Skip to main content

Setup the Microsoft Reporting Phishing Service button

Nick
  • Updated

Team: Huntress Managed Security Awareness Training (SAT) 
Product: Microsoft Office 365
Environment: Windows, Managed SAT, and Exchange Online
Summary: This guide will walk you through setting up and adjusting the function of Microsoft's Reporting Feature/Button to send reported Phishing attempts to the Managed SAT platform

 

Requirement: The usage of Microsoft's Add-in must be configured and enabled for Outlook. This option has recently moved. Microsoft's guidance to enable the reporting button add-in can be located Here.

Due to recent changes with Microsoft Add-in support and button functionality, forwarded messages no longer include just reported phishing messages. The built-in report button in Outlook and OWA will now forward all messages that the button interacted with, including junk messages that were flagged as Not-Junk. This is causing a strange action in our Forward Reported Phishing Attempts feature, as it's now also forwarding messages that were set as Non-Junk. We are investigating the action and looking into other adjustments to keep this functionality available.

Step 1. Creating a Contact in the Exchange Admin Center (EAC)

Sign into Microsofts Exchange Admin Center

  1. Select Contacts under the Recipients section
  2. Click the “+Add a New Mail Contact” button
  3. In the contact fields add the following information

  4.  Click Save



 

Step 2. Create a shared mailbox

Shared Mailboxes do not use or require a license.

  1. Select Mailboxes under the Recipients section
  2. Click the Add a shared mailbox button
  3. In the Shared Mailbox fields add the following

  • Display Name : PhishReport

  • Email address : PhishReport

  • @ : Use the Select Domain drop down to select your domain.

  4.  Click Create.

Shared Mailbox Create



Step 3. Hide the shared mailbox from the Global Address List (GAL)

Hiding the address from the GAL prevents this address from displaying in the GAL for employees.

  1. Select the Share Mailbox that was created in Step 2

  2. Click the Hide Mailbox or Manage Hide from GAL button

  3. Toggle the option from Off to On

  4. Select Save



Step 4. Set up Forwarding on the Shared Mailbox to the Contact

Now that you have a Contact and a Shared Mailbox created, we need to set up forwarding on the shared mailbox to send email to the contact.

  1. Click on the Shared Mailbox you created to bring up a Settings Menu
  2. Select Email Forwarding



 3.   Toggle “Forward all emails sent to this mailbox" to ON

 4.    In the "Forward to an internal email address" section, use the Search Email button to search for the contact that was created earlier.

  5.    If you want to keep a copy of the email that is sent to our reporting mailbox make sure to check the box next to "Deliver Messages to both forwarding address and mailbox"

  6.   Click Save

Note: You may need to create an External Forwarding Rule in Mail Flow Settings to correctly report the Phishing Emails to report@phish.mycurricula.com. This Microsoft guide may help configure those rules.



Step 5. Microsofts Reporting Button in Microsoft Defender

This covers setting up Microsofts' Reporting button and adjusting the functionality. This will forward emails directly to Managed SAT and not to Microsoft. This prevents Microsoft from running additional scanning on the email which triggers recurring training on the phishing email. Please note that some of these options recently changed.

Sign in to Microsoft 365 Defender portal

 

1. Scroll down on the left column and expand Settings and select Email & Collaboration

2. Select User Reported Settings 

User Report Message Settings 4

3. Select the On/Off button to turn the feature on. If enabled by default, check the box to Monitor Reported messages in Outlook. 

4. Select the Use Built-In "Report button option".

  5.   Under "Send reported messages to": use the drop-down menu to select My Reporting Mailbox Only.

  6.   In the email address field put in the shared mailbox email address that was created earlier. It would be something like PhishReport@yourdomain.com

  7.   Uncheck the box for Let users choose if they want to report



  9.   Scroll down and Toggle OFF the quarantine report message button if listed. 

  10.  Select Save

user submission 9-10



Step 6. Configure Reporting within Managed SAT

  1. Log into Managed SAT as the domain administrator (if you're a Channel Partner/Reseller you'll also need to chose a customer)

  2. Select the gear icon at the top of the page on the right

  3. Select Phishing in the left menu



  4. Scroll down to Report Phishing Services and enter the Shared Mailbox address created in Step 2. It would be something like PhishReport@yourdomain.com

  5. Click Update



This Concludes setting up a Reporting button within Microsoft and Reporting feature to the Managed SAT Reporting Services platform.

Related articles