PhishTool

Docs

Phish Report Button Installation Guide

The Phish Report Button (PRB) is a Microsoft Outlook add-in for end-users to report potential phishing emails directly to the PhishTool In-tray from their Microsoft Outlook client.

An individual Phish Report Button (PRB) configured for the In-tray is called a 'PRB instance'. Each PRB instance has a unique manifest XML file that is used to deploy the PRB add-in to Outlook clients. The PRB add-in can be deployed to all or a subset of users in your organisation.

Each PRB instance has a unique API key within the add-in manifest XML file. This enables PhishTool to track which PRB instance a reported email came from.

The PRB add-in can be deployed in the following Microsoft environments:

  • Microsoft 365
  • Exchange Server (On-premises)
  • Microsoft 365 & Exchange Server (Hybrid)

The PRB add-in is compatible with the following Outlook clients:

  • Microsoft Outlook for iOS
  • Microsoft Outlook for Android
  • Microsoft Outlook desktop (Windows and MacOS)
  • Microsoft Outlook on the web

Create a new Phish Report Button Instance

'Manager' permissions are necessary to carry out the following actions in PhishTool.

  1. Navigate to 'Management' in the PhishTool navigation bar.
  2. Click on 'In-tray' in the 'Management' menu on the left of the page.
  3. Click on the 'Phish report buttons' option below 'In-tray' in the menu.
  4. Click the 'Create PRB instance' button in the top right of the page.

At this point, a modal will be shown with the title 'Create phish report button instance'.

Phish report button instance name: The unique name of the PRB instance. This is the name that will be shown in the PRB instance table. It is also the name that will be used in the In-tray to identify the button when filtering in the In-tray table.

Reporter domain name(s): The PRB instance will only accept phish reports from domain names specified in this section. The domain names that are entered in this section are the domain names featured in the reporter's email address. For example, if you are deploying the phish report button to the users on the considyne.com domain, with email addresses such as user@considyne.com - then the domain name 'considyne.com' should be specified as a reporter domain name. Any emails reported from email addresses with domain names not specified will not appear in the In-tray and cannot be analysed. Each additional domain name will count towards your In-tray source quota. For example, if you were to configure 'considyne.com' and 'huelsgroup.com' as reporter domain names then this will reduce your In-tray source quota by two.

User message: This is the message that will be shown to end-users in Outlook immediately after they report a potential phishing email. This message can be customised again any time after the PRB instance is created.

Reporter feedback: Reporter feedback can be sent to the reporting end-user after the email has been analysed in PhishTool. This is defined on an In-tray source by In-tray source basis, where every In-tray source (including PRB instances) have their own reporter feedback settings. These settings can be changed again at any time after the PRB instance is created.

Click the 'Save (next)' button. At this point the PRB instance has been created. The next modal screen shows the name of the PRB instance and a link to download the unique manifest XML file for the PRB instance, which will be used to deploy the PRB add-in to Outlook clients in Microsoft 365 Admin Center or Exchange Admin Center (On-premises) environments.

Deploy the Phish Report Button with Microsoft 365

'Global Admin', 'Exchange admin' or 'Azure Application Admin' permissions are necessary to carry out the following actions in Microsoft 365 Admin Center.

  1. Download the Phish Report Button (PRB) manifest XML file from PhishTool Management > In-tray > Phish report buttons screen. Click the ellipsis button for the PRB instance you are deploying, then click 'Download PRB XML manifest'.
  2. Login to https://admin.microsoft.com with an account with appropriate permissions.
  3. In the left-hand menu, click on 'Settings'.
  4. In the left-hand menu, under 'Settings' click on 'Integrated apps'.
  5. Above the 'Integrated apps' table, click on 'Upload custom apps'.
  6. In the 'Upload Apps to deploy' draw, select 'Office add-in' from the 'App type' dropdown.
  7. Select 'Upload manifest file (.xml) from device' under 'Choose how to upload app'.
  8. Click 'Choose file' and navigate to the 'manifest.xml' file downloaded in step 1.
  9. Once the manifest file is validated, click the 'Next' button.
  10. On the 'Add users' screen, select which users you want the PRB add-in to be deployed to. It is recommended that you test the deployment first before deploying to your entire organisation.
  11. Once the 'Assign users' option has been chosen, click the 'Next' button.
  12. On the 'Accept permissions requests' screen, review the app permissions and capabilities then click 'Accept permissions'.
  13. A secondary screen Microsoft login screen will appear. Login with the appropriate Administrator credentials.
  14. Click 'Accept' in the Microsoft 'Permissions requested' screen.
  15. Click the 'Next' button in the 'Accept permissions requests' screen.
  16. Review the deployment and click 'Finish deployment'.

The PRB add-in will now be deployed to the Outlook clients of the users you selected in step 10.

The add-in deployment can take up to 24 hours to deploy completely. Once deployed the 'Phish Report' button icon will appear in all Outlook clients for the assigned users. The button will work immediately with the PhishTool In-tray.

Microsoft Documentation:

Deploy the Phish Report Button with Exchange Server (On-premises)

'Organization Management' permissions are necessary to carry out the following actions in Microsoft Exchange Admin Center.

  1. Download the Phish Report Button (PRB) manifest XML file from PhishTool Management > In-tray > Phish report buttons screen. Click the ellipsis button for the PRB instance you are deploying, then click 'Download PRB XML manifest'.
  2. Access your organisation's Exchange Admin Center (EAC)
  3. If necessary, login to the EAC with credentials with the necessary permissions.
  4. Follow the Microsoft instructions for installing Outlook add-ins for Exchange Server environments.

Phish Report Button Language Support

The Phish Report Button (PRB) is automatically translated in the end-user's Outlook client depending on the language and region settings configured for their Outlook client. No additional configuration is necessary.

The PRB supports the following languages:

  • Danish (Dansk)
  • Dutch (Nederlands)
  • English
  • Finish (Suomi)
  • French (Français)
  • German (Deutsch)
  • Hungarian (Magyar)
  • Italian (Italiano)
  • Norwegian (Norsk)
  • Polish (Polski)
  • Portuguese (Português)
  • Romanian (Română)
  • Spanish (Español)
  • Swedish (Svenska)