Outlook Web Add-in

Compatible Web Applications:

• Outlook on iOS
• Outlook on Android
• Outlook on the web
• Outlook on Windows (Microsoft 365)
• Outlook on Mac (Microsoft 365)

⚠️ Note:

• Only available to Office 365 Users – Work or School accounts only.
• Single Sign-on must be configured on the MyCompliance platform.
• User must authenticate at first use or if the cache is cleared.

Configuration Options

• ConfirmMessageBoxTitle: The main pop-up window title. (See screenshots 1 & 3)
• ConfirmMessage: The main confirmation message displayed when the Outlook web add-in button is clicked. (See Screenshot 1)
• DeleteMessages: 
  • True = Messages are always deleted
  • False = Messages are retained in the user's junk folder
• ForwardFullReport: True/False; determines what data is in the email sent to ForwardMailbox.
• ForwardMailBody: If FowardFullReport = FALSE, this setting is used as the body of the email.
• ForwardMailboxName: The internal mailbox email alias.
• ForwardMailbox: The internal email address to which the reported email is sent.
  • ⚠️ Important: If EnableWindowsDefender = TRUE, the designated SecOps mailbox must be used as the address for the ForwardMailbox.
• ForwardMailSubject: The subject line of the email sent to the ForwardMailbox. 
  • If ForwardEmailAsAttachment = TRUE and the ForwardFullReport = FALSE, the Edited value within ForwardMailSubject will appear as the subject.
  • If ForwardEmailAsAttachment =TRUE and the ForwardFullReport = TRUE, the original subject of the reported email will appear as the subject.
• ForwardMailData: If True, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
• ForwardMyCompliancePhish: 
  • True = all emails are sent to ForwardMailbox
  • False = Phishing simulation emails from MyCompliance are not sent to ForwardMailbox
• InternalMailDomain: The internal mail domain; only one domain can be added.
• InternalMessageBoxTitle: The main pop-up window title when the mail originates from InternalMailDomain. (See Screenshot 2)
• InternalMessage: The main confirmation message displayed when an email is reported from InternalMailDomain. (See Screenshot 2)
• MetaPhishSimulationMessage: Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
• ForwardEmailAsAttachment: Reported emails can be sent as an attachment to the dedicated mailbox.
• EnableSharedMailbox: Allows users with delegated ‘Send as’ permissions to report suspicious emails from the shared mailbox.
  • Additional permissions must be enabled within your Office 365 Admin Centre when enabling this option.
  • New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.
• EnableWindowsDefender: Enable Windows Defender integration.
  • To configure the client Microsoft Windows Defender to record the reported phishing data, follow the steps in this article: How to set up Microsoft Defender Integration

Permissions

If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:

• Mail.Send.Shared
• Mail.ReadWrite.Shared
• User.Read
• Mail.ReadWrite
• Mail.Send

If you are not opting to utilise all available features, then only a subset of these permissions is required.

Outlook Web Screenshots

The images below outline what users will see when reporting a phish via the Outlook Web Add-in.

The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.

Screenshot 1

Screenshot 2

Screenshot 3: