MetaCompliance Phish Reporter Prerequisites

Outlook Web Add-in

Compatible Web Applications:

  • Outlook on iOS
  • Outlook on Android
  • Outlook on the web
  • Outlook on Windows (Microsoft 365)
  • Outlook on Mac (Microsoft 365)
  • Only available to Office 365 Users – Work or School accounts only.
  • Single Sign-on must be configured on the MyCompliance platform.
  • User must authenticate at first use or if cache is cleared.

Configuration Options

  • ConfirmMessageBoxTitle: The main pop-up window title. (See screenshot 1 & 3)
  • ConfirmMessage: The main confirmation message on the pop-up when the Outlook web add-in button is clicked. (See Screenshot 1)
  • DeleteMessages: True = messages are always deleted; False = messages are retained in the user's junk folder.
  • ForwardFullReport: True/False; used to pick what data is in the email that is sent to ForwardMailbox.
  • ForwardMailBody: If FowardFullReport is False, this setting is used as the body of the email.
  • ForwardMailboxName: The internal mailbox email alias.
  • ForwardMailbox: The internal email address to which the reported email is sent.
    • ***If EnableWindowsDefender = TRUE, the designated mailbox for the SecOps mailbox must be the address used for the ForwardMailbox.
  • ForwardMailSubject: The subject line of the email sent to the ForwardMailbox. 
    • When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is FALSE, then the Edited value within ForwardMailSubject will appear as the subject.
    • When the ForwardEmailAsAttachment option is TRUE and the ForwardFullReport option is TRUE, then the original subject of the reported email will appear as the subject.
  • ForwardMailData: If True, email data is sent to the MyCompliance platform to enable data collection on staff behaviours.
  • ForwardMyCompliancePhish: True = all emails will be sent to the ForwardMailbox; False = phishing simulation emails from MyCompliance do not get sent to ForwardMailbox.
  • InternalMailDomain: The internal mail domain; only one domain can be added.
  • InternalMessageBoxTitle: The main pop-up window title when the mail sent is from the InternalMailDomain. (See Screenshot 2)
  • InternalMessage: The main confirmation message on the pop-up when an email is reported from the InternalMailDomain. (See Screenshot 2)
  • MetaPhishSimulationMessage: Message prompt when the user correctly identifies a MyCompliance simulated phishing email. (See Screenshot 3)
  • ForwardEmailAsAttachment: Reported emails can be sent as an attachment to the dedicated mailbox.
  • EnableSharedMailbox: Users with delegated ‘Send as’ permissions to the shared mailbox can report suspicious emails from the shared mailbox.
    • Additional permissions are required to be enabled within your Office 365 Admin Centre when enabling this option. New O365 permissions include Mail.ReadWrite.Shared and Mail.Send.Shared.
  • EnableWindowsDefender: Enable Windows Defender integration.

Permissions

If utilising all available features, the following permissions must be accepted by a Global Admin before rolling the plugin out to end users:

  • Mail.Send.Shared
  • Mail.ReadWrite.Shared
  • User.Read
  • Mail.ReadWrite
  • Mail.Send

If you are not opting to utilise all available features, then only a subset of these permissions is required.

Outlook Web Screenshots

The images below outline what will be presented to the end user when reporting a phish via the Outlook Web Add-in.

The text shown will be updated to reflect the information you have added to the Outlook Web Add-in Customer Template.

Screenshot 1

 

Screenshot 2

 

Screenshot 3:

Back to all articles