Hybrid PAB Product Manual
The Hybrid Phish Alert Button (PAB) for Microsoft 365 and Microsoft Exchange allows your users to easily report suspicious emails and help protect your organization from cyber attacks. When your users click the PAB to report an email, they can provide your IT team with an early warning about potential threats.
The Hybrid PAB detects your users’ mail clients and automatically configures the best version of the PAB for each user. To learn how to install the Hybrid PAB and how your users can use the PAB in their mail clients, see the sections below.
Note: File attachment limits vary based on the version installed for each user. For more information about the attachment limits for each version, see this section of our FAQ: Phish Alert Button (PAB) article.
Jump to:
Prerequisites
How to Install the Hybrid PAB
- How to Install the PAB in Microsoft 365
- How to Install the PAB in the Microsoft Exchange Admin Center
Prerequisites
Before you can install the Hybrid PAB for your organization, your organization will need to have one of the following mail servers:
- Microsoft Exchange 2013 version 15.0.847.32 (SP1), or a later version
- Microsoft Exchange 2016 version 15.1.225.42 (RTM), or a later version
- Microsoft Exchange 2019
- Microsoft 365
You will also need to enable and configure the PAB from your KMSAT Account Settings before following the steps in this article. To learn how to enable and configure the PAB in your KMSAT account, see the Enable and Configure section of our Phish Alert Button (PAB) Product Manual.
How to Install the Hybrid PAB
The method that you will use to install the Hybrid PAB for your organization will differ depending on whether you use Microsoft 365 or the Microsoft Exchange Admin Center. To learn how to install the Hybrid PAB using both of these methods, see the subsections below.
How to Install the PAB for Microsoft 365
To install the PAB for Microsoft 365, follow the steps below:
- Log in to your KMSAT account and click on your email address in the top-right corner of the page.
- Select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- Download the PhishAlertManifest.xml file.
- Log in to your Microsoft 365 admin center account.
- From the menu on the left side of the page, click Settings.
- Select Integrated Apps.
- Select Add-ins at the top-right corner of the page. When you click Add-ins, the Add-ins page will open.
- On the Add-ins screen, click Deploy Add-In.
- Click Next.
- From the Deploy a new add-in window, click Upload custom apps.
- In the Upload Apps to deploy pop-up window that opens, select the PhishAlertManifest.xml file that you downloaded in step 4 above.
- Click Next to install the PAB.
- Select which users will have access to the PAB and which method you would like to use to deploy the PAB.
How to Install the PAB in the Microsoft Exchange Admin Center
To install the PAB in the Microsoft Exchange Admin Center, follow the steps below:
- Log in to your KMSAT account and click on your email address in the top-right corner of the page.
- Select Account Settings.
- Navigate to Account Integrations > Phish Alert.
- Select the Enable Phish Alert check box.
- Download the PhishAlertManifest.xml file.
- In a new tab in your browser, log in to your Microsoft Exchange Admin Center account.
- Navigate to Exchange Admin Center > Organization > Add-ins.
Note: If you are using Microsoft Exchange 2013 and you have a different Admin Center view, you will need to navigate to Exchange admin center > organization > apps.
- From the add-ins page, click the plus icon (+) and select Add from file.
- Click the Browse button and select the PhishAlertManifest.xml file that you downloaded in step 5 above.
- Click Next.
- Make sure that the Make this add-in available to users in your organization check box and the Mandatory, always enabled. Users can't disable this add-in. check box are selected.
- Click Save to finish the installation.
Hybrid PAB User Experience
Once installed, the Hybrid PAB will automatically detect your users’ mail clients and configure the best PAB for each user. The user experience will be different for each user depending on their specific mail client.
If your users use Microsoft Outlook for Windows, they can click the Phish Alert button in the Home tab of the toolbar at the top of an opened email. Then, the PAB will display in the toolbar on the right side of the opened email.
If your users use Microsoft Outlook for Mac, Microsoft 365, or check their email in their browser, the PAB will display in the toolbar on the far-right side of the page.
Note: If your users use Microsoft Outlook for Mac, they can also find the PAB by clicking the ... button in the toolbar at the top of the opened email. If your users would like to add the PAB to the toolbar at the top of the opened email, they can click the Customize Toolbar… button.
Your users can also customize their Microsoft Outlook settings to automatically display the Phish Alert button as an action on a message. From the View tab, they can navigate to View settings > Mail > Customize actions and select the Phish Alert button in the Message surface section. Then, the PAB will display in the top-right corner of a message. For more information about this setting, see Microsoft's Customize actions on your messages in Outlook.com article.
Your users can click the PAB in any of these mail clients to report suspicious emails. If you have enabled the user comments and disposition feature, your users can also add comments and select the disposition of the reported email. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.
When a user clicks the PAB, the reported email will be removed from their inbox and moved to their Sent Items folder as a forwarded email. If a user incorrectly reports an email, they can retrieve the email from their Deleted Items folder or Trash folder.
Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.
Comments
0 comments
Article is closed for comments.