How to Get the Report Phishing Extension for Office 365

The following article describes the report Phishing button installation process for Office 365.

When a Phishing Campaign is underway and users start receiving phishing emails, they have several choices: they can either open, inspect, and ignore the email, click a link, provide their credentials, and fall for the phishing attempt, or report the suspicious email.

Report Phishing Extension is a special button that appears on the email message taskbar in the right top corner. This allows users to easily report suspicious emails and helps organizations assess the effectiveness of their anti-phishing training. It also provides valuable feedback on areas where additional training may be needed.

To proceed with getting the extension, please navigate to the phishing menu in your admin console, and press on the "Extensions" menu: image-png-Jan-24-2024-02-17-32-3185-PM

Insert the email address to which the reported emails will be forwarded into the "Report To Email" field and press save afterward:image-png-Jan-24-2024-02-20-53-9551-PM
We recommend creating a direct email (or group), for that. Example: incident-response-team@yourdomain.com, reportedemail@yourdomain.com, etc.
Once the email is saved, you can use the manual according to the platform you are on.

Installing the extension:

As an Admin, navigate to the Microsoft AppSource page and look for the extension via the top search bar.
Once on the page, press Get it Now.


You will be forwarded to the Microsoft 365 Admin Center, Integrated Apps section. (requires admin login)
Once there you will be presented with an option to deploy the app, select the desired user(s)/groups to whom the app should be deployed, and press next.

Next, accept the app permissions and proceed further:

Once done, proceed to finish deployment:

Once the app is deployed, you should see the Wizer extension icon when you open up emails
image-png-Jan-24-2024-03-15-05-7909-PM
The following will be shown once you open the extension and an email is selected:
image-png-Feb-28-2024-12-58-00-5516-PM

The extension will show up with a hook logo in the web version of Outlook as in the screenshot above, yet if you don't see it due to the number of extensions used, you can pin it.

The phishing report button is available for the desktop version of Outlook. One of the steps of add-in installation in the Outlook Admin panel is a selection of who should have it installed: All Users / Groups / Specific Users. 

The extension is not available for mobile devices or iPads.

To do so, select a message, press More actions, and select Customize actions:
image-png-Jan-24-2024-03-17-28-0649-PM


In the Customize actions make sure the Report Phishing extension from the Wizer checkbox is selected, press save.
image-png-Jan-24-2024-03-18-30-6780-PM


Once the above steps are done, you should be all set.


In case you already had our extension installed


As we constantly work towards improving our product, new extension versions will be released that might include new or changed functionality.
Since the app is not updated automatically for users, as an admin you can navigate to the integrated apps and approve the update:
While selecting the app from the list the below window should inform about pending updates to the extension and provide you with an option to install them:
image-png-Feb-28-2024-01-06-28-9956-PM

The update window will provide a summary regarding the update as shown below:
image (1)-png-3

Once you install the updates the latest app version will be deployed to your organization or users (depending on the deployment type you chose initially).

Users Interactions with Extension

When a Wizer user reports a Wizer simulation phishing email (clicks the phishing extension hook), the following happens:

  1. The user gets a congratulatory message "Well done! It was a simulation phishing email".

  2. The email will not be forwarded to the 'Report To' email address.

  3. The selected action will be applied to the email as it is set up in the Report Email Handling Settings.

  4. Admin will see the 'Reported' status in the phishing campaign report that the user reported this email.

When a Wizer user reports a non-Wizer simulation phishing email (clicks the phishing extension hook), the following happens:

  1. The user gets a congratulatory message "Thank you for doing your part to keep our organization safe".

  2. The email will be forwarded to the 'Report To' email address.

  3. The selected action will be applied to the email as it is set up in the Report Email Handling Settings.

When a non-Wizer user reports any email (clicks the phishing extension hook), the following happens:

  1. The extension will not react to clicks.

  2. The email will not be forwarded to the 'Report To' email address.

Frequently Asked Questions

I cannot follow all the steps in the instructions.  Some options are not available. Why?

  1. Permission issue: The admin is not allowed to upload custom apps/custom Outlook apps. Please check the user's permissions.

  2. The Settings on your organization's environment: the ability to upload custom apps besides Teams is disabled, etc.

  3. Please check and adjust the configurations and permissions on your side.

 

The phishing button is not visible. Do you know how I can fix it?

For the phishing button to be visible, please do the following:

  1. Pin the extension if you don't see it due to the number of extensions used.

  2. Update the extension by using the guide.

  3. Reinstall the extension - How to Get the Report Phishing Extension for Office 365.

On the first use of the Report Phishing button, administrators will see a permission request prompt:

If a regular user (with no admin privileges) attempts to report an email before the permissions are approved, they can send a request to their administrator:

Until an admin grants the necessary permissions, the “Report Phishing” button will remain unavailable for all users.

Please validate this behavior on your end after approving the permission request. Once the approval is in place, let us know if the extension operates as intended. Please let us know if you have any questions.

The Report Phishing button is not supported for Outlook 2019 as Microsoft deprecated an old API, and modern Microsoft Graph API auth methods do not work out of the box in old Outlook.. We updated the UI, so it should display “your version of Outlook is not supported”. We are working on a solution, however, no ETA can be provided currently.

Report Phishing Button Checklist

 

1. Check Compatibility
Ensure you’re using a supported version of Outlook:
  • Outlook 2013 or later (Windows)
  • Outlook 2016 or later (Mac)
  • Outlook on the Web (OWA)
Also, verify you’re not using Office LTSC 2021, which may have limited support for modern add-ins. 
2. Clear Cached Permissions and Cookies
To rule out session issues, try clearing browser cookies or opening the add-in page in an Incognito/Private tab.
3. Permissions Issue (Common in M365 Enterprise/Business)
If you’re on a Microsoft 365 Business or Enterprise tenant, installation might be blocked by an admin policy:
  • Open Microsoft 365 Admin Center
  • Navigate to Settings → Org Settings → Services → User-owned apps and services
  • Ensure that users are allowed to install Office Store add-ins
You may also need to check:
  • Integrated Apps section to approve the add-in for your organization.
Azure Active Directory > Enterprise Applications, if it’s being blocked at the AAD level.
4. Try on Outlook Web App
Sometimes local Outlook clients fail, but OWA works. Click the “Open in Outlook Web” button from the error screen and test if the add-in loads there.
5. Check Browser Console for Errors
Press F12 → Go to the Console tab to check if any CSP, CORS, or API errors are blocking the install.
6. Tenant Restrictions or CSP Policies
If you’re under a CSP (Cloud Solution Provider) or in a heavily restricted corporate tenant:
  • Ask your IT admin to review Office Add-ins policies and Microsoft Defender settings, especially if phishing add-ins are whitelisted/blocked.

Any questions? Please, contact our Support Team by emailing us at support@wizer-training.com.

Best regards,

wizer_logo_dark