Once the Outlook Web Add-in is published via the O365 Admin console, users have access to the add-in within the Android MS Outlook App.

• From within the email, the end user selects the ellipsis (three dots) icon (highlighted below) to report it and clicks the Phish Mail icon.

• On first use, the user must authenticate to Azure AD (standard O365 credentials).

• The user is then asked to confirm if they are happy to report the email as a phishing email. (The text will differ depending on the setting.) 

Below is a sample message that could be displayed if a user accidentally reports an email from their own company domain.

• At this point, if the action was taken in error, the customer can cancel.

• Finally, the user receives a confirmation message indicating that the email has been successfully reported.