Setup Phish Reporter in Microsoft

Phish Reporter allows your team to report suspicious emails to an internal address (e.g. PhishReport@yourdomain.com) and forwards these to the Security Awareness Platform for visibility on reporting trends and phishing simulation interaction.

Step 1. Creating a Contact in the Exchange Admin Center (EAC)

  1. Sign in to Microsoft's Exchange Admin Center
  2. Navigate to Recipients > Contacts.
  3. Click + Add New Mail Contact.
  4. In the contact fields, enter:
  • First Name: Phishing
  • Last name: Report
  • Display Name: Security Awareness Platform or Preferred name
  • Alias: Phishing
  • External Email address: report@phish.goldphish.com

4.  Click Save

Step 2. Create a shared mailbox

Shared Mailboxes do not use or require a license.

  1. Go to Recipients > Mailboxes.
  2. Click Add a shared mailbox.
  3. Fill in:
  • Display Name: PhishReport
  • Email address: PhishReport
  • @: Use the Select Domain drop-down to select your domain.

4.  Click Create.

Step 3. Set up Forwarding on the Shared Mailbox to the Contact

Now that you have a Contact and a Shared Mailbox created, we need to set up forwarding on the shared mailbox to send email to the contact.

  1. Click and open the shared mailbox( e.g. PhishReport@yourdomain.com) you created to bring up the settings menu.
  2. Select Email forwarding.

3.   Toggle Forward all emails sent to this mailbox to ON.

4.   Use the Search Email button to search for the contact that was created earlier. ( report@phish.goldphish.com ).

5.   If you want to keep a copy of the email that is sent to our reporting mailbox, tick the box next to 'Deliver messages to both forwarding address and mailbox'.

6.   Click Save.

*Once you’ve completed Step 3, you’re all set to use the Phish Reporter feature. Employees can now report suspicious emails by forwarding them to your reporting address: PhishReport@yourdomain.com. If Steps 1-3 were followed correctly, these reports will be tracked and logged as part of your simulation campaign.

Note: Trying to forward emails to report@phish.goldphish.com but getting a bounce-back?

👉🏻 | 550 5.7.520 Access denied... Your organisation does not allow external forwarding |

Don’t worry - we didn’t reject the email. Microsoft simply didn’t let it leave. It’s a default spam protection setting. Microsoft 365 often blocks auto-forwarding to external addresses by default. Proceed to Step 4:

Step 4. Enable Automatic External Forwarding for Individual Mailboxes

Your Microsoft 365 admin will need to allow external auto-forwarding for the mailbox you're using. Follow these steps to find and change the outbound spam protection policy that is blocking your forward.

  1. Access Anti-Spam Settings
  • Log in to the Microsoft 365 Defender portal as an administrator.
  • Navigate to:
  • Email & collaboration > Policies & rules > Threat policies > Anti-spam policies Or go directly to the Anti-spam settings: https://security.microsoft.com/antispam

Note: If you do not see these options or no policies are displayed, your account may lack the necessary permissions. Make sure you're signed in with an account that has Microsoft 365 administrator privileges. Also, the policies shown may differ depending on your organisation’s existing configurations.

  1. Create a New Outbound Spam Policy
  • Click + Create policy and select Outbound.
  1. Configure the Policy
  • Provide a Name and Description for your new policy. (e.g Goldphish PhishReporter Forwarding)
  • Click Next, then search for the user whose mailbox needs forwarding permissions.
  • Example: PhishReport@yourcompanydomain.com (typically a shared mailbox created for phishing reports).
  • After selecting the user, they will appear under the Users field.
  1. Enable Forwarding
  • Click Next, scroll to the Forwarding rules section.
  • Under Automatic forwarding rules, choose:
  • On - Forwarding is enabled
  • Click Next.
  1. Review and Create
  • Review the summary of your settings.
  • Click Create to finalise the policy.

*Tip: If this is your first policy, you may receive a message indicating that your organisation needs time to apply custom settings.

Advanced Reporting

Step 5. Set up Microsoft's Report Phishing Add-in

Note: This step describes how to configure the Office 365 'Report Phishing' add-in for Outlook and Outlook on the web. Skip and proceed to Step 6 if you are using Microsoft Defender.

Installing the Office 365 'Report Phishing' add-in

Your organisation must be willing to accept Microsoft's terms of use before installing the Report Phishing add-in.

  1. Go to the Microsoft AppSource and search for the Report Phishing add-in.
  2. Click the Get it now button.
  3. Follow the instructions to complete the installation.

Note: It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service. 

Including our Platform in the Report Phishing add-in

  1. Log in to the Microsoft 365 Admin Center.
  2. Navigate to the Exchange Admin Centre.
  3. From here, navigate to Mail Flow -> Rules.
  4. Click Create New Rule. A ‘New Rule’ window is displayed.
  5. Enter a name for your rule, something like Phish Reporter.
  6. Set Apply this rule if the recipient is phish@office365.microsoft.com
  7. Set Do the following to Bcc the message to report@phish.goldphish.com & phishreport@yourdomain.com. The rule should look as follows.

  1. Click Save the rule.

* The rule is added. All emails flagged using the Report Phishing button will be routed to your internal Reporting mailbox and to the Security Awareness Platform.

Step 6. Set up Microsoft's Reporting Button in Microsoft Defender

This covers setting up Microsoft's Reporting button for users of Microsoft Defender and adjusting the functionality. This will forward email directly to our Platform and not to Microsoft. This prevents Microsoft from running additional scanning on the email.

Please note that some of these options recently changed.

Sign in to the Microsoft 365 Defender portal

  1. Navigate in your browser to: https://security.microsoft.com/securitysettings/userSubmission
  2. Select the On/Off button to turn the feature on.

  3. Select the Use Built-In "Report button option

  4. Toggle the Microsoft Outlook Report Message button to ON
  5. Check the box next to "My organisation’s mailbox" only
  6. In the email address field, put in the Shared mailbox Email address that was created earlier. It would be something like PhishReport@yourdomain.com
  7. Uncheck the box for Let users choose if they want to report.

  1. Scroll down and Toggle OFF the quarantine report message button.
  2. Select Save.

Sample Communication for Internal Staff

To help your employees use the Phish Reporting Buttons (add-in or built-in), we've produced some sample communication that you may wish to modify and distribute.

SAMPLE COMMUNICATION BEGINS

Subject: Report an Email You Think is a Scam

If you have received an email which you’re not quite sure about, forward it to PhishReport@yourdomain.com.


Forward us as many suspicious emails as you like.

Send us emails that feel suspicious, even if you're not certain they're a scam - we can check.

Report emails even if you think they're a simulated phishing test - you'll get high fives.

Don't click on any links in a suspicious email.

Don't open any attachments in a suspicious email.

You don't need to forward us suspicious emails you find in your spam/junk folder.


We've also made changes to Outlook so that you can easily report phishing emails in your inbox with one click. If you receive any email that you suspect is suspicious, select the message and click the Report Phishing button.


  • If you're using the full Outlook program, the button appears in the main toolbar:


  • If you're using Outlook via a web browser, the button appears in the sidebar:

    Once clicked, you'll be asked to confirm the submission:

By reporting suspicious emails, you will be helping to keep yourself, colleagues, and our organisation safe from cyber crime. If you have any questions about this reporting feature please reach out to your IT helpdesk. Thank you for your support.


SAMPLE COMMUNICATION ENDS

Note: Once everything is set up, we recommend you test the feature with a small phishing simulation involving 2 or 3 learners to ensure reported emails are captured and logged correctly.

Our Support Team is happy to help if you have any questions or require additional assistance. You can contact us anytime by submitting an email to support@goldphish.com

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles