Setup Phish Reporter in Microsoft Outlook 365


This guide shows you how to configure Microsoft 365’s built-in Report Phishing capability so that learners can report all suspicious emails to their internal Reporting mailbox and to the Security Awareness Platform. Once configured, users can quickly report emails that they suspect are phishing attempts, using a single mouse click.


Step 1: Create a Shared Mailbox for Reported Emails


The shared mailbox will store all internal reported messages.


  1. Sign in to Microsoft 365 Admin Center Teams & groupsShared mailboxes page. Select Show all in the left navigation pane if you don't see Teams & Groups.
  2. On the Shared mailboxes page, select + Add a shared mailbox. Enter a name for the shared mailbox.  e.g.:
  1. Select Save changes. It may take a few minutes before you can add members.
  2. Under Next steps, select Add members to this mailbox. Members are the people who will be able to view the incoming mail to this shared mailbox and the outgoing replies. Assign access to your security/SOC team (Mailbox delegation).
  3. Optional: Add aliases if needed.

*Shared Mail boxes don't require a licence.

Note: Shared mailboxes do not require a licence. It may take 5–10 minutes before it appears as selectable in Defender.

Microsoft updates their UI frequently. If menus look different, refer to Microsoft’s “About Shared Mailboxes” page. Microsoft 365 About Shared Mailboxes

Step 2:  Configure Microsoft Defender " User Reported Settings"


This is where you tell Microsoft what to do when someone clicks Report Phishing.


  1. From the Security Portal → Choose Settings Email & collaboration User reported settings (https://security.microsoft.com/securitysettings/userSubmission).
  2. In the Outlook section:
  3. Tick → Monitor reported messages in Outlook
  4. In "Select and Outlook report button configuration", choose → Use the built-in Report button in Outlook
  5. In "When a user reports an email", tick both →  
  • Ask the user to confirm before reporting
  • Show a success message after the message is reported.
  1. In the Microsoft Teams section, "Monitor reported messages in Microsoft Teams" →  should be ticked already, and greyed out.
  2. The drop-down option under "Send reported messages to" select→  Reporting mailbox.
  3. Specify your new shared mailbox ( e.g., phishreport@yourdomain.com) in the in the "Add an exchange online mailbox to send reported message to" field.
  4. In the Email notifications section, nothing should be ticked
  5. In the Reporting from quarantine section, tick→   "Allow reporting for quarantined messages. Only admins can report quarantined Teams messages."
  6. Save settings.

Step 3: Install the Report Phishing Add-In ( Optional)


Only needed if your organisation still uses the old add-in instead of the built-in button.


  1. Go to Microsoft AppSource → Search for Report Phishing add-in.
  2. Click the Get it now button.
  3. Follow the instructions to complete the installation.

Note: This legacy add-in is deprecated. The built-in Outlook Report button is recommended.

Step 4: Forwarding to Goldphish ( Mail Flow Rule)


This is the critical part that ensures GoldPhish receives all reports.


  1. In Exchange Admin CenterMail flowRulesCreate New Rule.
  2. Enter a Name for your Rule: Phish Report,
  3. Set Apply this rule if to The recipient is: Your newly created shared mailbox( eg, phishreport@yourdomain.com).
  4. Set Do the following to BCC message to report@phish.goldphish.com.
  5. Click Save.

*Now, every reported email will land in your internal shared mailbox and be forwarded to GoldPhish for tracking.

Step 5: Test the Setup


To confirm everything is configured correctly (including whitelisting and Phish Reporter), we strongly recommend running a small test.


  1. Run a Test Campaign
  • Target just two or three users internally.
  1. User Action

Ask these users to:

  • Confirm delivery of the email
  • Open the email
  • Click the embedded link
  • Report the email using their Report Phishing button
  1. Confirm the Results
  • View the campaign report to ensure all actions - delivery, click, and report - are correctly logged.

Note: Reported emails may take 5–10 minutes to appear in your dashboard.

Need more information? See our Third-Party Whitelisting and Troubleshooting guides.

Step 6:  Staff Communication Template


Subject: Report suspicious emails in Outlook


Hi team,


We've made it easy to report suspicious emails:


Just open the email and click the Report Phishing button

(in Outlook desktop, web, or mobile). Confirm when prompted.


Everything you report goes straight to our security mailbox and is also tracked automatically by GoldPhish.



If you’re on the full Outlook program, the button is in the main toolbar.



If you’re using Outlook on the web, the button is in the sidebar.

✔ Please report anything suspicious  -  even if you’re unsure.

⛔ Do not click links or open attachments in suspicious emails.


Thanks for helping keep our organisation secure!


If you have questions, contact the IT helpdesk.

If you need a hand, reach out to our Support Team via email at support@goldphish.com.🚀🛠️

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles