Table of Contents
Step 1: Add Mail Contact in the Exchange admin center
After installing the plugin, we now need to add a Right-Hand reporting email contact list
Log in to your Admin Exchange Center account and navigate to Recipients > Contacts.
Click Add a mail contact.
In the New Mail Contact pane, type your details:
a) Display Name: The name that would appear on the Contacts page.
b) Alias: Type PhishArm as the Alias name.
c) External email address: Type [email protected] as a contact.
Click Next. The Mail contact information (optional) appears.
Click Next.
The Review mail contact displays the summary of data entered.
Review the data and click Create.
The new contact will take a while to appear on the Contacts page. You can refresh the page or wait for some more time for the contact to occur.
Step 2: Configure Microsoft Plugin
After setting up a mail contact, you must enable the button and set up a few policies and rules from the Microsoft 365 Defender. The following steps guide you on how to enable and configure the rules:
Login to your Microsoft 365 Defender portal and navigate Settings > Email & collaboration > User reported settings.
On the User reported settings page, enable the toggle button.
Select the built-in reporting option, as it is easy to report.
You can configure messaging criteria based on your company’s needs. Select the Customize messages option, choose your preferred language for the prompt, set new messages in each tab, and click save.
Inside the reported email destination, select Microsoft and My reporting mailbox only" or "My reporting mailbox only" from Send reported messages to: field.
Important: Provide the email address of the internal reporting mailbox where these reports will be sent.
6. Click on the Save button.
Now, the Microsoft plugin has been configured.
Step 3: The Company Wants To Forward Only Simulation Emails To PhishArm Dashboard
The following steps will help you add the Mail flow rules:
Navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
From the Apply this rule if… drop-down, select The recipient address includes…
And then click on the edit icon and add your internal mailbox's email address.
Click the plus sign on the right and under Apply this rule if… drop-down, select the option The Subject or body, and in the condition, select subject or body includes any words.
In the specified words or phrases pop-up, add the following two options.
linktologin.com
linktosso.com
From the Do the following… drop-down, select Redirect the message to and from the options, select these recipients.
Click on Select On, and a window with the list of all the contacts will appear. Search for the Right hand reporting email, i.e., [email protected], and select it, then click on the save button to save the recipient.
Important Note: The [email protected] is the reporting server address for Right-Hand. Please be informed this does not add any extension or plugin for the user interface. There is no change in the user reporting process for phishing email, whatsoever.
8. Now Click on the Next button and set the following values to
9. Click on Next and then the Finish button. The rule will appear in the list.
10. Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
11. After that, the rule will appear enabled at the top of the list.
The configuration has been successfully set up :)