Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
1 – Introduction :
In today’s digital world, information security has become a top priority for all businesses. One particularly vulnerable area is e-mail, which is often the target of phishing attempts. This is where the Outlook “Report Phishing” add-in comes into its own.
2 – What’s the “Report Phishing” outlook complement ?
Outlook’s “Report Phishing” add-in is mainly used to reinforce the security of email communications within your company, it allows users to report suspicious messages to Microsoft or Company Security departement directly from their email interface by one click.
Here are some of its main uses :
- Report phishing attempts : This add-in makes it easy for your employees to report phishing attempts. With one click, they can send the suspicious e-mail to your security team for analysis.
- Collect threat information : Every time an employee reports a phishing e-mail, it provides your security team with valuable information on the types of threats your company is facing.
- Improve security awareness : By making it easier to report phishing attempts, you encourage your employees to be more vigilant and take proactive measures to protect the company.
- Improve corporate defenses : Information gathered from phishing reports can be used to improve your company’s defenses against cyber threats.
In short, Outlook’s “Report Phishing” add-in is an essential tool for strengthening your company’s security. It not only helps to detect and report phishing attempts, but also helps to create a culture of security among your employees.
3 – Mindmap to Add and configure Outlook Report Phishing Add-in to all company users :
Here are the steps to follow to Add and configure Outlook Report Phishing Add-in to all company users :
4 – Add and configure Outlook Report Phishing Add-in to all company users :
A – Add “Report Phishing” app to all company users :
The Outlook “Report Phishing” add-in is a tool that allows users to report suspicious messages to Microsoft or Company Security departement directly from their email interface.
To start configuration :
- go to Office 365 admin center
- select “Settings“
- Select “Integrated Apps“
- Select “Deployed Apps“
- Select “Get Apps“
- In the search bar type “Report Phishing“
- Go to “Report Phishing” app and select “Get it now“
- select “Get it now“
- New setup window will appear
- Select “Entire Organisation” to deploy “Report Phishing” app for all company users.
- Clic “Next“
- Clic “Finish deployement“
- After deployment completed clic “Done“
You can see here new app is added to deployed app list.
B – Configure maibox for reported Phishing Emails :
When a user receives an e-mail which they suspect to be a phishing attempt, they can use the “Report Phishing” add-on to report this message to the security or support team on a specific e-mail address.
this is the address we’re going to configure now.
To start Configuration :
- Go to Microsoft Defender portal to configure user reported settings or directly access from this link :
https://security.microsoft.com
- Select “Settings” then select “Email & Collaboration“
- Select “User reported settings“
- Make sure that “Monitor reported message in Outlook” is selected.
- in Reported message destinations section, specify where you want to send reported message and an exchange online mailbox.
- Clic on “Save“
Now that we’ve finished with the configuration part, let’s move on to testing.
C – Test the Add-in :
The Add-in is available both in outlook web and desktop app, in my case I’ll use outlook web app.
To start testing :
- from your inbox select any Email you want to report it.
- in the top right hand select Add-in buton
- Select Report Phishing Add-in
After selecting the Report Phishing Add-in, the email will be moved to “Deleted Items“
- as you can see the reported email is moved to “Deleted Items“.
let’s check helpdesk mailbox to see if the email was recived ord not :
We can see here reported Phishing email recived by “Aymen”
by selecting email we can see our reported Email.
the next step will be to go through the mailboxes to delete the phishing e-mail and then block the sender from the inbound antispam policy.
You can automate the deletion of phishing emails from all user mailboxes and block source addresses by using my “EO Spam Remover”, you can follow this step-by-step guide to setting up this application.
here is the link of my technical Article :
EO Spam Remover : Remove & Block Malicious Emails from All Users Mailboxes | LinkedIn
Bonus — Optimized way :
The previously implemented method sends the fishing emails , Junk emails and Not Junk emails to a HELPDESK mailbox, the problem is that the technicians will receive Tickets for “JUNK” and “NOT JUNCK” actions, and the users will receive an automatic email from the ticket system that a new ticket has been opened for this action and we will recive call from user that he didnt open this ticket.
the question is:
How can I receive reported phishing emails only ? (without Junk and not Junk)
I’ve searched the Microsoft documentation and haven’t found a solution. Report Phishing works this way and there’s no way to customize the notifications to be received.
So I thought of the following workaround:
1 – Create a Shared mailbox named “Phishing@globalitnow.com“.
2 – Configure the “User reported settings” to send complaints to the “Phishing@globalitnow.com” mailbox.
3 – Create Exchange Online rule to forward only “Report Phishing” emails to the “HelpDesk” mailbox , Use this regular Expression for Report Phishing emails :
- ^3\|[a-zA-Z0-9\W]*
Conclusion :
In short, Outlook’s “Report Phishing” add-in is a valuable tool that helps strengthen your company’s security by enabling users to easily report phishing attempts, and providing your security team with valuable information to improve corporate defenses.
Thanks
