# Microsoft 365 Phishing Reporter ## Microsoft 365 Phishing Reporter Guide In this article, we demonstrate the deployment of the **Phishing Reporter** for an **Office 365 admin** account, as well as the client side when reporting an email. Admins of the **CYBERAWARE SECURITY** portal can also observe the changes of reporting through **Email Campaign** results and their generated **Reports.** **1.** Navigate to **Plugins:** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FrozArlQ61hbk88nhIX7Y%2FPhishing_Reporter_Guide_1.png?alt=media\&token=dfad4388-55e3-4dff-a1b9-026b56c44777) **2.** Let’s manage the **Plugin Configuration** by clicking on it: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fx8A2k3EtMVvCxb5TZwxR%2FPhishing_Reporter_Guide_2.png?alt=media\&token=64ec1d5f-0459-4b3b-b1d9-c5e13630537d) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FT3l8G5ce2JpUBbpaOY1X%2FPhishing_Reporter_Guide_3.png?alt=media\&token=f05beb00-50fa-42a5-b85b-0dc628c6b32a) **3.** Enter an email address in the first box. That mailbox will be used to receive all recipient reported emails that were not part of the [Email Campaigns](https://docs.cyberawaresecurity.com/admin-portal/email-campaigns). Essentially, it will **filter** out **scheduled** phishing campaigns intended for **training/testing purposes,** to distinguish emails that could potentially be real phishing attempts. ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FIAelwzKFdu4MRus0eLqJ%2FPhishing_Reporter_Guide_4.png?alt=media\&token=c344dc21-bbc4-4de5-9144-b3c2e09fe0b9) As stated, you may add **multiple addresses** separated by a comma. **4.** Here, you can specify the behaviour of the plugin after an email has been submitted as a phishing attempt: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FpJB99fgAZ4eTxVH4IBzZ%2FPhishing_Reporter_Guide_5.png?alt=media\&token=a6e0cb85-91fc-4253-948d-9e36218bba70) **5.** For this example, we are choosing to automatically move the reported email to the **spam/junk folder** of the **Outlook.** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F0a67uXNFT9JK0oif3qtK%2FPhishing_Reporter_Guide_6.png?alt=media\&token=74084612-1ec4-442d-bd24-2cf258cdafb1) **6. Tick** the following box to prompt recipients to provide a reason for reporting an email: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FniPrIslIkINYevTVm2Q2%2FPhishing_Reporter_Guide_7.png?alt=media\&token=9f0f1c6c-81ef-4282-ac9e-5b5abc623e4d) **7.** If you are satisfied with the configuration, click on **Save changes:** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FqPe2uHQn4uQnWjoKE3cY%2FPhishing_Reporter_Guide_8.png?alt=media\&token=48f9c130-ed8e-4455-aa70-3e5bc5a24c77) **8.** As we can see, the settings have been updated! ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FKs3bJlchzZJ2hSWh8u0u%2FPhishing_Reporter_Guide_9.png?alt=media\&token=80f0bf43-9fb0-43e5-aef5-38b749ceaaf8) **9.** Once the configuration process is done, let’s actually **install** the required reporter tool. Click on the following link to access the **Integrated Apps** section under your **Microsoft 365 admin centre.** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FOqcETQkJ9hZbnHiYeSMG%2FPhishing_Reporter_Guide_10.png?alt=media\&token=ac003f2e-e85a-419f-9582-45c15150b5f1) You should get the following output: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fq8u90pSYSauhvBIF04Cf%2FPhishing_Reporter_Guide_11.png?alt=media\&token=dc95f294-4a85-4971-9e6f-bd8c957a8ba4) **10.** As guided by the installation process, select the option to **Upload custom apps:** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FrZfulKUA40F5DF0GcPdk%2FPhishing_Reporter_Guide_12.png?alt=media\&token=9cbef820-aee7-4a1d-8968-1c906d881580) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FzpST5212HbVq1vri2nS5%2FPhishing_Reporter_Guide_13.png?alt=media\&token=209f0dce-628e-4c50-8b85-456884ce8204) **11.** Choose the option **Provide link to manifest file:** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FbkEURELcLQhEPi6VTlAC%2FPhishing_Reporter_Guide_14.png?alt=media\&token=9fdb08ce-3f04-40ad-9710-4baf41cca24d) **12.** Copy the link provided under the **2nd installation step** and paste it in the text box for validation: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F98D0AhkvSTjPKSqDCFzm%2FPhishing_Reporter_Guide_15.png?alt=media\&token=bd9c8f81-70cb-4eee-9149-6199d54b366f) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FaattEQzzm0S2bsoUpYBL%2FPhishing_Reporter_Guide_16.png?alt=media\&token=092343d0-a46e-450e-8a4d-d85c2f344d8d) **13.** Click on **Validate.** ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fqx95l2gIf17MWxY1yAdZ%2FPhishing_Reporter_Guide_17.png?alt=media\&token=5cd01671-1086-4ecc-858c-6371a4d7eedb) **14.** As we can see, the manifest file has been **validated** as expected! ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FP4APOK4KdNAkqxxjIhVG%2FPhishing_Reporter_Guide_18.png?alt=media\&token=6abb78c8-02c3-48a9-a4a7-05bf09428640) **15.** You can now select **Next** to proceed: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FfWSQRc4RJI7wzGc3V2SO%2FPhishing_Reporter_Guide_19.png?alt=media\&token=4c302bed-3e20-4d9a-a697-ef0f6112b3c3) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FDSqcLKpz8FFdfOmtDAKs%2FPhishing_Reporter_Guide_20.png?alt=media\&token=b47d4604-c1b1-44b0-9172-21b96d65aff5) **16.** If this is a **testing deployment,** you should select the button indicated below: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FLRmVAT1gU9BHE7luBhRw%2FPhishing_Reporter_Guide_21.png?alt=media\&token=fd3e3196-99e0-43f9-8199-eb6d71d6f226) For this instance, we will not be selecting that option. **17.** To enable the phishing reporter plugin for all users of the platform, select the **Entire organization** option. Otherwise, you can specify either **yourself** or the **users/groups** that should have this feature available. ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FVYQYu0eeQQFZ8m1oo3gq%2FPhishing_Reporter_Guide_22.png?alt=media\&token=52804ba2-f324-4e40-9df4-5f4952a9fb36) Note that if you’ve selected the **entire organisation,** there will be needed **approximately 12 hours** for **Outlook’s tools** to **update** and **Phishing Reporter** to appear as expected. **18.** Press on the **Next** button to proceed. ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FbW2bF5m0ZQ9AX9DcixJ4%2FPhishing_Reporter_Guide_23.png?alt=media\&token=8182cc8c-a44f-46c0-9832-c2f0ba96a791) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FooVo7LDGhgaN3XGhH065%2FPhishing_Reporter_Guide_24.png?alt=media\&token=229aac10-8009-4eaf-b7a1-fe7e0618bed7) **19.** Once again, click on **Next.** You will reach the **Finish** step: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FDnnYT4DTZO4Gq4Fmv6Sm%2FPhishing_Reporter_Guide_25.png?alt=media\&token=464b52e2-6234-49e1-879d-d4242df8c5fe) ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FWYEaAF9b18p1kr5xOUjq%2FPhishing_Reporter_Guide_26.png?alt=media\&token=0f921be2-0287-434d-b310-0eb9840eec6c) **20.** Finally, select **Finish deployment** to conclude the process: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Frehb8yeLToXlcKUSTfpM%2FPhishing_Reporter_Guide_27.png?alt=media\&token=b09db01a-05d2-4a59-b08c-c99ddc195e1d) **21.** As we can see, the deployment is completed! ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fc3zrVZ8F61Sei9PCajse%2FPhishing_Reporter_Guide_28.png?alt=media\&token=10a53ead-5ae8-403a-8b7c-92bd1099fb53) **22.** Let’s have a look from the Outlook’s side of things. In the **Home** tab, you will find that a **Report a phishing mail tool** was eventually added. Click on the specified button: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FqhY54A3KTptW74zRrcEZ%2FPhishing_Reporter_Guide_29.png?alt=media\&token=7858f81f-33b2-4aec-8605-e9c09f9e925f) **23.** When we click on the **Report a phishing mail** button, we get the following option: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Ftp27sEOzGKRhQFk5uAbb%2FPhishing_Reporter_Guide_30.png?alt=media\&token=3b0ad9d8-7655-41c7-98f7-5dd59f9650f7) **24.** Click on **Send report** to **finalise.** In this instance, we will report this email using the **default reason** called **Suspicious content**. As always, a recipient may select the appropriate reason for their case. When selecting the **Other reason** option, a user will be asked to provide a description of the issue as well. ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fk7V3yfRlGyPgDrUC7J7s%2FPhishing_Reporter_Guide_31.png?alt=media\&token=3fe47986-fe42-43fe-a3df-e17c20b9d19c) **25.** As we can see, the report has been submitted as expected! ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2F4rWA3mOD3quByXgjrhJU%2FPhishing_Reporter_Guide_32.png?alt=media\&token=e1a5c5ae-c01a-4538-9d53-c6bc0517bd93) **26.** We can also observe that the email has been moved into the **Junk Email** folder: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FBcu8iGNAY2VfhoYkZ3rd%2FPhishing_Reporter_Guide_33.png?alt=media\&token=9080fcd0-4023-4235-93c8-0e2708b56415) **27.** When clicking on it, we can view the following: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2Fu0JLBDzfKCT7j1OR1ARh%2FPhishing_Reporter_Guide_34.png?alt=media\&token=82f62d6c-2949-44dd-bdb1-4cd5f52b8c57) **28.** If the email reported was part of a phishing campaign, reporting such email will trigger an update on the results of said campaign, indicating that the email has been reported: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FIITEwK20bqmCBjkNZEiq%2FPhishing_Reporter_Guide_35.png?alt=media\&token=03514bc4-bfb5-4d48-981f-fc32737886fa) **29.** On the other hand, if the email was not part of a campaign and has been reported, the email address that was added during the configuration step will receive an email containing an **eml** file so it can be **viewed/analysed** later. If the recipient has added a **description** during the reporting procedure, it will also be included: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FvMEo1n74xMq6C6mFgdxB%2FPhishing_Reporter_Guide_36.png?alt=media\&token=cf9a2d90-f2e4-4591-aed8-2a2ad68a25ee) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cyberawaresecurity.com/admin-portal/plugins/microsoft-365-phishing-reporter.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.