Skip to main content

Arsen Phish Report add-in pour Outlook

Install the Arsen Report Button for Outlook

Updated over a month ago

Allowing employees to report suspicious emails is essential for strengthening internal security, automating reporting within Arsen, and ensuring efficient threat management.

1 – Objectives

  • Allow employees to easily report suspicious emails

  • Automatically send simulation reports into Arsen

  • Forward real phishing attempts to a dedicated mailbox

  • Test and progressively deploy the Phish Report add-in to all users

2 – Prerequisites

  • Use Outlook on iOS, Android, Outlook Web, Outlook.com, or Exchange 2016+

  • Have a direct connection to Exchange or Microsoft 365 (no POP3/IMAP)

  • Use an account configured in Exchange, Office, or Outlook.com

  • Be able to access the Integrations section in Arsen to generate the manifest

  • Have administrator access to the Microsoft 365 Admin Center

3 – Understand how the Arsen button behaves

  • If the email comes from an Arsen simulation, the employee’s score increases and the email is marked as Reported in the platform.

  • If the email is real, it is:

    • Forwarded to the destination mailbox of your choice (typically SecOps)

    • Removed from the user's inbox

4 – Download and configure the Phish Report add-in

4.1 – Generate the manifest.xml file

From your Arsen account, go to Integrations via the Settings menu (top-right of the screen).

Arsen Settings menu with Integrations section highlighted.

4.2 – Enable the add-in

  • Click Enable the integration (Install tab)

  • Under Define the email address, enter the destination mailbox for non-simulation emails
    (e.g., [email protected], [email protected])

  • Set the button label under Phish Report Button Text

  • Optionally customize the thank-you message

  • Click Download Phish Report add-in

5 – Test the Arsen add-in in Outlook

5.1 – Why testing matters

It is recommended to test the add-in before deploying it to the entire organization.

5.2 – Load the add-in in Outlook Web

  1. From an administrator account, open Microsoft 365 Admin Center

  2. Go to Settings → Integrated apps

  3. Click Upload custom apps

  4. Select Office Add-in

  5. Choose Upload manifest file (.xml) and upload the file

  6. Click Next

5.3 – Configure the deployment test

  • Answer Yes to Is this a test deployment?

  • Select Only me to test the add-in on your own account

  • Click Next

5.4 – Accept permissions

  • Click Accept permissions

  • Confirm required authorizations

5.5 – Complete the test deployment

  • Go to the add-in overview screen

  • Click Deploy

⚠️ Warning

The add-in may take up to 6 hours to appear.

5.6 – Test the behavior

Once the Phish Report button is visible:

  1. Send a test campaign

  2. Report the email

  3. Verify the user appears as Reported in Arsen

6 – Deploy the Arsen Outlook add-in to all users

6.1 – Understand deployment specifics

Some Microsoft configurations may require additional parameters.
Refer to Microsoft documentation if necessary.

6.2 – Deploy for the entire organization

  1. Open Microsoft 365 Admin Center

  2. Go to Settings → Integrated apps

  3. Click the installed add-in (Arsen Report Phishing)

  4. Click Modify users

  5. Select All users

  6. Ensure Is this a test deployment? = No

  7. Click Update

⚠️ Deployment may take up to 6 hours to appear in Outlook.

Related Articles
Authorizing Phishing Operations
Configure Microsoft 365 to Authorize the IP Addresses Used in Arsen Simulations
Allow Automatic Image Download in Received Emails
Connect Arsen to the native Outlook report button
Install the Arsen Phish Report Button for Gmail
Did this answer your question?