Microsoft Report Phish Button Integration - High Level Overview

 

What the Feature is

Phish simulation emails can now be reported using Microsoft's built-in Report Message / Report Phishing button in Outlook. Users simply click the same native button they already use to report suspicious emails. Reported Phish simulations are automatically routed to MetaCompliance for tracking and analysis, while real phishing emails continue to flow to Microsoft Defender as normal.

What the Feature is NOT

We will not be handling any other emails that are reported as phishing emails. ONLY Phish emails. 

 

Key Benefits

- One reporting button for all phishing emails, reducing user confusion.

- No plugins or user training required - uses Microsoft's native button.

- More accurate reporting data, as all simulation reports are captured.

- Quick, low-risk setup with no special licensing required when using the mail flow method.

- Multi-language supported out of the box, as uses Microsoft's native button

 

How to Set it Up (Admin Steps)

1. Choose or create a shared mailbox to receive all reported emails.

2. In Microsoft Defender, enable the built-in Outlook Report button and route reported messages to that shared mailbox.

3. Add a mail flow rule in Exchange to redirect Phish simulation emails from the shared mailbox to your MetaCompliance mailbox.

This ensures only simulation emails are forwarded to MetaCompliance, while real phish stay in Defender.

Please note, customers will need to ensure DKIM and SPF have been setup for their domains to ensure MetaCompliance receives emails successfully.

 

What Users Will See

Users continue clicking the same Microsoft Report Message / Report Phishing button. Microsoft displays its normal confirmation, and everything else happens in the background. No user workflow changes.

 

Summary

This integration provides a single reporting method, cleaner behavioural data, and seamless alignment with Microsoft's ecosystem. This is achieved without requiring plugins, permissions, or changes to user behaviour.

 

 

Back to all articles