Back to all articles

MetaCompliance Outlook Web Add-in Prerequisites

Outlook Web Add-in

  • Compatible Web Applications:
  • Outlook 2019 or later (Windows)
  • Outlook 2019 or later (Mac)
  • Outlook on iOS
  • Outlook on Android
  • Outlook on the web
  • Outlook on Windows (Microsoft 365)
  • Outlook on Mac (Microsoft 365)
  • Only available to Office 365 Users – Work or School accounts only
  • Single Sign-on must be configured on the MyCompliance Platform
  • User must authenticate at first use or if cache is cleared.

Configuration Options

  • ConfirmMessageBoxTitle – The main pop-up window title (See screenshot 1, 2 & 3).
  • ConfirmMessage – The main confirmation message on the pop-up when the Outlook web add-in button is clicked. (See Screenshot 1)
  • DeleteMessages – True = messages are always deleted, False = messages are retained in users junk folder.
  • ForwardFullReport – True/False – used to pick what data is in the email that is sent to ForwardMailbox.
  • ForwardMailBody – If FowardFullReport is False, this setting is used as the body of the email.
  • ForwardMailboxName – The internal mailbox email alias.
  • ForwardMailbox – The internal email address where the reported email is sent to.
  • ForwardMailSubject – The information which is added as a prefix to the subject line of the email sent to the ForwardMailbox.
  • ForwardMailData – If true, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
  • ForwardMyCompliancePhish– True = all mails will be sent to the ForwardMailbox, False = phishing simulation emails from MyCompliance do not get sent to ForwardMailbox.
  • InternalMailDomain – The internal mail domain; only one domain can be added.
  • InternalMessageBoxTitle – The main pop-up window title when the mail sent is from the InternalMailDomain. (See Screenshot 2)
  • InternalMessage – The main confirmation message on the pop-up when an email is reported from the InternalMailDomain. (See Screenshot 2)
  • MetaPhishSimulationMessage – Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
  • ForwardEmailAsAttachment – Reported emails can be sent as an attachment to the dedicated mailbox.
  • EnableSharedMailbox**– Users with delegated ‘Send as’ permissions to the shared mailbox can report suspicious emails from the shared mailbox.

**Additional permissions required to be enabled within your Office 365 Admin Centre when enabling this option. New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.



If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:

  • Mail.Send.Shared
  • Mail.ReadWrite.Shared
  • User.Read
  • Mail.ReadWrite
  • Mail.Send

If you are not opting to utilise all available features, then only a subset of these permissions are required.



The images below outline what will be presented to the end user when reporting a phish via the Outlook Web Add-in. The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.

Screenshot 1:


Screenshot 2:


Screenshot 3: