O365 Outlook online - MS report Phish and make PAB easer to useVastattu
I have a two part question, both involving O365 Outlook on the web
- We have deployed the Phish Alert Button to our users and sent out training materials, but many users have found that they can report Phishing using the "Junk" dropdown, which shows up in a more convenient place than the PAB does by default (see screenshot). Is there a way to remove this option to report Phishing to make things less confusing for our users?
- By default, the PAB requires that users click on the "..." on a message and then the PAB shows up near the bottom of the menu that appears. Each user can change their settings for "Message Surface" to make the PAB show up near the Reply, Reply All, and Forward buttons, but we haven't been able to find a way to make this happen for users by default. Anybody figured that out?
I'd like to get you a ticket open with one of our Technical Support Reps who may be able to assist you in getting the PAB put in a more viable spot for your users. We may be able to find some resources that will assist you in removing that option in your O365. Would you like me to create a support ticket for you on this one?Kommenttitoiminnot
KnowBe4 referred us to Microsoft. Our Microsoft reps keep referring us to a knowledge base article that doesn't quite do what we want. After following the instructions, the Phishing button is still there, it just does not send the reported email anywhere. There does not seem to be a way to make the default Microsoft Phishing button go away.
Thanks Matt for your response. I spoke to my Exchange team and they mentioned we had no control over the MS button. :-( It is confusing our employees. However, the team was able to redirect any emails reported via the MS button to our Security Operations Center and I'm hoping I can redirect to our PhishER inbox once we have that setup.
I thought I'd follow up on this in case others find it helpful.
While researching an unrelated issue recently, I ran across this document where Microsoft confirms that you cannot disable their built in phish reporting tool:
We have done the following to help guide users to the right place:
Configure an O365 alert to be sent to an internal email address when people use the Microsoft phish reporting tool. Then configure a Flow (Power Automate) to extract the email address of the person who used the MS phish reporting tool and send a new email to them explaining that the tool they used sends the information to Microsoft and not to us, so we can't analyze the message, and providing a link to a sharepoint document that explains how to use the Phish Alert button on various platforms (Outlook app, OWA, and Outlook mobile), as well as instructions for adding the PAB to the message surface so it is easier to use.
Kirjaudu sisään jättääksesi kommentin.