Get instant support with our search!
MetaCompliance Phish Reporter Prerequisites
Outlook Web Add-in
Compatible Web Applications:
- Outlook on iOS
- Outlook on Android
- Outlook on the web
- Outlook on Windows (Microsoft 365)
- Outlook on Mac (Microsoft 365)
- Only available to Office 365 Users – Work or School accounts only.
- Single Sign-on must be configured on the MyCompliance platform.
- User must authenticate at first use or if cache is cleared.
Configuration Options
- ConfirmMessageBoxTitle: The main pop-up window title. (See screenshot 1 & 3)
- ConfirmMessage: The main confirmation message on the pop-up when the Outlook web add-in button is clicked. (See Screenshot 1)
- DeleteMessages: True = messages are always deleted; False = messages are retained in the user's junk folder.
- ForwardFullReport: True/False; used to pick what data is in the email that is sent to ForwardMailbox.
- ForwardMailBody: If FowardFullReport is False, this setting is used as the body of the email.
- ForwardMailboxName: The internal mailbox email alias.
-
ForwardMailbox: The internal email address to which the reported email is sent.
- ***If EnableWindowsDefender = TRUE, the designated mailbox for the SecOps mailbox must be the address used for the ForwardMailbox.
-
ForwardMailSubject: The subject line of the email sent to the ForwardMailbox.
- When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is FALSE, then the Edited value within ForwardMailSubject will appear as the subject.
- When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is TRUE, then the original subject of the reported email will appear as the subject.
- ForwardMailData: If True, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
- ForwardMyCompliancePhish: True = all emails will be sent to the ForwardMailbox; False = phishing simulation emails from MyCompliance do not get sent to ForwardMailbox.
- InternalMailDomain: The internal mail domain; only one domain can be added.
- InternalMessageBoxTitle: The main pop-up window title when the mail sent is from the InternalMailDomain. (See Screenshot 2)
- InternalMessage: The main confirmation message on the pop-up when an email is reported from the InternalMailDomain. (See Screenshot 2)
- MetaPhishSimulationMessage: Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
- ForwardEmailAsAttachment: Reported emails can be sent as an attachment to the dedicated mailbox.
-
EnableSharedMailbox: Users with delegated ‘Send as’ permissions to the shared mailbox can report suspicious emails from the shared mailbox.
- Additional permissions are required to be enabled within your Office 365 Admin Centre when enabling this option. New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.
-
EnableWindowsDefender: Enable Windows Defender integration.
- To configure the client Microsoft Windows Defender to record the reported phishing data, please follow the steps seen in this article: How to set up Microsoft Defender Integration
Permissions
If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:
- Mail.Send.Shared
- Mail.ReadWrite.Shared
- User.Read
- Mail.ReadWrite
- Mail.Send
If you are not opting to utilise all available features, then only a subset of these permissions is required.
Outlook Web Screenshots
The images below outline what will be presented to the end user when reporting a phish via the Outlook Web Add-in.
The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.
Screenshot 1
Screenshot 2
Screenshot 3: