This article explains how to integrate the native Phishing Report button in Microsoft Outlook with SMARTFENSE, including domain validation, integration configuration, and false positive management to ensure reliable statistics.
Prerequisite: regardless of the email client used, you must validate your corporate domains in SMARTFENSE for the button to work correctly. This step is mandatory and must be completed in parallel with the installation.
Please refer to the domain validation guide: How to validate a domain in SMARTFENSE
Overview
Integration with the native Phishing Report button in Microsoft Outlook allows you to centralize reports made by users directly from Outlook in SMARTFENSE.
For proper implementation, the following configurations must be completed:
Domain validation: How to validate a domain in SMARTFENSE
Outlook integration setup
False positive configuration (optional but recommended)
Configuration of the Microsoft Outlook Phishing Report Button Integration
To enable the integration, go to:
Settings > Integrations > Outlook Report Phishing add-in
Enable the integration.
Complete the required information following the Setup Guide.
Click Check connection to validate the configuration.
-
Once validated, press .
False Positive Configuration
This step is optional, but highly recommended to improve the quality of the statistics.
In the section:
Settings > Security > False Positives
Within the Simulation Report section, select the option:
Mark all interactions that occur after the report as false positives
This configuration prevents automatic analyses performed by Microsoft after the user reports the email from being counted as user actions within a simulation campaign.
Available Reports
Once the functionality is integrated, phishing reports will be available in the following sections:
Audit > Campaign Detail, when an email belonging to a simulation campaign is reported.
Reports > Campaigns > Phishing Report Button.
Audit > Phishing Report Button.
Additionally, it is possible to generate Nudges and Interventions based on the reporting action performed by users.
| Important: the platform updates information from the Microsoft button every 10 minutes, so reports are not reflected in real time. |
💡 Best Practices
Validate all corporate domains before enabling the integration.
Complete the false positive configuration to avoid distorted metrics.
Inform users that reports may take a few minutes to be reflected.
Use reports and Nudges to reinforce learning after phishing reports.