This article explains how to install and configure the SMARTFENSE phishing report button for Microsoft Outlook and Office 365, including installation requirements, domain validation, and whitelist configuration in Microsoft Defender.
Prerequisite: regardless of the email client used, you must validate your corporate domains in SMARTFENSE for the button to work correctly. This step is mandatory and must be completed in parallel with the installation.
Please refer to the domain validation guide: How to validate a domain in SMARTFENSE
Button Installation
To get started, go to Settings > Simulations > Phishing Report Button and complete the requested information following the installation guide.
1. Configuration Data
In this section, you must enter the email address(es) that will receive reports of external emails reported (not coming from simulations).
If you enter more than one email, they must be separated by commas, with no spaces.
2. Installation Data
| Note: the report button is not compatible with Outlook 2013 nor with versions without official support from Microsoft. |
Select the mail client: Outlook and Office 365.
Further down in this section, you will find the button installer available.
You must always use the installer corresponding to your instance.
-
Before downloading, you must complete the fields:
Tenant ID
Application ID
Secret
These values are obtained by following the steps in the guide under the Automation section.
After completing the data, download the installer and perform the installation following the Button Installation section of the guide.
3. Save
Once the process is complete, click Save.
The deployment of the button on mail clients may take between 24 and 72 hours, depending on the number of accounts in the domain.
Whitelist Implementation for the Report Button
The report recipient email must allow the sender:
preport@livefense.com
The domains that must be allowed are:
livefense.com
phishalertbutton.com (button from 04/20/2024)
palertbutton.com (button before 04/20/2024)
And the IP:
160.153.250.248
This must be configured in Microsoft Defender.
Important Clarifications
In Settings > Simulations > Phishing Report Button, under the “i” icon, you will find online help with more details.
The button may take up to 72 hours to appear for all users.
If a user has more than one account configured in Outlook, the corporate domain account must be set as primary to see the button.
Common Issues
Outlook 2016 shows compatibility error:
In Office 2016 and earlier installations, Outlook depends on Internet Explorer. If it was disabled by Windows updates, the add-in may fail.
Later versions require Microsoft Edge enabled.
Frequently Asked Questions about Centralized Deployment
SMARTFENSE recommends consulting Microsoft’s official documentation:
It explains topics such as:
How to know if your organization is enabled for centralized deployment.
Assigning add-ins to users.
Estimated deployment and removal times for add-ins.
💡 Best Practices
Validate all corporate domains before starting the installation.
Correctly complete Tenant ID, Application ID, and Secret to avoid installer failures.
Configure the whitelist in Microsoft Defender before deploying the button.
Verify Outlook compatibility according to the installed version.