Microsoft Ribbon PAB

Last updated:

Microsoft Ribbon Phish Alert Button (PAB) Product Manual

Important:Starting February 17, 2025, Microsoft is deprecating legacy Exchange Online tokens. This deprecation may impact the functionality of the Microsoft Ribbon Phish Alert Button. The legacy Exchange Online tokens can be reenabled until June 2025. We recommend authorizing Graph APIs and NAA-SSO in your phish alert account settings before February 17, 2025 to prevent authentication issues once these legacy tokens are deprecated. For more information, see Microsoft’s Nested app authentication and Outlook legacy tokens deprecation FAQ.
Important:We have updated the fallback mechanism for the Microsoft Ribbon Phish Alert Button PAB. This updated manifest will now allow the Microsoft Ribbon PAB to switch from the Graph API to the Rest API whenever it is in an environment that does not support the Microsoft Ribbon PABs Graph API. You will need to update your XML manifest to implement the improved fallback mechanism.

The Microsoft Ribbon Phish Alert Button (PAB) allows your users to easily report suspicious emails and help protect your organization from cyberattacks. When you integrate the PAB with Microsoft's integrated spam-reporting feature, the PAB will appear in the Outlook ribbon. When your users click the PAB to report an email, they can provide your IT team with an early warning about potential threats. You can receive reported emails in the Microsoft 365 Defender platform and the KSAT console. To learn how to install the Microsoft Ribbon PAB and how your users can use the PAB in their mail clients, see the sections below.

Tip:If you use the phishing feature in the KSAT console, the Microsoft Ribbon PAB will also track if your users report our simulated phishing emails. You can use this feature to see which users successfully identify potential threats.

Prerequisites

Before you can install the Microsoft Ribbon PAB for your organization, your organization will need to have a Microsoft 365 mail server. The PAB is compatible with the following email clients and requirements:

  • Microsoft Outlook 365, version 2404 or later
  • New Microsoft Outlook for Windows
  • Microsoft Outlook Web App
Note:You will need a Microsoft 365 license to use the Microsoft Ribbon PAB on the Microsoft Outlook Web App.

You will also need to enable and configure the PAB from your KSAT console Account Settings before following the steps in this article. To learn how to enable and configure the PAB in your KSAT account, see the Enable and Configure section of our Phish Alert Button (PAB) Product Manual.

Important:The Microsoft Ribbon PAB does not support UI customization or the MSG file format. The Microsoft Ribbon PAB also does not currently support installation for shared mailboxes. To use the PAB in shared mailboxes, you can install the Outlook (EXE version) PAB using group policy. For more information, visit our Microsoft Outlook (EXE Version) Phish Alert Button Product Manual. You can also install the Graph API-capable Hybrid PAB, which is not released for production but is available on request. The Graph PAB uses Microsoft's Graph APIs and supports shared mailboxes. To enable the Graph PAB for your organization, please contact our support team. The Graph PAB is currently not available for the mobile app, because Microsoft does not support the Identity API v1.3 on mobile. For more information, visit our Graph API-capable Hybrid Phish Alert Button (Graph PAB) Product Manual.

How to Install the PAB for Microsoft 365

Important:If you are updating the XML manifest file, you must remove the existing installation of the Microsoft Ribbon Phish Alert Button (PAB) from Microsoft 365. Once the existing Microsoft Ribbon PAB is deleted from Settings > Integrated Apps in Microsoft 365, you can follow the steps listed below to install the updated XML manifest file.

To install the PAB for Microsoft 365, follow the steps below: 

  1. Log in to your KSAT console.
  2. Click your email address in the top-right corner of the page, and select Account Settings.
  3. Navigate to Account Integrations > Phish Alert.
  4. Click Accept Microsoft Permissions to Authorize GRAPH APIs for the PAB. You will be redirected to the Microsoft 365 login page.
    Note:If you don't authorize Graph APIs, you can still download and deploy the Microsoft Ribbon PAB. The PAB will automatically adjust to use Microsoft's deprecated REST APIs. We recommend that you authorize Graph APIs so that you can continue to use the PAB after the REST APIs are fully deprecated in 2025.

  5. Log in to your Microsoft 365 account using your admin credentials.
  6. Once you log in, the Permissions requested pop-up window will display. Read the permissions, then click Accept.
  7. Once you accept the permissions, the GRAPH Authorization Successful window will display. Click Back to PAB Configuration to return to the Phish Alert settings.
  8. Click the download icon below the Microsoft Ribbon Phish Alert Button option to download the PhishAlertManifestMSR.xml file.
  9. In a new tab of your browser, log in to your Microsoft 365 admin center.
  10. From the menu on the left side of the page, click Settings.
  11. From the Settings drop-down menu, select Integrated apps.
  12. Click Add-ins at the top-right corner of the page. The Add-ins page will open.
  13. On the Add-ins page, click Deploy Add-In. The Deploy a new add-in pop-up window will open.
  14. In the pop-up window, click Next.
  15. Click Upload custom apps.
  16. Select the I have the manifest file (.xml) on this device option. Then, click Choose File and select the PhishAlertManifestMSR.xml file that you downloaded in step 8.
  17. Click Upload to install the PAB. The Configure add-in pop-up window will open.
  18. From the pop-up window, select which users will have access to the PAB and which method you would like to use to deploy the PAB.
    Note:We recommend that you allow all users to access the PAB. We also recommend that you use the Fixed deployment method.

  19. Click Next, and additional app permissions will display.
  20. Once you have read the permissions, click Save. The Deploy Phish Alert pop-up window will open.
    Note: The expected timeframe for the PAB to deploy is 24 hours, but timeframes can vary. For more information about deploying add-ins, see Microsoft's Deploy add-ins in the Microsoft 365 admin center article.

  21. Once the pop-up window displays a confirmation that the add-in successfully deployed, click Next. The Announce add-in pop-up window will open and display a message about announcement recommendations from Microsoft.
    Note:After you install and deploy the PAB, you might receive an email from your mail service provider that contains information you can use to help you announce the PAB add-in to your users. KnowBe4 does not send the email about the PAB's intended usage and benefits.
  22. Click Close to close the pop-up window.

Updating and Reinstalling the PAB

If you have installed the PAB, you may need to reinstall the manifest file if you make changes to any of the following KSAT console Account Settings:

  • Icon
  • Enable Microsoft 365 Defender Integration
  • Comments & Disposition Settings (either enabling or disabling the overall feature or the Disable Unknown Email Disposition setting)
  • Confirmation Message
  • Add Language
  • Remove Language

Microsoft Ribbon PAB User Experience

Once installed, the Microsoft Ribbon PAB will appear in the Outlook mail client's Home toolbar in the Report section. Your users can report an email directly from their Inbox or open and report the email in Outlook's Reading Pane.

Tip:You can also add languages to the Microsoft Ribbon PAB using our language-aware feature. To learn more about our language-aware feature, see our Phish Alert Button (PAB) Language Aware Feature Guide article.

If you have enabled the user comments and disposition feature, your users can also add comments and select the disposition of the reported email. For more information, see our Phish Alert Button (PAB) User Comments and Email Disposition Guide article.

When a user clicks the PAB and clicks Report in the PAB pop-up window, the reported email will be removed from their inbox and moved to their Sent Items folder as a forwarded email. Then, the user can close the PAB pop-up window. If a user incorrectly reports an email, they can retrieve the email from their Deleted Items folder or Trash folder.

Note:The Microsoft Ribbon PAB will not appear in Outlook's reading pane for certain environments, such as mobile devices. Instead, the Microsoft Ribbon PAB will have the same user experience as our Hybrid PAB in such cases.

Can't find what you're looking for?

Contact Support