Hybrid PAB

Hybrid Phish Alert Button (PAB) Product Manual

The Hybrid Phish Alert Button (PAB) for Microsoft 365 and Microsoft Exchange allows your users to easily report suspicious emails and help protect your organization from cyber attacks. When your users click the PAB to report an email, they can provide your IT team with an early warning about potential threats.

The Hybrid PAB detects your users’ mail clients and automatically configures the best version of the PAB for each user. To learn how to install the Hybrid PAB and how your users can use the PAB in their mail clients, see the sections below.

Tip: If you use the Phishing feature in our KMSAT console, the Hybrid PAB will also track if your users report our simulated phishing emails. You can use this feature to see which users successfully identify potential threats.

Prerequisites

Before you can install the Hybrid PAB for your organization, your organization will need to have one of the following mail servers:

  • Microsoft Exchange 2013 version 15.0.847.32 (SP1), or a later version
  • Microsoft Exchange 2016 version 15.1.225.42 (RTM), or a later version
  • Microsoft Exchange 2019
  • Microsoft 365

You will also need to enable and configure the PAB from your KMSAT Account Settings before following the steps in this article. To learn how to enable and configure the PAB in your KMSAT account, see the Enable and Configure section of our Phish Alert Button (PAB) Product Manual

How to Install the Hybrid PAB

The method that you will use to install the Hybrid PAB for your organization will differ depending on whether you use Microsoft 365 or the Microsoft Exchange Admin Center. To learn how to install the Hybrid PAB using both of these methods, see the subsections below.

Important: The Hybrid PAB does not currently support installation for shared mailboxes. To use the PAB in shared mailboxes, you can install the Outlook (EXE version) PAB using group policy. For more information, visit our Outlook (EXE Version) Phish Alert Button Product Manual. You can also install the Graph API-capable Hybrid PAB, which is not released for production but is available on request. The Graph PAB uses Microsoft's Graph APIs and supports shared mailboxes. To enable the Graph PAB for your organization, please contact our support team. The Graph PAB is currently not available for the mobile app, because Microsoft does not support the Identity API v1.3 on mobile. For more information, visit our Graph API-capable Hybrid Phish Alert Button (Graph PAB) Product Manual.

How to Install the PAB for Microsoft 365

To install the PAB for Microsoft 365, follow the steps below: 

  1. Log in to your KMSAT account
  2. Click your email address at the top-right corner of the page. Then, select Account Settings.
  3. Navigate to Account Integrations > Phish Alert.
  4. Click the download icon next to the PAB manifest for Microsoft products option to download the PhishAlertManifest.xml file.
  5. Log in to your Microsoft 365 admin center account.
  6. From the menu on the left side of the page, click Settings.
  7. From the Settings drop-down menu, select Integrated apps.
  8. Click Add-ins at the top-right corner of the page. The Add-ins page will open.
  9. On the Add-ins page, click Deploy Add-In. The Deploy a new add-in pop-up window will open.
  10. In the pop-up window, click Next.
  11. Click Upload custom apps.
  12. Select the I have the manifest file (.xml) on this device option. Then, click Choose File and select the PhishAlertManifest.xml file that you downloaded in step 4.
  13. Click Upload to install the PAB. The Configure add-in pop-up window will open.
  14. From the pop-up window, select which users will have access to the PAB and which method you would like to use to deploy the PAB.
    Important: We recommend that you select Everyone to allow all users to access the PAB, and select the Fixed (Default) deployment method. For more information about the deployment methods, see Microsoft's Centralized Deployment FAQ article.
  15. Click Next, and additional app permissions will display.
  16. Once you have read the permissions, click Save. The Deploy Phish Alert pop-up window will open.
  17. Once the pop-up window displays a confirmation that the add-in successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about announcement recommendations from Microsoft. 
    Note: After you install and deploy the PAB, you might receive an email from your mail service provider that contains information you can use to help you announce the PAB add-in to your users. KnowBe4 does not send the email about the PAB's intended usage and benefits.
  18. Click Close to close the pop-up window.

How to Install the PAB in the Microsoft Exchange Admin Center

To install the PAB in the Microsoft Exchange Admin Center, follow the steps below: 

  1. Log in to your KMSAT account and click on your email address in the top-right corner of the page.
  2. Select Account Settings
  3. Navigate to Account Integrations > Phish Alert.
  4. Select the Enable Phish Alert check box.
  5. Download the PhishAlertManifest.xml file.
  6. In a new tab in your browser, log in to your Microsoft Exchange Admin Center account.
  7. Navigate to Exchange Admin Center > Organization > Add-ins.
    Important: If you are using Microsoft Exchange 2013 and you have a different Admin Center view, you will need to navigate to Exchange admin center > organization > apps.
  8. From the add-ins page, click the plus icon (+) and select Add from file.
  9. Click the Browse button and select the PhishAlertManifest.xml file that you downloaded in step 5 above.
  10. Click Next.
  11. Make sure that the Make this add-in available to users in your organization check box and the Mandatory, always enabled. Users can't disable this add-in. check box are selected.
  12. Click Save to finish the installation.
Note: The expected timeframe for the PAB to deploy is 24 hours, but timeframes can vary. For more information about deploying add-ins, see Microsoft's Deploy add-ins in the Microsoft 365 admin center article.

Hybrid PAB User Experience

Once installed, the Hybrid PAB will automatically detect your users’ mail clients and configure the best PAB for each user. The user experience will be different for each user depending on their specific mail client.

Tip: You can also add languages to the Hybrid PAB using our language-aware feature. To learn more about our language-aware feature, see our Adding Languages to the Phish Alert Button article.

If your users use the new version of Microsoft Outlook on the web, the Phish Alert button will appear in the Apps launcher on an open email. To access the Apps launcher, click the Apps icon in the top-right corner of an open email. If the PAB does not display in the Apps launcher, you can click Add apps. Then, locate and add the PAB add-in.

If your users use the new version of Microsoft Outlook on the desktop, they can also pin the PAB add-in to the toolbar at the top of an open email. To pin the add-in, click the ellipsis icon and select Customize actions. Or, navigate to Settings > Mail > Customize actions. Then, select the Phish Alert add-in and click Save. For more information about managing add-ins in Microsoft Office, visit Microsoft's Get an Office Add-in for Outlook article.

Important: To use the PAB in Microsoft Office, you must enable the Reading Pane. For more information about enabling the Reading Pane, see Microsoft's Use and configure the Reading Pane to preview messages article.

Your users can click the PAB in any of these mail clients to report suspicious emails. If you have enabled the user comments and disposition feature, your users can also add comments and select the disposition of the reported email. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.

When a user clicks the PAB, the reported email will be removed from their inbox and moved to their Sent Items folder as a forwarded email. If a user incorrectly reports an email, they can retrieve the email from their Deleted Items folder or Trash folder.

Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.

Can't find what you're looking for?

Contact Support