Combined Phish Alert Button with Report Message to Microsoft

Respondida

Comentários

109 comentários

  • Avatar
    Nathan Hix

    Hey Nathan,

    Thank you very much for reaching out to us regarding your interest in this type of enhanced compatibility with the Microsoft Button. I added you to the Feature request form as well and hope you have a great rest of your day!

    0
    Ações de comentário Permalink
  • Avatar
    Russell Johnson

    It would work for us to have a function in the PhishER console be able to send the message to MSFT for analysis.  That might be an easier API than trying to change the Phish Alert Report in Outlook.

    0
    Ações de comentário Permalink
  • Avatar
    Kris Carter

    +1 on this topic

     

    Following up to the workaround of configuring KB4 to forward any non-simulation reports to Microsoft at "phish@office365.microsoft.com". Have any of the community here put this in place and observed a negative experience as a result? 

    Our team isn't actively managing/reporting on what the users are reporting to MS via the native "Report Message" button so trying to identify the impact of inserting the PAB until this updated functionality is squared away. Thanks!

    0
    Ações de comentário Permalink
  • Avatar
    Nick Bertram

    Hello Kris, 

    I have added you to the feature request form for this thread. In regards to your question, I have seen a few customers set the PAB (Phish Alert Button) to forward to Microsoft's reporting email address (phish@office365.microsoft.com) but I have not heard about any negative experiences after doing so. I hope you have a wonderful rest of your day. 

    0
    Ações de comentário Permalink
  • Avatar
    Lisa Ashbaugh

    Please add me to the feature request. We currently use MS with the ATP as well. 

    1
    Ações de comentário Permalink
  • Avatar
    Jacob Hahn

    Hi Lisa,

    Of course!  I have gone ahead and added you to this feature request as well.

    Thanks!

    0
    Ações de comentário Permalink
  • Avatar
    Ondřej Kacar

    Hello, is there any progress regarding the request. We have same issue, and would be great to have this feature asap :).

    2
    Ações de comentário Permalink
  • Avatar
    Najjah Gilbert

    Hi Ondřej,

    We don't have any status updates available, but I've added you as a +1 to this feature request. Thank you for your feedback!

    1
    Ações de comentário Permalink
  • Avatar
    Matt Jenner (Editado )

    +1 for me as well. We have M365 with ATP as well.  With M365 E5 you can now do phishing tests through Microsoft.  There's no point in keeping KB4 if you have no solution for PAB to M365 issue.  This has been a known issue/request for 3 years now.

    4
    Ações de comentário Permalink
  • Avatar
    Jacob Hahn

    Hi Matt,

    I have gone ahead and added you to the feature request as well.  Thank you for your feedback!

    Thanks,

    1
    Ações de comentário Permalink
  • Avatar
    Michael Rhodes

    We are a financial institution.  I don't want employees reporting phishing to Microsoft in case the email contains our customer's personal information.  For the same reason, I don't have phishing emails being reported to KnowBe4, but only to me so I can look at them.

    -1
    Ações de comentário Permalink
  • Avatar
    Ondřej Kacar

    I found a workaround: Phish Alert Button + https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/user-submission?view=o365-worldwide#third-party-reporting-tools

    The non-simulated email is reported to the Office 365 ATP as phish email + all non-simulated reported emails are in the SOC shared mailbox for further investigation. 

    2
    Ações de comentário Permalink
  • Avatar
    Alex Rourke

    The help article mentioned by Ondřej was updated about a month ago and does appear to get us closer to a solution - it allows phish reports sent using KnowBe4's phish alert button to be forwarded to Microsoft and reported as phishing without KnowBe4 modifying its message format. There's still some holes here though - KnowBe4 provides no ability to report junk/not junk email like Microsoft does, which is something our user's need to be able to do.

    If KnowBe4 added junk and not junk reporting to their add-in (along with associated behaviors for moving the messages to the appropriate folder in the mailbox) and conformed with Microsoft's format for third-party submitted messages, their add-in would have feature parity with Microsoft's and be able to tell users when they correctly report a PST.

    Thanks to Microsoft's changes, it is now possible for KnowBe4 to modify their add-in and create something that is truly better than the Microsoft Report Messages addon. We're closer than ever to getting this resolved!

    3
    Ações de comentário Permalink
  • Avatar
    Nathan Gatt

    Alex, I understand that the current version of the PAB allows users to report emails as either phishing, spam or Unknown based on the updated article here: https://support.knowbe4.com/hc/en-us/articles/4410882366611.

    I have not tested this version yet - interested to understand if others have though.

    0
    Ações de comentário Permalink
  • Avatar
    Kaiser U.

    Hi Alex,

    Great find! This is super helpful insight that I'll be sure to also pass along to our team internally. I will go ahead and also add you and Ondřej as a +1 to this general feature request.

    Thanks,

    Kaiser
    KnowBe4

    1
    Ações de comentário Permalink
  • Avatar
    Ondřej Kacar

    Hello Alex,

    with this feature provided by MS, the reporting button is easy to change, because it is possible to send out emails to the defined Mailbox with prefix: 

    • 1| or Junk:
    • 2| or Not junk
    • 3| or Phishing

    and it will be proceeded properly by MS. Fingers crossed for the PAB update! 

    0
    Ações de comentário Permalink
  • Avatar
    Jason Price

    @Alex - KnowBe4 does allow users to report Junk now via the fairly new Disposition feature, however it's unclear what exactly happens differently (I assume a different subject prefix, but I haven't tested it).

    Adding User Comments and Email Disposition to the Phish Alert Button – Knowledge Base (knowbe4.com)

    0
    Ações de comentário Permalink
  • Avatar
    Daniel Walker (Editado )

    Add me onto the +1 list. The microsoft formatting method posted by Ondřej was definitely helpful (going to use that for now, combined with forwarding .EML to us, Microsoft, and Vade submission emails), but would prefer an API/MS Graph tie-in. Even better - why not both? Using Vade (direct ProofPoint competitor). The report message button from MS also reports to Vade so that if enough people report a phish, it will be yanked out of everyone's boxes if it didn't get caught beforehand. That said, Microsoft's Report Message button is limited to people's direct inboxes, and is not available when viewing shared mailboxes. So KB4 has a real opportunity here to make the Phish Alert Button superior to Microsoft's.

    3
    Ações de comentário Permalink
  • Avatar
    Trevor Wilson

    Hi Daniel,

    I have gone ahead and added you to the feature request as well.  Thank you for your feedback as well!

    Have a great day!

    0
    Ações de comentário Permalink
  • Avatar
    Chuck Benslay

    +1

    It's been over 2 years since this was first requested.  We are getting false 'clicks' when our Users report a KB4 phishing test via the Microsoft Report Message plug-in in Outlook.  Obviously this messes up our reporting and we have to manually remove the User from an auto-enrolled remedial training.

    1
    Ações de comentário Permalink
  • Avatar
    Christian Nostrom

    Hello Chuck,

    Thanks for your feedback and patience while we have been working on this issue with the Microsoft Phishing Button.  We appreciate your input and I have gone ahead and added your request to the feature so you do not have to continue to remove the false/positives.

    Thanks,

    Christian

    0
    Ações de comentário Permalink
  • Avatar
    Jordy Guillon

    Add me to this request. Our org just deployed o365.  Between these two buttons, the Microsoft alert button wins as it reports directly back to their AI..  Phish alert becomes just a user "feel good" button that does little to improve our security posture.

    1
    Ações de comentário Permalink
  • Avatar
    Tarryn Roth

    +1 and following. We would also like to integrate KnowBe4 reporting with the Microsoft report button. We use the Microsoft button due to the functionality provided by Microsoft for it. Currently, we aren't able to track via the phishing campaigns who reported a phishing email from the simulation as we use the Microsoft button. I would also like to be able to provide a message that the email was part of the simulation.  

    1
    Ações de comentário Permalink
  • Avatar
    Kelsey Leonard

    Hello Tarryn,

    Thank you for commenting regarding the integration between the two reporting tools. I've added you to the feature request!

    We really appreciate the feedback!

    Cheers,

    Kelsey Leonard

    KnowBe4

    0
    Ações de comentário Permalink
  • Avatar
    Jim McElwain

    Hello Jordy,

    We appreciate your feedback! I have gone ahead and added you to the feature request.

    Best,

    Best,
    Jim McElwain
    KnowBe4

    0
    Ações de comentário Permalink
  • Avatar
    Jeroen Hensing

    hi,

    I'd also like to be added to the feature request. Also, is there a timeline known already?

    Thanks!

    0
    Ações de comentário Permalink
  • Avatar
    Brett Allison

    As a new customer it is a bit disappointing to see this feature request, after 29 months since originally posted in January of 2020, is still not resolved.  Please add me to the list of customers that would like a way to deal with both PST reporting and take advantage of o365 mail features for non KnowBe4 junk/phishing/non junk email.  Perhaps I'm misreading this post and there is a solution.

    0
    Ações de comentário Permalink
  • Avatar
    Max Garczynski

    Hi Jeroen,

    Thanks for your feedback and patience while we have been working on this issue with the Microsoft Phishing Button. Currently, the support department has not received an ETA or timeline from the development team regarding this feature. We appreciate your input and I have gone ahead and added your request to the feature!

    Thanks,

    0
    Ações de comentário Permalink
  • Avatar
    Najjah Gilbert

    Hi Brett,

    I’ve gone added you as a +1 to this feature request, and thank you for your feedback and patience.

    Thank you,

    0
    Ações de comentário Permalink
  • Avatar
    Jonathan Forand

    Please also add me to this feature request.

    Best Regards,

    0
    Ações de comentário Permalink

Por favor, entrar para comentar.