How to Install and Use the Phish Alert Button for the Outlook Mobile App (iOS and Android) and Microsoft 365
Note:
Starting May 10, 2021, the ExchangeManifest and M365Manifest files will be combined into a single file, PhishAlertManifest, for an easier installation process. For more information on this new process, please see our Hybrid Phish Alert Button Product Manual.
The Phish Alert Button (PAB) add-in for the Microsoft Outlook mobile app (iOS and Android) and Microsoft 365 gives your end-users the ability to report suspicious emails from not only their computer but also from their mobile inbox. This empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails.
Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails.
We encourage you to inform all of your users of this tool before making it accessible. Below are helpful resources that you can use to assist with your implementation of the PAB:
- Best Practices for PAB Implementation (For admins)
- How Do I Use the Phish Alert Button for Microsoft 365? (For end-users)
For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.
Note:
For more information on PAB's compatibility with different mail clients and servers, see our PAB Compatibility Matrix.
Jump to:
Installation Prerequisites
How to Install
How to Uninstall
User Experience
Installation Prerequisites
This installation requires one of the following servers:
- Microsoft 365
- Exchange Server 2016 (Hybrid only) - version 15.1.544.27 (CU3) or later
This version can be used on the following mail clients:
- Microsoft 365 OWA
- Outlook 2016 for Windows (Click-to-Run install only)
- Outlook 2019 for Windows
- Outlook 2016 for Mac
- Outlook for iOS
- Outlook for Android
You'll need to download the following file to install, enable, and configure your PAB in the KnowBe4 admin portal:
- PhishAlertManifest.xml
If you have a proxy, a connection to the following is needed in order to bypass proxy/proxy authentication:
- outlook.office365.com
- outlook.office.com
- us.pab.knowbe4.com, eu.pab.knowbe4.com, or ca.pab.knowbe4.com
The domain used will depend on where your KnowBe4 account is located.
Note:
If you are using Internet Explorer, please click here to follow the necessary steps to run PAB on your PCs.
How to Install
In order to use the PAB, you must enable the Connected Experiences option in your Outlook. To do so, please follow the instructions below:
- Go to File > Options > Trust Center > Trust Center Settings.
- From Trust Center Settings, go to Privacy Options then Privacy.
- Enable Optional Connected Experiences.
Once you've enabled Connected Experiences, follow the steps below to install the PAB:
If the steps below do not match your current view, click here to view an alternate way to reach the Add-ins page.
- Log in to your mail server Admin portal. Under the Settings menu, click Integrated apps.
- From the Integrated apps screen, click Upload custom apps. This will take you to the Centralized Deployment add-in management screen.
- From the Centralized Deployment area, click the I have the manifest file (.xml) on this device. radio button and then sign select the Browse option.
- A file browser pop-up window opens. Locate and add the PhishAlertManifest.xml file from your Account Settings and click the Next button to install.
- Select which users will have access to the add-in and which deployment method to use. We recommend that you make the add-in accessible to Everyone and to use the Fixed deployment method. You will need to click (View options) to edit the deployment method.
Note:
If you'd only like to enable this version of the PAB to specific distribution groups, see step 6 in our Multiple PAB Instances in Exchange or Microsoft 365 article for details on this process.
- This is how the add-in should look once configured in the Services & add-ins area:
Note:It can take up to an hour for the PAB add-in to be visible in your Microsoft 365 inbox.
How to Uninstall
- Log in to your mail server Admin portal. Then, navigate to Settings > Services & add-ins.
- Highlight the Phish Alert add-in. Then, click the Delete Add-In icon.
User Experience
Note: If you are experiencing issues with the mobile Phish Alert Button, make sure that you are running the most recent version of the Outlook Mobile app as well as iOS and Android.
Note: Dark mode is not fully supported as of 3/9/22. While the PAB works, certain elements may be hard to see or use. We apologize for any inconvenience.
Once installed, the PAB add-in will be available from any open email in the compatible mail clients, including the Outlook app for iOS and Android.
In Outlook, the Phish Alert Button will appear in the banner on an open email, as shown below.
In Microsoft 365, the Phish Alert Button will appear in the drop-down menu on an open email, as shown below.
If you are using a smaller sized window or resolution, some of the elements may be hidden. Make sure that your window is expanded, or the resolution is set, to the standard size when using the Phish Alert Button.
A user can report any email as a phishing email. The reported email will be in the users' Sent Items as a forwarded message and will be deleted from the user's inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.
Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.
Outlook Mobile App (for Android)
If users want to report an email using the PAB from the Outlook App on an Android device, they'll first tap the three dots at the top right of the screen, as shown below.
Then, they'll see Phish Alert listed in their add-ins.
Once they've selected the Phish Alert add-in, they'll be brought to the screen shown below to confirm that they want to report the email. From this screen, they'll tap the Mobile Phish Alert button to confirm submission.
After the email has been reported, the message you've set in your Account Settings will display, as shown below. Click OK to dismiss the message.
Outlook Mobile App (for iOS)
If users want to report an email using the PAB from the Outlook App on an Apple device, they'll first click the three dots at the top right of the screen, as shown below.
Then, they'll see Phish Alert listed in their add-ins.
Once they've selected the Phish Alert add-in, they'll be brought to the screen shown below to confirm that they want to report the email. From this screen, they'll tap the Mobile Phish Alert button to confirm submission.
After the email has been reported, the message you've set in your Account Settings will display, as shown below. Click the OK button to dismiss it.
New Outlook Experience
The New Outlook experience is exclusive only to Microsoft 365 customers. This means that if you are using the Exchange PAB with a Microsoft 365 environment, the Exchange server PAB is not compatible and the Phish Alert Button will not be supported by the Outlook Web App.
Additional Resources
- Phish Alert Button Guide for Exchange 2013/2016 (Server-based)
- Video: PAB Installation and User Experience
- How Do I Change the Phish Alert Text for Server-Based PAB (Exchange & Microsoft 365)
- Multiple Phish Alert Button Instances (Multi-PAB): Microsoft 365/Exchange
- PAB Compatibility Matrix
- FAQ: Phish Alert Button (PAB)
- Using Outlook for iOS and Android (please see this article if you are using a Government Community Cloud)
Comments
0 comments
Article is closed for comments.