Hybrid PAB

Outlook Mobile App (iOS and Android) and Microsoft 365 Phish Alert Button (PAB) Product Manual

Note: Starting May 10, 2021, the ExchangeManifest and M365Manifest files will be combined into a single file, PhishAlertManifest, for an easier installation process. For more information on this new process, please see our Hybrid Phish Alert Button Product Manual.

The Phish Alert Button (PAB) add-in for the Microsoft Outlook mobile app (iOS and Android) and Microsoft 365 gives your end-users the ability to report suspicious emails from not only their computer but also from their mobile inbox. This empowers your employees to take an active role in managing the problem of phishing and other types of malicious emails.

Paid Integration: If you are using our full-featured Phishing and Training console, the PAB will also track if your users report our simulated phishing emails, so you can see which users are successfully identifying potentially malicious emails.

We encourage you to inform all of your users of this tool before making it accessible. Below are helpful resources that you can use to assist with your implementation of the PAB:

For instructions on how to enable and configure your PAB in the admin portal, visit our main PAB article.

Note: For more information on PAB's compatibility with different mail clients and servers, see our PAB Compatibility Matrix.

Installation Prerequisites

This installation requires one of the following servers:

  • Microsoft 365
  • Exchange Server 2016 (Hybrid only) - version 15.1.544.27 (CU3) or later

This version can be used on the following mail clients:

  • Microsoft 365 OWA
  • Outlook 2016 for Windows (Click-to-Run install only)
  • Outlook 2019 for Windows
  • Outlook 2016 for Mac
  • Outlook for iOS
  • Outlook for Android

You'll need to download the following file to install, enable, and configure your PAB in the KnowBe4 admin portal:

  • PhishAlertManifest.xml

If you have a proxy, a connection to the following is needed in order to bypass proxy/proxy authentication:

  • outlook.office365.com
  • outlook.office.com
  • us.pab.knowbe4.com, eu.pab.knowbe4.com, or ca.pab.knowbe4.comThe domain used will depend on where your KnowBe4 account is located.
Important:

If you are using Internet Explorer, follow the steps below to run PAB on your PCs.

  1. Go to the Internet Options section of Internet Explorer and click the Security tab.
  2. Inside the Internet Sites Zone box, check the Enabled Protected Mode box.
  3. Click OK.

How to Install

In order to use the PAB, you must enable the Connected Experiences option in your Outlook. To do so, please follow the instructions below:

  1. Go to File > Options > Trust Center > Trust Center Settings.
  2. From Trust Center Settings, go to Privacy Options then Privacy.
  3. Enable Optional Connected Experiences.

Once you've enabled Connected Experiences, follow the steps below to install the PAB:

  1. Log in to your mail server Admin portal. Under the Settings menu,
  2. From the Integrated apps screen, click Upload custom apps. This will take you to the Centralized Deployment add-in management screen.
  3. From the Centralized Deployment area, click the I have the manifest file (.xml) on this device. radio button and then sign select the Browse option.
  4. A file browser pop-up window opens. Locate and add the PhishAlertManifest.xml file from your Account Settings and click the Next button to install.
  5. Select which users will have access to the add-in and which deployment method to use. We recommend that you make the add-in accessible to Everyone and to use the Fixed deployment method. You will need to click (View options) to edit the deployment method.
    Note:

    If you'd only like to enable this version of the PAB to specific distribution groups, see step 6 in our Multiple PAB Instances in Exchange or Microsoft 365 article for details on this process.

  6. This is how the add-in should look once configured in the Services & add-ins area:
    Note:

    It can take up to an hour for the PAB add-in to be visible in your Microsoft 365 inbox.

If the steps above do not match your current view, try the alternative method listed below.

  1. Log in to your mail server Admin portal. Under the Settings menu, click Integrated Apps and then Add-ins at the top of the page.
  2. From the Add-ins screen, click Deploy Add-In. This will open a wizard, click Next to continue.
  3. From the Deploy a new add-in window, click the Upload custom apps option.
  4. Finish the installation process by following steps 4-6.

How to Uninstall

    1. Log in to your mail server Admin portal. Then, navigate to Settings > Services & add-ins.
    2. Highlight the Phish Alert add-in. Then, click the Delete Add-In icon.

User Experience

Note: If you are experiencing issues with the mobile Phish Alert Button, make sure that you are running the most recent version of the Outlook Mobile app as well as iOS and Android.
Important: Dark mode is not fully supported as of 3/9/22. While the PAB works, certain elements may be hard to see or use. We apologize for any inconvenience.

Once installed, the PAB add-in will be available from any open email in the compatible mail clients, including the Outlook app for iOS and Android.

The Phish Alert button will appear in the Apps launcher on an open email. To access the Apps launcher, click the Apps icon in the top-right corner of an open email. If the PAB does not display in the Apps launcher, you can click Add apps. Then, locate and add the PAB add-in.

You can also pin the PAB add-in to the toolbar at the top of an open email. To pin the add-in, click the ellipsis icon and select Customize actions. Or, navigate to Settings > Mail > Customize actions. Then, select the Phish Alert add-in and click Save.

If you are using a smaller sized window or resolution, some of the elements may be hidden. Make sure that your window is expanded, or the resolution is set, to the standard size when using the Phish Alert Button.

Important:To use the PAB, you must enable the Reading Pane. For more information about enabling the Reading Pane, see Microsoft's Use and configure the Reading Pane to preview messages article.

A user can report any email as a phishing email. The reported email will be in the user's Sent Items as a forwarded message and will be deleted from the user's inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items/Trash.

Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.

Outlook Mobile App (for Android)

If users want to report an email using the PAB from the Outlook App on an Android device, they'll first tap the three dots at the top right of the screen, as shown below.

Then, they'll see Phish Alert listed in their add-ins.

Once they've selected the Phish Alert add-in, they'll be brought to the screen shown below to confirm that they want to report the email. From this screen, they'll tap the Mobile Phish Alert button to confirm submission.

After the email has been reported, the message you've set in your Account Settings will display, as shown below. Click OK to dismiss the message.

Outlook Mobile App (for iOS)

If users want to report an email using the PAB from the Outlook App on an Apple device, they'll first click the three dots at the top right of the screen, as shown below.

Then, they'll see Phish Alert listed in their add-ins.

Once they've selected the Phish Alert add-in, they'll be brought to the screen shown below to confirm that they want to report the email. From this screen, they'll tap the Mobile Phish Alert button to confirm submission.

After the email has been reported, the message you've set in your Account Settings will display, as shown below. Click the OK button to dismiss it.

New Outlook Experience

The New Outlook experience is exclusive only to Microsoft 365 customers. This means that if you are using the Exchange PAB with a Microsoft 365 environment, the Exchange server PAB is not compatible and the Phish Alert Button will not be supported by the Outlook Web App.

Additional Resources

Can't find what you're looking for?

Contact Support
circle-arrow-up