LogoLogo
Get Demo
  • đź’«NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Steps to Set Up the Integration
  • Step 1: Create a Shared Mailbox for Reports
  • Step 2: Set Up a Mail Flow Rule
  • Step 3: Configure the Microsoft Phishing Reporting Add-In
  • Step 4: Install the Microsoft Outlook 365 'Report Phishing' Add-In
  • Step 5: Test the Integration
  • Possible Considerations

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Phishing Reporter

Integrating Microsoft Phishing Reporting Button with Keepnet

PreviousDiagnostic ToolNextTroubleshooting Phishing Reporter on Outlook Desktop

Last updated 2 months ago

Was this helpful?

This integration allows your employees to continue using Microsoft’s Phishing Reporting button to report suspicious emails to your SOC team or Microsoft Defender. Along with that, this integration adds new benefits by forwarding reported emails to Keepnet’s Incident Responder. This ensures deeper analysis and tracking capabilities while maintaining your existing reporting process.

Key Benefits:

  • Dual Reporting: Emails reported via the Microsoft Phishing Reporting Button are sent to both Microsoft Defender and Keepnet's Incident Responder product for advanced analysis.

  • Simulation Tracking: During phishing simulation campaigns, Keepnet tracks employees who report simulated phishing emails, helping administrators measure awareness and provide training.

Steps to Set Up the Integration

Step 1: Create a Shared Mailbox for Reports

If you don’t already have a shared inbox for phishing reports:

  1. Log into the .

  2. Navigate to Recipients > Mailboxes > Add a Shared Mailbox.

  3. Enter a Display Name and Email Address for the shared mailbox.

  4. Click the Create button to create a shared mailbox.

Step 2: Set Up a Mail Flow Rule

Forward reported phishing emails to Keepnet using a mail flow rule:

  1. Please of Keepnet to get the Keepnet email address for forwarding.

  2. Log into the and open the Exchange Admin Center.

  3. Go to Mail Flow > Rules and click Create New Rule.

  4. Configure the rule:

    • Name: Enter a name such as "Forward Reported Emails to Keepnet".

    • Set Apply this rule if: Select the "The recipient" and then select the "is this person" option. Please enter the shared mailbox email address that you created in the previous section.

    • Do the following: Select the "Add Recipients" and then select the "to the To box" option. Please enter the email address that you got from the Keepnet Support Team.

  5. Leave the "Except if" option as default and then click Next.

  6. Leave the "Set rule settings" page settings as default and then click Next.

  7. Click Finish to create the rule.

Step 3: Configure the Microsoft Phishing Reporting Add-In

  1. Ensure “Monitor reported messages in Outlook” is active.

  2. Choose “Use the built-in Report button in Outlook”.

  3. Set “Reported message destinations” to “Microsoft and my reporting mailbox” or “My reporting mailbox only”.

  4. Add your shared mailbox that you created at the beginning of the document to the "Add an exchange online mailbox to send reported messages to:" field and save.

Step 4: Install the Microsoft Outlook 365 'Report Phishing' Add-In

If not already installed:

  1. Visit Microsoft AppSource and search for “Report Phishing”.

  2. Click Get it now and follow the installation instructions.

  3. Wait up to 12 hours for the add-in to appear in Outlook.

Step 5: Test the Integration

  1. Launch a phishing simulation campaign through Keepnet.

  2. Report a simulation email using the Microsoft Phishing Reporting button. Then, go to your campaign report and click the Reporters menu to verify that you reported the simulation email.

  3. Verify the email is also visible on Keepnet’s Incident Responder page.

Possible Considerations

  • Reporting Delays: When Microsoft forwards reported emails to the specified email destination, there may be a delay caused by Microsoft’s internal processing. For example, some emails may appear immediately whilst other emails may take 10 minutes to get reported to Keepnet from Microsoft.

  • Blocked Emails: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.

  • Interference: External security solutions, such as Data Loss Prevention (DLP) systems, may interfere with email forwarding from Microsoft to Keepnet. This can result in delays or prevent emails from being reported altogether.

  • Email Quarantine: Emails flagged as phishing might be quarantined by Microsoft or other security solutions, causing delays in forwarding.

  • Policy Conflicts: Custom email policies on the customer’s Microsoft tenant could block or redirect reported emails, affecting Keepnet’s tracking.

  • Server Downtime: Temporary unavailability of Microsoft or Keepnet’s email servers can result in reporting delays.

Open in your Microsoft 365 portal.

đź’«
Microsoft Exchange Admin Center
contact the support team
Microsoft 365 Admin Center
User Submission Settings