The Hybrid Phish Alert Button (PAB) for Microsoft 365 and Microsoft Exchange allows your users to easily report suspicious emails and help protect your organization from cyberattacks. When your users click the PAB to report an email, they can provide your IT team with an early warning about potential threats.
The Hybrid PAB detects your users’ mail clients and automatically configures the best version of the PAB for each user. To learn how to install the Hybrid PAB and how your users can use the PAB in their mail clients, see the sections below.
Prerequisites and Limitations
Before you can install the Hybrid PAB for your organization, your organization will need to have one of the following mail servers:
- Microsoft Exchange 2013 - version 15.0.847.32 (SP1), or a later version
- Microsoft Exchange 2016 - version 15.1.225.42 (RTM), or a later version
- Microsoft Exchange 2019
- Microsoft 365
- Microsoft Outlook 2016, 2019, and 2021 for Mac:
- Exchange 2016
- Exchange 2019
- Microsoft 365
If you have a proxy server, a connection to the following is needed to bypass the proxy server or proxy authentication:
- outlook.office365.com
- outlook.office.com
- us.pab.knowbe4.com, eu.pab.knowbe4.com, or ca.pab.knowbe4.com
The domain used will depend on where your KnowBe4 account is located.
You will also need to enable and configure the PAB from your KnowBe4 console Account Settings before following the steps in this article. To learn how to enable and configure the PAB in your KnowBe4 account, see the Enable PAB section of our Phish Alert Button (PAB) Product Manual.
Installing the Hybrid PAB for Microsoft 365
To install the Hybrid PAB in Microsoft 365, follow the steps below:
Accepting Required Permissions
Before installing the Hybrid PAB for Microsoft 365, follow the steps below:
- Log in to your KSAT console.
- Click on your email address in the top-right corner of the page, and select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- Select the Enable Phish Alert check box.
- From the Select PAB Version drop-down menu, select Hybrid PAB.
- Click Accept Microsoft Permissions to Authorize GRAPH APIs for the PAB. You will be redirected to the Microsoft 365 login page.
- Log in to your Microsoft 365 account using your admin credentials.
- Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.
- Once you accept the permissions, the GRAPH Authorization Successful window will display. Click Back to PAB Configuration to return to the Phish Alert settings.
- Click Authorize NAA-SSO for GRAPH APIs and repeat steps 6 through 9.
Installing the Hybrid PAB for Microsoft 365
Follow the steps below to install the Hybrid PAB for Microsoft 365:
- Click the download icon next to the PAB manifest for Microsoft products option to download the PhishAlertManifest.xml file.
Note:Each Phish Alert Button (PAB) XML manifest file is unique to the KSAT console based on where it's downloaded. So, if you manage multiple KSAT consoles, you'll need to download and install the correct manifest file for each console separately.
- In a new tab of your browser, log in to your Microsoft 365 admin center.
- From the menu on the left side of the page, click Settings.
- From the Settings drop-down menu, select Integrated apps.
- Click Add-ins at the top-right corner of the page. The Add-ins page will open.
- On the Add-ins screen, click Deploy Add-In. The Deploy a new add-in pop-up window will open.
- In the pop-up window, click Next.
- Click Upload custom apps.
- Select the I have the manifest file(.xml) on this device option. Then, click Choose File and select the PhishAlertManifest.xml file.
- Click Upload to install the PAB. The Configure add-in pop-up window will open.
- From the pop-up window, select which users will have access to the PAB and which method you would like to use to deploy the PAB.
Important:We recommend allowing all users to access the PAB and using the Fixed deployment method.
- Click Next, and additional app permissions will display.
- Once you have read the permissions, click Save. The Deploy Phish Alert pop-up window will open.
- Once the pop-up window displays a confirmation that the add-in has successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about Microsoft’s announcement recommendations.
Note:After you install and deploy the PAB, you might receive an email from your mail service provider that contains information you can use to help you announce the PAB add-in to your users. KnowBe4 does not send the email about the PAB's intended usage and benefits.
- Click Close.
Installing the PAB in the Microsoft Exchange Admin Center
To install the PAB in the Microsoft Exchange Admin Center, follow the steps below:
Accepting Required Permissions
Before installing the Hybrid PAB for Microsoft 365, follow the steps below:
- Log in to your KnowBe4 console.
- Click on your email address in the top-right corner of the page, and select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- Select the Enable Phish Alert check box.
- From the Select PAB Version drop-down menu, select Hybrid PAB.
- Click Accept Microsoft Permissions to Authorize GRAPH APIs for the PAB. You will be redirected to the Microsoft 365 login page.
- Log in to your Microsoft 365 account using your admin credentials.
- Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.
- Once you accept the permissions, the GRAPH Authorization Successful window will display. Click Back to PAB Configuration to return to the Phish Alert settings.
- Click Authorize NAA-SSO for GRAPH APIs and repeat steps 6 through 9.
Installing the Hybrid PAB in the Microsoft Exchange Admin Center
Follow the steps below to install the Hybrid PAB in the Microsoft Exchange Admin Center:
- Click the download icon next to the PAB manifest for Microsoft products option to download the PhishAlertManifest.xml file.
Note:Each Phish Alert Button (PAB) XML manifest file is unique to the KSAT console based on where it's downloaded. So, if you manage multiple KSAT consoles, you'll need to download and install the correct manifest file for each console separately.
- In a new tab in your browser, log in to your Microsoft Exchange Admin Center account.
- Navigate to Exchange Admin Center > organization > add-ins.
Important:If you are using Microsoft Exchange 2013 and you have a different Admin Center view, you will need to navigate to Exchange admin center > organization > apps.
- From the add-ins page, click the plus icon (+) and select Add from file.
- Click Choose File and select the PhishAlertManifest.xml file.
- Click Next.
- Make sure that the Make this add-in available to users in your organization check box and the Mandatory, always enabled. Users can't disable this add-in. check box are selected.
- Click Save to finish the installation.
Installing to Shared Mailboxes
The Hybrid PAB supports installation for shared mailboxes. This feature requires that Graph API and Nested App Authentication single sign-on (NAA-SSO) permissions are authorized in your Microsoft 365 tenant. See steps 6 through 10 in the Accepting Required Permissions section above for instructions on how to authorize these permissions.
Prerequisites for Shared Mailbox Installation
Make sure you meet the requirements below to install the PAB for a shared mailbox:
- Your mail environment must support the Outlook add-in API requirement set 1.8.
- The PAB XML manifest you are using must have the following line: <SupportsSharedFolders>true</SupportsSharedFolders>
Hybrid PAB User Experience
Once installed, the Hybrid PAB will automatically detect your users’ mail clients and configure the best PAB for each user. The user experience will be different for each user depending on their specific mail client.
In the new version of Microsoft Outlook for Windows, you can pin the PAB add-in to the toolbar at the top of an open email. To pin the add-in, click the ellipsis icon (...) and select Customize actions. Or, you can also navigate to Settings > Mail > Customize actions. Then, select the Phish Alert add-in and click Save. When you open an email, you can click the PAB icon that displays on the toolbar. For more information about managing add-ins, visit Microsoft's Get an Office Add-in for Outlook article.
In the new version of Microsoft Outlook on the web, you can click the Phish Alert button that displays in the Apps launcher on an open email. To access the Apps launcher, click the Apps icon in the top-right corner of an open email. If the PAB does not display in the Apps launcher, you can click Add apps to open the Apps Store. From the Apps drop-down menu, click the Built for your org subtab to view the optional add-ins that your organization has approved. If the PAB add-in is available, you can select Phish Alert and click Add. Then, the PAB will display in the Apps launcher.
In the classic version of Microsoft Outlook for Windows, you can click the Phish Alert button in the Home tab of the toolbar at the top of an open email. Then, the PAB will display in the toolbar on the right side of the email.
In Microsoft Outlook for Mac, you can click the PAB add-in that displays in the toolbar on the right side of the page. You can also find the PAB by clicking the ellipsis icon (...) in the toolbar at the top of an open email. To pin the PAB add-in to the toolbar, click the Customize Toolbar… button.
Your users can click the PAB in any of these mail clients to report suspicious emails. When a user clicks the PAB, the reported email will be removed from their inbox and moved to their Sent Items folder as a forwarded email. If a user incorrectly reports an email, they can retrieve the email from their Deleted Items folder or Trash folder.
Updating and Uninstalling the Hybrid PAB
The method that you will use to uninstall the Hybrid PAB for your organization will differ depending on whether you use Microsoft 365 or the Microsoft Exchange Admin Center. If you need to redeploy the PAB XML manifest file, we recommend first removing your existing PAB installation.
Updating the Hybrid PAB for Microsoft 365
To update the Hybrid PAB for Microsoft 365, follow these steps:
- Log in to your KSAT console.
- Click on your email address in the top-right corner of the page, and select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- From the Select PAB Version drop-down menu, select Hybrid PAB.
- Click the download icon next to the PAB manifest for Microsoft products option to download the PhishAlertManifest.xml file.
- Go to Settings > Integrated Apps > Add-ins in your Microsoft 365 admin center.
- Find your PAB add-in in the list.
- Select the add-in and click Update add-in.
- Upload your updated PhishAlertManifest.xml file.
Uninstalling the Hybrid PAB for Microsoft 365
To uninstall the Hybrid PAB for Microsoft 365, follow these steps:
- Go to Settings > Integrated Apps > Add-ins in your Microsoft 365 admin center.
- Find your PAB add-in in the list.
- Select the add-in and click Remove app.
Uninstalling the Hybrid PAB for the Exchange Admin Center
If you need to redeploy the PAB XML manifest file, we recommend first removing your existing PAB installation. To uninstall the Hybrid PAB, follow these steps:
- Go to Organization > Add-ins in your Exchange admin center.
- Find your PAB add-in in the list.
- Select the add-in and click Remove app.