Phish Hook Button – Centralised Deployment in Microsoft 365

In this article, we will learn how to automatically install the Microsoft 365 (formerly Office 365) Outlook Phish Hook Button add-in for all users at once.

The Phish Hook Button add-in for Microsoft Outlook / Microsoft 365 (formerly Office 365) enables end users to report suspicious emails. This button empowers your employees to play an active role in identifying phishing and other types of malicious emails. It benefits your IT/security team by providing early warnings of potential phishing attacks, allowing them to take effective action to mitigate the risk of a security or network breach.

The Phish Hook button tracks whether users report simulated phishing emails, giving you visibility into who is engaging successfully and recognising potential threats.

NOTE: To learn how to manually install/sideload the add-in for individual users, see "Phish Hook Button - Manual Installation".

• Supported Mail Servers and Clients
• Download manifest and Accept Permissions
• How to Perform a Centralised Deployment
• Proxy Servers

Supported Mail Servers and Clients

Supported Mail Server:

• Microsoft 365 (formerly Office 365)

Supported Mail Clients:

• Outlook Desktop
• Microsoft 365 (formerly Office 365) OWA
• Microsoft New Outlook
• Outlook (mobile app – iOS only)

Download manifest and Accept Permissions

The steps below are for all support MAIL SERVERS.

1. Click "Organisation" > "Settings" in the Phishing Tackle portal  main menu.
2. Click "Phish Hook Button".
3. Check "Enabled".
4. Mandatory: To enable email reporting, the administrator must set a valid, licensed email address in “Forwarding Email Addresses for non-simulated emails". 
   • (Optional) You can also adjust the default settings to align with your organisation’s reporting preferences. For more information, see Phish Hook Button - Overview

5. Download the Office® 365® Manifest File and save it in a memorable location. Note: Although the file name references Office 365, the manifest is suitable for all supported mail servers.

6. Once downloaded, confirm permissions by selecting the button labelled ‘Click here to confirm permissions for the Phish Hook button using Microsoft Graph’. 
   

How to Perform a Centralised Deployment

Centralised Deployment is a feature in Microsoft 365 that allows administrators to automatically distribute add-ins such as the Phish Hook Button to all users or specific groups across the organisation.

1. To perform a centralised deployment, visit the Integrated Apps page (https://admin.microsoft.com/#/Settings/IntegratedApps) in the Microsoft 365 Admin Portal and log in to your admin account. Click “Settings” > “Integrated apps” in the Microsoft 365 Admin Portal.
   
   
2. Click "Upload Custom Apps".
   
3. Select the "Office Add-in" app type.
4. Upload your previously downloaded manifest file using "Upload manifest file".
   
5. Select "Next".
   
6. Select the users that you would like to assign the Phish Hook button to. 
   We recommend selecting "Entire organisation", so that all of your recipients are granted access to use it.
   
   
   
7. Select "Next".
8. If you haven't already granted permissions, you will have the opportunity to do that now. Select "Accept permissions" and you will be shown a pop up. Select "Accept".
   
   
   

9. Review your selected settings, and if you are happy with them click "Finish Deployment".
   

10. After a few moments, the deployment should be completed.
    
    

Your add-ins area should now show the Phish Hook button add-in:

Proxy Servers

If your users are behind an internet proxy, ensure they have access to the following URLs:

• outlook.office365.com
• outlook.office.com
• tacklephishing.com (please note the reverse order of Phishing Tackle)

For more information regarding On-Premise Exchange Add-in management, including removal and advanced installation, please click here.

Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com