• We’re excited to announce that we’ve added a new feature that will allow the PAB to recognize training notifications in the Phish Alert section of your account settings. Enabling this setting will prevent the PAB from reporting any training email from KnowBe4 with a valid training notification ID (TNID). For more information, see our Phish Alert Button (PAB) Product Manual.

• We’re excited to share that we’ve combined the Hybrid and Graph Phish Alert Buttons (PABs), along with their manuals, to provide a more streamlined experience. As a result, the Graph PABs guides and information will now be included in the Hybrid Phish Alert Button (PAB) Product Manual.

• We’ve updated the Hybrid Phish Alert Button (PAB) to support Nested App Authentication single sign-on (NAA-SSO). The NAA-SSO version of the Hybrid PAB will support installation for shared mailboxes. For more information, see our Update to Nested App Authentication Single Sign-On (NAA-SSO) for the Phish Alert Button (PAB) article.

• We've updated the Hybrid PAB to support the Add the reported message's headers to the forwarded message's body feature. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the User Comments and Disposition feature! Admins can now set a default disposition and customize the options that users will see when they are selecting a reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've added the Send email headers as TXT attachments feature! When you send a copy of a reported message, you can now include a separate text file attachment containing the headers of the reported message. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the Hybrid PAB to support emails with larger attachments. When the Hybrid PAB uses REST APIs, you can now send file attachments up to 25 MB.

• We've added the ability to submit reported emails directly to Microsoft 365 Defender’s Submissions page. For more information, see our How to Integrate Microsoft Defender for Office 365 with the Phish Alert Button (PAB) article.

• We've modified the way PAB handles read receipts. PAB will actively remove the read receipt flag when a user reports an email. With this flag removed, threat actors will not be informed if the email was read, nor will they know if the email address is active.

• We've updated the PAB's architecture from Vue2 with Webpack 3 to Vanilla HTML, CSS, and Javascript with Webpack 5. This update resolves Webpack security issues, removes and replaces libraries that had vulnerabilities, and improves the UI design and text. The updated UI text now supports languages that read from right to left, like Hebrew, and it improves the PAB's accessibility and ADA compliance.

• We've added an integration for the Hybrid PAB and Microsoft Defender for Office 365! When the Enable Microsoft 365 Defender Integration setting is enabled in your KSAT Account Settings, the PAB will send a copy of reported emails to Microsoft 365 Defender’s Submissions page for analysis. For more information, see our How to Integrate Microsoft Defender for Office 365 with the Phish Alert Button (PAB) article.

• We've released the Exclude original body text from reported emails feature, which allows you to send a copy of a reported email without body text. For more information, see our Phish Alert Button (PAB) Product Manual

• We've updated the User Comments and Disposition feature. Admins can now specify different email recipients based on the reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the Hybrid PAB to support the user comments and email disposition features for Microsoft Exchange servers. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.

• We've updated the Hybrid PAB so that when an email is sent out by the PAB, it will only have one attached EML file.

• We’ve improved the formatting of the email response message. When an email is reported, the email response message displays a simplified “NotificationDialog” URL in the pop-up window.

• We've improved the security of header validation. Now, the Hybrid PAB can use Campaign Recipient ID (CRID) validation to detect whether an email that is marked with a training header is a simulated phishing email or a legitimate threat.

• We've added a feature that allows your users to add comments and decide the disposition of an email. These features can be used together to give your security team a warning about suspicious emails and the types of threats the emails may pose. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.

• We've released the Autofill Phishing Languages with PAB Locale feature. This feature allows the PAB to autofill your users' profiles with their preferred phishing language if that field is left blank. For more information, see our Phish Alert Button Product Manual and our Localization Guide.

• We've released an email forwarding feature, which allows emails to be forwarded to services that require email forwarding, such as Proofpoint. For more information, see our Phish Alert Button Product Manual.

• We've updated the Hybrid PAB to support the Canada KSAT URL in the manifest files. This new update does not require existing Hybrid PAB users to reinstall the PAB.

• We've improved the MAPI Properties of MSG attachments.
• We've included bug fixes for the Forward email prefix, Send a test, and the Unicode character support for attachment filenames.

• We've released the Hybrid PAB for Microsoft 365. The Exchange server can automatically detect your users’ mail client and backend server to configure the best version of the PAB for their environment.

• We’re excited to announce that we’ve added a new feature that will allow the PAB to recognize training notifications in the Phish Alert section of your account settings. Enabling this setting will prevent the PAB from reporting any training email from KnowBe4 with a valid training notification ID (TNID). For more information, see our Phish Alert Button (PAB) Product Manual.

February 12, 2025

• We’ve updated the Microsoft Ribbon Phish Alert Button (PAB) to support Nested App Authentication single sign-on (NAA-SSO). The NAA-SSO version of the Microsoft Ribbon PAB will support installation for shared mailboxes. For more information, see our Update to Nested App Authentication Single Sign-On (NAA-SSO) for the Phish Alert Button (PAB) article.

January 28, 2025

• We've updated the Microsoft Ribbon PAB to support the Add the reported message's headers to the forwarded message's body feature. For more information, see our Phish Alert Button (PAB) Product Manual.

• We’ve updated the fallback mechanism for the Microsoft Ribbon PAB. This updated manifest will now allow the Microsoft Ribbon PAB to switch from the Graph API to the Rest API whenever it is in an environment that does not support the Microsoft Ribbon PABs Graph API. For more information, see our Microsoft Ribbon Phish Alert Button Product Manual.

• We've updated the User Comments and Disposition feature! Admins can now set a default disposition and customize the options that users will see when they are selecting a reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've added the Send email headers as TXT attachments feature! When you send a copy of a reported message, you can now include a separate text file attachment containing the headers of the reported message. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the Microsoft Ribbon PAB to remove the unwanted More Info section from the manifest file.

• We’ve released the Microsoft Ribbon PAB! You can now configure KnowBe4’s PAB with Microsoft’s integrated spam-reporting add-in. The integrated PAB will appear in the Home toolbar in your users' Outlook mail client ribbon, and it will allow your users to report suspicious emails to both the Microsoft 365 Defender platform and the KSAT console. For more information, see our Microsoft Ribbon Phish Alert Button Product Manual.

• We've updated the PAB for Outlook to support the Add the reported message's headers to the forwarded message's body feature. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the PAB for Outlook to improve the security for automatic updates.

• We've released an updated version of the PAB for Outlook! We've updated a support library and improved the security for automatic updates to the PAB.
• We've resolved an issue causing the PAB to incorrectly create EML file attachments for some reported emails.
• We've added the ability to submit reported emails directly to Microsoft 365 Defender's Submissions page. For more information, see our Integrate Microsoft Defender for Office 365 with the Phish Alert Button (PAB) article.

• We’ve implemented a bug fix for how the PAB for Outlook sends attachments. When Outlook is configured to prevent emails from being stored on the disk, the PAB will attach original emails in EML files.
• We’ve also updated the PAB to use a proxy server when one is specified during installation, and to use the current user’s proxy settings when a proxy server is not specified.

• We've updated the PAB for Outlook to support the integration with Microsoft Defender for Office 365! When the Enable Microsoft 365 Defender Integration setting is enabled in your KSAT Account Settings, the PAB will send a copy of reported emails to Microsoft 365 Defender’s Submissions page for analysis. For more information, see our How to Integrate Microsoft Defender for Office 365 with the Phish Alert Button (PAB) article.
• We've also updated the PAB to support the Exclude original body text from reported emails feature, which allows you to send a copy of a reported email without body text. For more information, see our Phish Alert Button (PAB) Product Manual.
• We’ve implemented bug fixes for how the PAB responds to automatic updates, and how the PAB sends headers in EML attachments to PhishER.
• We've improved the installation process for the PAB so that a proxy server will successfully validate a license key. We've also improved the process for troubleshooting PAB errors.

• We've updated the User Comments and Disposition feature. Admins can now specify different email recipients based on the reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual. We've also updated the .NET Framework from 4.5.1 to 4.7.2.
• We’ve implemented a bug fix to resolve an issue causing Outlook to disconnect from Microsoft Exchange or Microsoft 365 when certain conditions are met.

• We've updated the PAB for Outlook to support the user comments and email disposition features. These features can be used together to give your security team a warning about suspicious emails and the types of threats the emails may pose. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.

• We've implemented minor bug fixes and updated the PAB to support instances of KSAT.

• We’ve released an updated version of the PAB for Outlook, which will automatically update for existing users. We’ve reduced the size of the installer kit and reduced the length of time needed to start Outlook. We’ve also implemented a bug fix for downloading the PAB icon after it has been configured in your KSAT Account Settings.

• We've improved the security of header validation. Now, the PAB for Outlook can use Campaign Recipient ID (CRID) validation to detect whether an email that is marked with a training header is a simulated phishing email or a legitimate threat.

• We've released the EXE version of the PAB for Outlook. This version of the PAB uses an EXE file instead of an MSI file and supports automatic updates. For more information, see our Outlook (EXE Version) Phish Alert Button Product Manual.

• Starting July 1st, 2022, we will no longer support versions of the PAB older than version 1.2.30 that use TLS 1.0. For more information, see our End of Support for Phish Alert Buttons Using TLS 1.0 article.

• We've update the PAB for Outlook to allow it to communicate with the Canada instance upon installation.
• We've updated some core libraries that were responsible for generating .eml files.
• We've enabled a debugging option that allows the PAB for Outlook to generate multiple formats for attachment files. For more information, see our How to Enable PAB's Debug Mode article.
• We've implemented a minor bug fix for how the PAB consumes and parses the KSAT server's responses.

• We've updated the PAB for Outlook to allow PAB for Outlook to be installed without network connection or using a network incapable account to install. If the PAB for Outlook is installed or uninstalled without a network connection, it will not be able to increment or decrement the installed devices count.
• We've updated the PAB for Outlook so that when an email is sent out by the PAB, it will only have one attached EML file. The email content will no longer contain inline images.

• We've updated the PAB for Outlook to support Outlook 2010 and later. We have also removed the .NET4.0 requirement from our installation process. 

• We've updated the PAB for Outlook to include a security update.

• We've updated the PAB for Outlook to support the new email forwarding feature. If no forwarding email addresses are set in the PAB configurations but want copies of emails to be sent to KnowBe4, the KnowBe4 email address is used as a To - recipient.
• We've updated the PAB for Outlook to change the source.eml file to phish_alert_sp2_2.0.0.0.eml for Microsoft 365 PAB users. We will be using this naming convention from now on, as it allows PhishER to identify PAB emails and provide better support.
• In the installer, we've implemented minor bug fixes for the PAB icon appearing pixelated or not displaying as expected. These fixes also correct a problem during remote installation with LANDESK.
• We've updated the EV certificate to now expire in two years.
• We've improved the overall user experience and integration with Microsoft Outlook.
• We've improved the PAB for Outlook to use the 64bit version of a support library when it is installed on a system running 64bit-Microsoft Outlook on 64bit Windows.

• We've implemented minor bug fixes and process improvements to support the PAB for Outlook on Windows 10 machines.

• We've updated the PAB for Outlook to support future PAB features.

• We've fixed a Hash Error message on some versions of Outlook.

• We've fixed an uncommon error with signature enforcement.

• We've fixed the issue of TLS 1.0/1.1 being disabled.

• We've fixed the issue of the PAB for Outlook appearing twice in the drop-down for Outlook 2010.
• We've fixed log files for users of the PAB for Outlook. Log files will be located in C:\Users<username>\AppData\Roaming\KnowBe4\Phish Alert.

• We've fixed the ADX Loader - Error code: 0x80131022 error.

• We've fixed a Failed to parse response error and an uncommon error where the PAB is unclickable.

• We've fixed the issue of the Outlook Ribbon disappearing.

• We've updated some of the libraries we use for the PAB for Outlook to the current versions.

• We've included a bug fix to support scaled fonts. This is for high-resolution devices, such as the Microsoft Surface, that have font scaling. 
• We've added support for a debug log.

• Now, some of the PAB DLLs have been signed so there are no more security warnings in tight security environments. 

• We’ve made improvements to this PABs automatic activation functionality and added an option to reset all user data.

• We've updated the User Comments and Disposition feature! Admins can now set a default disposition and customize the options that users will see when they are selecting a reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the User Comments and Disposition feature. Admins can now specify different email recipients based on the reported email's disposition. For more information, see our Phish Alert Button (PAB) Product Manual.

• We've updated the Gmail Add-on PAB to support the user comments and email disposition features. These features can be used together to give your security team a warning about suspicious emails and the types of threats the emails may pose. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.

• We've added support for email forwarding from the Gmail Add-on PAB.
• We've improved the security of header validation. Now, the Gmail Add-on PAB can use Campaign Recipient ID (CRID) validation to detect whether an email that is marked with a training header is a simulated phishing email or a legitimate threat.

• We've released our new automatic activation feature for the Gmail Add-on PAB. With this features, users will no longer need to manually activate their PAB with a license key, and Magic Mail will not be required for users. For more information, see our How to Use Automatic Activation for the Gmail Add-on Phish Alert Button (PAB) article.

• We've updated the Gmail Add-on PAB to migrate the code from using a Contacts API to People API. For more information, see Google's Contacts API Migration Guide article.
• We've updated the PAB to support Magic Mail and manual registration for the Canada instance of the KSAT platform.

• We've released the Gmail Add-on PAB for Google Workspace.

• We've fixed a bug from a Chrome update that prevented the PAB from displaying.

• We've fixed a bug that caused an error message to display when users clicked the PAB icon on the Chrome toolbar, or required users to reload a Gmail tab to display the Chrome Extension PAB.

• The Chrome Extension PAB now supports Google Chrome Manifest v3. The manifest file will automatically update for existing users.

• We've improved the security of header validation. Now, the Chrome Extension PAB can use Campaign Recipient ID (CRID) validation to detect whether an email that is marked with a training header is a simulated phishing email or a legitimate threat.
• We've improved the response messages functionality for the Chrome Extension PAB. When emails are reported with the PAB, response messages are not displayed unless they are enabled in KSAT.

• We've included a minor bug fix that reloads configuration data when a new Gmail tab is opened.

• We've updated the OAuth consent configuration to add "https://googleapis.com/auth/userinfo.profile".
• We've fixed a bug that caused the Report By field to not populate in PhishER.

• We've fixed a bug that caused the hover-over prompt to display when the cursor was over the Labels button.

• We've updated the Google Suite PAB to send a copy of the reported email as a BBC when copying both the US and EU KnowBe4 email addresses.
• We've updated the Google Suite PAB to support showing the full body of the original email instead of sending the original email as an attachment when an email is forwarded.
• We've updated the Google Suite PAB to change the source attachment name in order for the email to be targeted by PhishER.

• We've added the option to set the length of time that the users see the message when they report an email using the Google PAB. You can change the response duration from your Account Settings page under the Phish Alert section.

• We've fixed the bug that caused the loading of the PAB icon to constantly load.

• We've updated the Google Suite PAB to remove unwanted URLs and domains from the manifest file and to stop PAB from running when it is not configured in the domain.

• We've updated the Google Suite PAB to support the new dynamic confirmation and thank you message features found on the Account Settings page.