Outlook Web Add-in

Compatible Web Applications:

• Outlook on iOS
• Outlook on Android
• Outlook on the web
• Outlook on Windows (Microsoft 365)
• Outlook on Mac (Microsoft 365)
• Only available to Office 365 Users – Work or School accounts only.
• Single Sign-on must be configured on the MyCompliance platform.
• User must authenticate at first use or if cache is cleared.

Configuration Options

• ConfirmMessageBoxTitle: The main pop-up window title. (See screenshot 1 & 3)
• ConfirmMessage: The main confirmation message on the pop-up when the Outlook web add-in button is clicked. (See Screenshot 1)
• DeleteMessages: True = messages are always deleted; False = messages are retained in the user's junk folder.
• ForwardFullReport: True/False; used to pick what data is in the email that is sent to ForwardMailbox.
• ForwardMailBody: If FowardFullReport is False, this setting is used as the body of the email.
• ForwardMailboxName: The internal mailbox email alias.
• ForwardMailbox: The internal email address to which the reported email is sent.
  • ***If EnableWindowsDefender = TRUE, the designated mailbox for the SecOps mailbox must be the address used for the ForwardMailbox.
• ForwardMailSubject: The subject line of the email sent to the ForwardMailbox. 
  • When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is FALSE, then the Edited value within ForwardMailSubject will appear as the subject.
  • When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is TRUE, then the original subject of the reported email will appear as the subject.
• ForwardMailData: If True, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
• ForwardMyCompliancePhish: True = all emails will be sent to the ForwardMailbox; False = phishing simulation emails from MyCompliance do not get sent to ForwardMailbox.
• InternalMailDomain: The internal mail domain; only one domain can be added.
• InternalMessageBoxTitle: The main pop-up window title when the mail sent is from the InternalMailDomain. (See Screenshot 2)
• InternalMessage: The main confirmation message on the pop-up when an email is reported from the InternalMailDomain. (See Screenshot 2)
• MetaPhishSimulationMessage: Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
• ForwardEmailAsAttachment: Reported emails can be sent as an attachment to the dedicated mailbox.
• EnableSharedMailbox: Users with delegated ‘Send as’ permissions to the shared mailbox can report suspicious emails from the shared mailbox.
  • Additional permissions are required to be enabled within your Office 365 Admin Centre when enabling this option. New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.
• EnableWindowsDefender: Enable Windows Defender integration.
  • To configure the client Microsoft Windows Defender to record the reported phishing data, please follow the steps seen in this article: How to set up Microsoft Defender Integration

Permissions

If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:

• Mail.Send.Shared
• Mail.ReadWrite.Shared
• User.Read
• Mail.ReadWrite
• Mail.Send

If you are not opting to utilise all available features, then only a subset of these permissions is required.

Outlook Web Screenshots

The images below outline what will be presented to the end user when reporting a phish via the Outlook Web Add-in.

The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.

Screenshot 1

Screenshot 2

Screenshot 3: