Important: As per the NEW CHANGES from Microsoft, Microsoft now recommends routing phishing simulated reports to a dedicated internal mailbox. So, create a specific mailbox within the organization where all phishing simulation reports will be sent.
c) Mobile
Overall Flow Diagram
IMPORTANT: You don't have to install the Report Message add-in if the option to report an email is already available through the Report button. It implies that the functionality you're looking for is already accessible, so there's no need for additional installation.
But if you see no Report button in your Outlook version, follow Step 1 to Install the Report Message add-in.
Outlook without a report button
Outlook with a report button
Step 1: Install the Microsoft Report Message Add-in from Microsoft Exchange App Store [OPTIONAL]
Get the Report Message add-in Using Microsoft 365 Admin Center.
On your Microsoft 365 admin center, in your left panel, go to Settings > Integrated apps. Click Get Apps. Or you can directly go to the Report Message add-in by clicking here.
On the Microsoft 365 Apps page, in the Search box, type Report Message. In the list of results, find and select Report Message.
Select Get It Now on the app details page.
A Deploy New App section appears. Configure your settings and click Next to go to the next page to complete the setup.
Add users: Select Entire organization from the following values:
Just me
Entire organization
Specific users/groups
Deployment:
a. Accept Permissions Requests: Read the app permissions and capabilities carefully before going to the next page.
Finish deployment: Review and deploy the add-in by selecting Done to complete the setup.
Get the Report Message add-in Using Outlook For Yourself Only.
Log in to your Outlook.
Click on the three dots (More action) from the left side. Select Get Add-ins.
Navigate to Admin Managed Add-ins > search Report Message.
Click Add.
Important: Refresh the page to use the feature after adding the Report Message add-in.
Step 2: Add Mail Contact in the Exchange admin center
After installing the plugin, we now need to add a Right-Hand reporting email contact list
Now, log in to your Admin Exchange Center account and navigate to Recipients > Contacts.
Click Add a mail contact.
In the New Mail Contact pane, type your details:
a) Display Name: The name that would appear on the Contacts page.
b) Alias: Type PhishArm as the Alias name.
c) External email address: Type [email protected] as a contact.
Click Next. The Mail contact information (optional) appears.
Click Next.
The Review mail contact displays the summary of data entered.
Review the data and click Create.
The new contact will take a while to appear on the Contacts page. You can refresh the page or wait for some more time for the contact to occur.
Step 3: Configure Microsoft Plugin
After setting up a mail contact, you must enable the button and set up a few policies and rules from the Microsoft 365 Defender. The following steps guide you on how to enable and configure the rules:
Login to your Microsoft 365 Defender portal and navigate Settings > Email & collaboration > User reported settings.
On the User reported settings page, enable the toggle button.
Select the built-in reporting option, as it is easy to report.
You can configure messaging criteria based on your company’s needs. Select the Customize messages option, choose your preferred language for the prompt, set new messages in each tab, and click save.
Inside the reported email destination, select Microsoft and My reporting mailbox only" or "My reporting mailbox only" from Send reported messages to: field.
Important: Provide the email address of the internal reporting mailbox where these reports will be sent.
6. Click on the Save button.
Now, the Microsoft plugin has been configured.
Step 4: Add Mail flow rules in the Exchange admin center
Rule A - Send all types of reports to PhishArm.
The following steps will help you add the Mail flow rules:
Now, navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
Scenario 01: Prevent Reported Emails from Reaching Internal Mailbox
4. From the Apply this rule if… drop-down, select The recipient address includes…
5. In the specified words or phrases pop-up, type in the internal mailbox email that we select at the beginning.
6. As we finish the condition, we must define the action.
From the Do the following… drop-down, select Redirect the message to and from the options, select these recipients.
7. Click on Select On, and a window with the list of all the contacts will appear. Search for the right-hand reporting email, i.e., [email protected], and select it. Then click on the save button to save the recipient.
Scenario 02: Reported Emails Should Reach Internal Mailbox
4. From the Apply this rule if… drop-down, select The recipient address includes…
5. In the specified words or phrases pop-up, type in the internal mailbox email that we select at the beginning.
6. As we finish the condition, we have to define the action.
From the Do the following… drop-down, select Add recipients, and from the options, select the To box.
7. Click on Select On, and a window with the list of all the contacts will appear. Search for the right-hand reporting email, i.e., [email protected], and select it. Then click the save button to save the recipient.
8. Now Click on the Next button and set the following values to
9. Click on Next and then the Finish button. The rule will appear in the list.
10. Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
11. After that, the rule will appear enabled at the top of the list.
The configuration has been successfully set up :)
Rule B - Send only simulation emails to PhishArm.
The following steps will help you add the Mail flow rules:
Now, navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
Scenario 01: Prevent Reported Emails from Reaching Internal Mailbox
4. From the Apply this rule if… drop-down, select The recipient address includes…
And then click on the edit icon and add your internal mailbox's email address.
5. Click the plus sign on the right and under Apply this rule if… drop-down, select the option The Subject or body, and in the condition, select subject or body includes any words.
In the specified words or phrases pop-up, add the following two options.
linktosso.com
linktologin.com
6. From the Do the following… drop-down, select Redirect the message to and from the options, select these recipients.
7. Click on Select On, and a window with the list of all the contacts will appear. Search for the Right hand reporting email, i.e., [email protected], and select it, then click on the save button to save the recipient.
Scenario 02: Reported Emails Should Reach Internal Mailbox
4. From the Apply this rule if… drop-down, select The recipient address includes…
And then click on the edit icon and add your internal mailbox's email address.
5. Click the plus sign on the right and under the Apply this rule if… drop-down, select the option The Subject or body and in the condition, select subject or body includes any words.
In the specified words or phrases pop-up, add the following two options.
linktosso.com
linktologin.com
6. From the Do the following… drop-down, select Add recipients and from the options, select the To box.
7. Click on Select On, and a window with the list of all the contacts will appear. Search for the right-hand reporting email, i.e., [email protected], and select it. Then click on the save button to save the recipient.
8. Now Click on the Next button and set the following values to
9. Click on Next and then the Finish button. The rule will appear in the list.
10. Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
11. After that, the rule will appear enabled at the top of the list.
The configuration has been successfully set up :)
Rule C - Send Non-Simulated Reported Emails To Internal Security Team And Simulated Reported Emails to PhishArm.
Important: For Rule C to work, you must set up Rule B and Rule C.
Set Rule B as it is, and then set up Rule C by following the steps below.
The following steps will help you add the Mail flow rules:
Now, navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
From the Apply this rule if… drop-down, select The recipient address includes…
In the specified words or phrases pop-up, paste the Internal Mailbox email.
As we finish the condition, we have to define the action.
From the Do the following… drop-down, select Redirect the message to and from the options, select
these recipient.Click on Select On, and a window with the list of all the contacts will appear. Search for your internal SOC Team reporting email, and select it, then click on the save button to save the recipient.
Go to the Except If section to add one more matching rule. Select the option The Subject or body
and in the condition, select subject or body includes any of these words.In the specified words or phrases pop-up, add the following two options
Now Click on the Next button and set the following values to
Click on Next and then the Finish button. The rule will appear in the list.
Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
After that, the rule will appear enabled at the list's top.
The configuration has been successfully set up :)
Step 5: Report the Phishing Email
Now, log in to Outlook and report the email. Below are various ways to report emails from different devices/operating systems. Choose the method that suits you appropriately.
Desktop App- Windows
Open the email you want to report.
a) From the top menu, click the Report drop-down and select Phishing/Junk. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)
Desktop App- Mac
Right-click on the email you want to report.
a) Select Report > Report Phishing/Junk. The email will be reported and will appear on the Right-Hand PhishArm dashboard. (In Step 2, if you have selected Ask me before reporting, you’ll be prompted to confirm your actions.)
Mobile
Open the email you want to report.
a) Tap on the three dots option.
b) Tap on Report and then select Phishing/Junk.
The reported email will now appear in the Right-Hand portal.
Frequently Asked Questions (FAQ)
Q) What should you do if your company wants to send all emails to PhishArm Dashboard?
Ans) Only Enable the rule by following Step 4 part (A) to help you integrate the report button to send all emails to the PhishArm Dashboard.
Q) What should you do if your company wants to send all emails to Microsoft except simulation emails, which need to go to PhishArm Dashboard?
Ans) Only Enable the rule by following Step 4 part (B) to help you integrate the report button to send all emails to Microsoft except simulation emails.