If you're a PhishER Plus customer, you can use Global PhishRIP to remove email threats from users' inboxes before they are reported in your organization. Global PhishRIP uses criteria from multiple sources to find and remove similar email threats from your users' inboxes automatically. With this feature, you can help prevent active phishing attacks from entering any inboxes associated with your Microsoft 365 and Google Workspace mail servers.
To enable Global PhishRIP, see the steps below:
- Log in to your PhishER console.
- Navigate to Settings > PhishRIP.
- Turn on the Enable Global PhishRIP toggle.
- (Optional) Select the Automatically quarantine all found messages check box. This option will move similar emails to the Quarantine folder in the inboxes where they were discovered.
- Click Save.
Global Blocklist Integration with Microsoft 365
Global PhishRIP can utilize Global Blocklist criteria when connected to your Microsoft 365 mail server. To implement this integration, both the PhishRIP and Global Blocklist features must be enabled in your environment. For more information, see our PhishRIP Guide and Global Blocklist Guide.
Your mail server will use criteria from active Global Blocklist entries to find similar emails that your users received during the last 72 hours. Global PhishRIP queries will only be created from Global Blocklist entries that use sender or URL attributes.
Global PhishRIP Queries
Your Global PhishRIP queries will display along with other PhishRIP queries on the PhishRIP Queries page. KnowBe4 - Global PhishRIP will display in the Originator column for Global PhishRIP queries. 
For more information, see the PhishRIP Queries section of our PhishRIP Guide.