LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • Microsoft Page View Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Microsoft Ribbon Phishing Reporter User Experience
  • Supported clients
  • Prerequisites
  • How to Install the Microsoft Ribbon Phishing Reporter
  • Troubleshooting Microsoft Ribbon Phishing Reporter
  • We were unable to process this item. Please try again later.
  • How Microsoft Ribbon Phishing Reporter Buttons Look on Outlook Platforms
  • New Outlook
  • Classic Outlook
  • Outlook Web App (OWA)
  • Outlook for Mac
  • Outlook Mobile (iOS / Android)
  • Frequently Asked Questions (FAQs)
  • Q: Can I show a confirmation prompt before deleting a reported email?
  • Q: Does the Ribbon work on Outlook Mobile for iPhone or Android?
  • Q: Can I change the window size of the Ribbon message (e.g., set a fixed width and height)?
  • Q: Can I provide a language selection option for users to choose their preferred language for pop-up messages?
  • Q: I see the Microsoft Ribbon Phishing Reporter in Outlook Desktop on my MacBook, but it doesn't work. Why?
  • Q: If Microsoft automatically deletes the reported email, can it be recovered?
  • Q: Can I use the Ribbon Add-in and Page View Add-in together?
  • Q: Why can't I report multiple emails at the same time in Classic Outlook on Windows?
  • Q: What Permissions are Required for Microsoft Graph API
  • Tutorial Video

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Phishing Reporter
  4. Phishing Reporter Deployment

Microsoft Ribbon Phishing Reporter

PreviousPhishing Reporter Page View Failure Due to Deprecated Exchange Online TokensNextMicrosoft Page View Phishing Reporter

Last updated 3 days ago

Was this helpful?

The Microsoft Ribbon Phishing Reporter allows your users to easily report suspicious emails and help protect your organization from cyberattacks. When you integrate the Phishing Reporter with Microsoft's integrated spam-reporting feature, the Phishing Reporter will appear in the Outlook ribbon.

When your users click the Phishing Reporter to report an email, they can provide your IT team with an early warning about potential threats. You can receive reported emails in the Microsoft 365 Defender platform and the Keepnet Incident Responder page.

To learn how to install the Microsoft Ribbon Phishing Reporter and how your users can use the Phishing Reporter in their mail clients, see the sections below.

If you use the phishing feature in the Keepnet Incident Responder menu, the Microsoft Ribbon Phishing Reporter will also track if your users report our simulated phishing emails. You can use this feature to see which users successfully identify potential threats.

Microsoft Ribbon Phishing Reporter User Experience

Here is an example view of the ribbon phishing reporter on Outlook.

  • When using the new Outlook Ribbon, clicking the Phishing Report button opens a pop-up window instead of a side panel.

  • The pop-up provides the same reporting options but appears as a temporary dialog in the center of the screen.

  • This is the default experience for some Outlook versions, including Outlook on Windows with the new Ribbon UI.

Supported clients

Client
Status

Outlook on the web

Supported*

Supported*

Classic Outlook on Windows

Version 2404 (Build 17530.15000)

Supported

Outlook on Mac

Version 16.81 (23121700) or later

Outlook on Android

Not available

Outlook on iOS

Not available

Prerequisites

Before you can install the Microsoft Ribbon Phishing Reporter for your organization, your organization will need to have a Microsoft 365 mail server and license. The Phishing Reporter is compatible with the following email clients and requirements.

How to Install the Microsoft Ribbon Phishing Reporter

  1. Go to Phishing Reporter > Manage and Download section and click “Connect Account”

  1. Log in to your Microsoft 365 account using your admin credentials.

  2. Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.

  1. Once you accept the permissions, the GRAPH Authorization Successful window will display.

  1. Click the Download icon below the Microsoft Ribbon Phishing Reporter option to download the PhishingReporterRibbon.xml file.

  2. In a new tab of your browser, log in to your Microsoft 365 admin center.

  1. From the menu on the left side of the page, click Settings.

  2. From the Settings drop-down menu, select Integrated apps.

  1. Click Add-ins at the top-right corner of the page. The Add-ins page will open

  1. On the Add-ins page, click Deploy Add-In. The Deploy a new add-in pop-up window will open.

  1. In the pop-up window, click Next.

  1. Click Upload custom apps.

  1. Select the I have the manifest file (.xml) on this device option. Then, click Choose File and select the PhishingReporterRibbon.xml file that you downloaded in step 6.

  1. Click Upload to install the Phishing Reporter. The Configure add-in pop-up window will open.

  1. From the pop-up window, select which users will have access to the Phishing Reporter and which method you would like to use to deploy the Phishing Reporter.

We recommend that you allow all users to access the Phishing Reporter. We also recommend that you use the Fixed deployment method.

  1. Click Next, and additional app permissions will display.

  2. Once you have read the permissions, click Save. The Deploy Phishing Reporter pop-up window will open.

  1. Once the pop-up window displays a confirmation that the add-in successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about announcement recommendations from Microsoft.

After you install and deploy the Phishing Reporter, you might receive an email from your mail service provider that contains information you can use to help you announce the Phishing Reporter add-in to your users. Keepnet does not send the email about the Phishing Reporter’s intended usage and benefits.

  1. Click Close to close the pop-up window.

Troubleshooting Microsoft Ribbon Phishing Reporter

We were unable to process this item. Please try again later.

"We were unable to process this item. Please try again later." message in the Ribbon Phishing Reporter in Outlook.

It is recommended because:

  1. Compatibility Issues with Classic Outlook

  • Microsoft is shifting support toward New Outlook, which has improved integration with cloud-based services and add-ins.

  1. Performance & Connectivity Fixes in New Outlook

  • New Outlook is built on a web-based architecture, offering better compatibility with Microsoft 365 cloud services, including phishing reporting.

  • It resolves time-out errors caused by outdated local add-in frameworks.

  1. Bug Fixes & Updates

  • Microsoft frequently updates the New Outlook, while the classic version may have outdated code that affects add-in performance.

  1. Cloud Integration & Service Connectivity

  • The Phishing Reporter add-in relies on Microsoft 365 cloud APIs to submit reports.

  • If the classic Outlook version struggles with these connections, switching to the New Outlook can ensure a more stable connection.

Try Enabling "New Outlook" as suggested.

How Microsoft Ribbon Phishing Reporter Buttons Look on Outlook Platforms

Microsoft Ribbon Phishing Reporter helps users report suspicious emails quickly and easily across multiple email platforms. This section visually showcases how the Phishing Reporter button appears in different environments—Outlook Desktop (New/Classic), Outlook Web (OWA), Outlook on Mac, Mobile (IOS/Android).

New Outlook

In the redesigned New Outlook interface, the Phishing Reporter button is placed conveniently in the top toolbar when viewing an email.

  1. Open your Inbox.

  2. Select the suspicious email.

  3. Click the Phishing Reporter button in the toolbar at the top.

Classic Outlook

In Classic Outlook, the reporter button is accessible directly from the ribbon while reading or previewing an email.

  1. Click Inbox from your folder list.

  2. Open the email you want to report.

  3. Click the Phishing Reporter button on the ribbon toolbar.

Outlook Web App (OWA)

If you’re using Outlook on the web, the reporter button is clearly visible in the action toolbar when viewing a message.

  1. Go to your Inbox.

  2. Open the suspicious email.

  3. Click the Phishing Reporter icon in the top menu.

Outlook for Mac

For Outlook on macOS, the reporter button is available under the Report dropdown.

  1. Select the email in your Inbox.

  2. Click the Report dropdown from the top toolbar.

  3. Choose Phishing Reporter.

Outlook Mobile (iOS / Android)

The mobile version of Outlook provides access to the reporter through the contextual options menu:

  1. While viewing a suspicious email, tap the three dots (•••) in the upper-right.

  2. Tap on the Suspicious Email Reporter icon.

Frequently Asked Questions (FAQs)

Q: Can I show a confirmation prompt before deleting a reported email?

A: No, Microsoft Ribbon Phishing Reporter automatically deletes the reported email and does not provide an option to prompt employees for confirmation before deletion.

Q: Does the Ribbon work on Outlook Mobile for iPhone or Android?

Q: Can I change the window size of the Ribbon message (e.g., set a fixed width and height)?

A: No, Microsoft does not allow modifications to the pop-up box. Its size is automatically adjusted.

Q: Can I provide a language selection option for users to choose their preferred language for pop-up messages?

A: No, Microsoft does not support adding a language selection option within the pop-up. The language is automatically set based on the user’s Outlook language settings.

Q: I see the Microsoft Ribbon Phishing Reporter in Outlook Desktop on my MacBook, but it doesn't work. Why?

Q: If Microsoft automatically deletes the reported email, can it be recovered?

A: Yes, after an email is reported, Microsoft displays a message confirming its deletion. This message includes an "Undo" option, allowing employees to recover the reported email if needed.

Q: Can I use the Ribbon Add-in and Page View Add-in together?

A: Yes, you can deploy both of them, and your employees can use either the Ribbon Add-in or the Page View Add-in based on their preference.

Q: Why can't I report multiple emails at the same time in Classic Outlook on Windows?

A: In classic Outlook on Windows, the Phishing Reporter processes one reported message at a time. If you attempt to report another email while the first one is still being processed, a notification dialog will appear, informing you that the previous report is still in progress.

To report multiple emails, please wait for the current report to complete before submitting the next one. This limitation ensures that each report is properly processed without conflicts.

Q: What Permissions are Required for Microsoft Graph API

A: The Microsoft Ribbon Phishing Reporter requires specific Microsoft Graph API permissions to function effectively within an organization’s Microsoft 365 environment. These permissions allow the application to interact with users’ emails, retrieve necessary details for reporting phishing attempts, and ensure smooth integration with the email infrastructure.

Below is a breakdown of the permissions required and their purpose:

1. Mail Permissions

  • Mail.Read: Allows the Phishing Reporter to read the user’s email to retrieve necessary email details such as headers, attachments, and content.

  • Mail.Read.Shared: Extends read access to shared mailboxes, ensuring that the application can retrieve phishing emails reported from shared accounts.

  • Mail.ReadWrite: Provides both read and write access to the user’s mailbox, enabling modifications or tagging of emails as needed.

  • Mail.ReadWrite.Shared: Extends read and write permissions to shared mailboxes for better handling of phishing reports.

  • Mail.Send: Enables the application to send emails, which may be necessary when forwarding reported phishing emails.

  • Mail.Send.Shared: Allows the application to send emails from shared mailboxes when the user has the appropriate permissions.

2. User Profile Permissions

  • openid: Grants access to the user's unique ID, helping in authentication and identity verification.

  • profile: Allows the Microsoft Ribbon Phishing Reporter to retrieve basic user profile information, ensuring accurate reporting and tracking.

Tutorial Video

This video tutorial shows the documentation steps for deploying Microsoft Ribbon Phishing Reporter add-in on M365.

The following table identifies which Outlook clients support the integrated spam-reporting feature. See the .

Only in Preview, Not Fully Functional (see )

* In Outlook on the web and the new Outlook on Windows, the integrated spam-reporting feature isn't supported for . Microsoft 365 Consumer accounts (, Hotmail, ) are for personal use and don’t support the integrated spam-reporting feature in Outlook on the web or the new Outlook on Windows.

The Microsoft Ribbon Phishing Reporter supports installation for . This feature requires that Graph API and Nested App Authentication single sign-on (NAA-SSO) permissions are authorized in your Microsoft 365 tenant. See installation steps 5 through 9 below for how to authorize these permissions.

Customize for your organization's needs

The expected timeframe for the Phishing Reporter to deploy is 24 hours, but timeframes can vary. For more information about deploying add-ins, see Microsoft's article.

The suggested solution is to ""

The Microsoft Ribbon Phishing Reporter add-in might not be fully supported or optimized in the classic (legacy) Outlook for Windows except Version 2404 (Build 17530.15000). See

A: As of March 2025, Microsoft does not support Outlook Mobile. Please refer to the supported clients list for updates:

A: Microsoft currently provides the Ribbon Phishing Reporter for preview purposes only on Outlook Desktop for Mac. While it may be visible, it is not fully functional. Please refer to the supported clients list for details:

💫
full list here from Microsoft official documentation
Microsoft 365 consumer accounts
Outlook.com
Live.com
shared mailboxes
Phishing Reporter
Deploy add-ins in the Microsoft 365 admin center
Toggling on New Outlook
Supported Clients
Supported Clients
Supported Clients
New Outlook on Windows
Preview the integrated spam-reporting feature in Outlook on Mac
We were unable to process this item issue on Microsoft Ribbon Phishing Reporter
Toggling on New Outlook