it, and then click Save to confirm.

8. Now click on the Next button and set the following values to

9. Click on Next and then the Finish button. The rule will appear in the list.

10. Click on the rule to open the settings panel.

Turn on the rule by toggling the switch, then click on Rule Settings.

Set the Priority to 0, and don’t forget to click Save to apply your changes.

11. After that, the rule will appear enabled at the top of the list.

The configuration has been successfully set up :)

Scenario 02: Send a copy of the reported email to the Internal Mailbox

6. Once you’ve set the condition, it’s time to define the action.
From the Do the following… drop-down, select Add recipients, and from the options, select to the To box.

7. Click Select One, and a window will open showing all contacts.

Search for the right-hand reporting email (for example, [email protected]), select it, and then click Save to confirm.

8. Now click on the Next button and set the following values to

9. Click on Next and then the Finish button. The rule will appear in the list.

10. Click on the rule to open the settings panel.

Turn on the rule by toggling the switch, then click on Rule Settings.

Set the Priority to 0, and don’t forget to click Save to apply your changes.

11. After that, the rule will appear enabled at the top of the list.

The configuration has been successfully set up :)

Rule B - Send Right-Hand simulation emails to PhishArm.

The following steps will help you add the Mail flow rules:

  1. Navigate to Mail flow > Rules, and click the + icon to add a new rule.

    It’s a good idea to copy any existing rules first for reference.

  2. From the + (Add new rule) drop-down menu, select Create new rule… to get started.

  3. In the New Rule window, enter a name for your rule in the Name field so you can easily identify it later.

  4. From the Apply this rule if… drop-down, select The recipient address includes

    Then, click the edit icon and enter your internal mailbox’s email address.

  5. Click the plus (+) sign on the right to add another condition.

    Under the Apply this rule if… drop-down, select The subject or body, then choose subject or body includes any words.

    In the pop-up window, add the following two domains.

    linktologin.com
    linktosso.com

Scenario 01: Don't send a copy of the reported email to the Internal Mailbox

6. From the Do the following… drop-down menu, select Redirect the message to, then choose these recipients from the options.

7. Click Select One, and a window with all contacts will appear.

Search for the right-hand reporting email, for example, [email protected], select it, and then click Save to add the recipient.

8. Now Click on the Next button and set the following values to

9. Click on Next and then the Finish button. The rule will appear in the list.

10. Now, let’s fine-tune the rule:
Click on the rule to open the settings panel.
Turn on the rule by toggling the switch, then click on Rule Settings.
Set the Priority to 0, and click Save to apply the changes.

11. After that, the rule will appear enabled at the top of the list.

The configuration has been successfully set up :)

Scenario 02: Send a copy of the reported email to the Internal Mailbox

6. From the Do the following… drop-down, select Add recipients, then choose the to the To box from the options..

7. Click Select One, and a window with all contacts will open.
Search for the right-hand reporting email (e.g., [email protected]), select it, and then click Save to confirm.

8. Now Click on the Next button and set the following values to

9. Click on Next and then the Finish button. The rule will appear in the list.

10. Now, let’s fine-tune the rule:
Click on the rule to open the settings panel.
Turn on the rule by toggling the switch, then click on Rule Settings.
Set the Priority to 0, and click Save to apply the changes.

11. After that, the rule will appear enabled at the top of the list.

The configuration has been successfully set up :)

Rule C - Send Non-Simulated Reported Emails to the SOC team.

Important: For Rule C to work, you must set up Rule B, enable it, and set up Rule C.

Set Rule B as it is, and then set up Rule C by following the steps below.


The following steps will help you add the Mail flow rules:

  1. Now, navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.

  2. From the + icon (add new rule) drop-down, select Create new rule…

  3. In the new rule window, in the Name field, type the rule's name.

  4. From the Apply this rule if… drop-down, select The recipient address includes…

  5. In the specified words or phrases pop-up, paste the Internal Mailbox email.

  6. As we finish the condition, we have to define the action.
    From the Do the following… drop-down, select Redirect the message to and from the options, select ​these recipients.

  7. Click on Select On, and a window with the list of all the contacts will appear. Search for your internal SOC Team reporting email, and select it, then click on the save button to save the recipient.

  8. Go to the Except If section to add one more matching rule. Select the option The Subject or body
    and in the condition, select subject or body includes any of these words.

    1. In the specified words or phrases pop-up, add the following two options

      1. linktosso.com

      2. linktologin.com

  9. Now, Click on the Next button and set the following values to

  10. Click on Next and then the Finish button. The rule will appear in the list.

  11. Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.

  12. After that, the rule will appear enabled at the list's top.

    The configuration has been successfully set up :)


Step 4: Report the Phishing Email

Now, log in to Outlook and report the email. Below are various ways to report emails from different devices/operating systems. Choose the method that suits you appropriately.

Desktop App- Windows

  1. Open the email you want to report.

    a) From the top menu, click the Report drop-down and select Phishing/Junk. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)

Desktop App- Mac

  1. Right-click on the email you want to report.

    a) Select Report > Report Phishing/Junk. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)

Mobile

  1. Open the email you want to report.

    a) Tap on the three dots option.

    b) Tap on Report and then select Phishing/Junk.

    The reported email will now appear in the Right-Hand portal.

Frequently Asked Questions (FAQ)

Q) What should you do if your company wants to send all emails to PhishArm Dashboard?

Ans) Only Enable the rule by following Step 4 part (A) to help you integrate the report button to send all emails to the PhishArm Dashboard.

Q) What should you do if your company wants to send all emails to Microsoft except simulation emails, which need to go to PhishArm Dashboard?

Ans) Only Enable the rule by following Step 4 part (B) to help you integrate the report button to send all emails to Microsoft except simulation emails.

Did this answer your question?