MetaCompliance Outlook Web Add-in Prerequisites

Outlook Web Add-in

  • Compatible Web Applications:
  • Outlook 2019 or later (Windows)
  • Outlook 2019 or later (Mac)
  • Outlook on iOS
  • Outlook on Android
  • Outlook on the web
  • Outlook on Windows (Microsoft 365)
  • Outlook on Mac (Microsoft 365)
  • Only available to Office 365 Users – Work or School accounts only
  • Single Sign-on must be configured on the MyCompliance Platform
  • User must authenticate at first use or if cache is cleared.

Configuration Options

  • ConfirmMessageBoxTitle – The main pop-up window title (See screenshot 1, 2 & 3).
  • ConfirmMessage – The main confirmation message on the pop-up when the Outlook web add-in button is clicked. (See Screenshot 1)
  • DeleteMessages – True = messages are always deleted, False = messages are retained in the user's junk folder.
  • ForwardFullReport – True/False – used to pick what data is in the email that is sent to ForwardMailbox.
  • ForwardMailBody – If FowardFullReport is False, this setting is used as the body of the email.
  • ForwardMailboxName – The internal mailbox email alias.
  • ForwardMailbox – The internal email address to which the reported email is sent to. ***If EnableWindowsDefender = TRUE the designated mailbox for the SecOps mailbox must be the address used for the ForwardMailbox.
  • ForwardMailSubject – The information which is added as a prefix to the subject line of the email sent to the ForwardMailbox. 
  • ForwardMailData – If true, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
  • ForwardMyCompliancePhish– True = all emails will be sent to the ForwardMailbox, False = phishing simulation emails from MyCompliance do not get sent to ForwardMailbox.
  • InternalMailDomain – The internal mail domain; only one domain can be added.
  • InternalMessageBoxTitle – The main pop-up window title when the mail sent is from the InternalMailDomain. (See Screenshot 2)
  • InternalMessage – The main confirmation message on the pop-up when an email is reported from the InternalMailDomain. (See Screenshot 2)
  • MetaPhishSimulationMessage – Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
  • ForwardEmailAsAttachment – Reported emails can be sent as an attachment to the dedicated mailbox.
  • EnableSharedMailbox**– Users with delegated ‘Send as’ permissions to the shared mailbox can report suspicious emails from the shared mailbox.
  • EnableWindowsDefender***- Enable Windows Defender integration

**Additional permissions are required to be enabled within your Office 365 Admin Centre when enabling this option. New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.

***To configure the client Microsoft Windows Defender to record the reported phishing data, please follow the steps seen in this article: How to set up Microsoft Defender Integration



If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:

  • Mail.Send.Shared
  • Mail.ReadWrite.Shared
  • User.Read
  • Mail.ReadWrite
  • Mail.Send

If you are not opting to utilise all available features, then only a subset of these permissions are required.



The images below outline what will be presented to the end user when reporting a phish via the Outlook Web Add-in. The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.

Screenshot 1:


Screenshot 2:


Screenshot 3:

Back to all articles