Skip to main content

How to Integrate Adaptive Security with the Native Microsoft Phish Reporting Button

Set up Microsoft’s native Report Phishing button to track reporting metrics in Adaptive and forward emails to Phish Triage.

Updated over 2 months ago

Overview

This guide walks through the process of integrating Microsoft’s native phish reporting button with Adaptive Security. By forwarding Microsoft-reported phish emails to Adaptive’s ingestion alias, you can centralize phishing visibility and reporting. You can also view these emails in Phish Triage if you use this feature.

This integration consists of three key steps:

  1. Set up a shared mailbox to forward reported emails to Adaptive

  2. Configure Microsoft to route phishing reports to that shared mailbox

  3. Enable outbound forwarding from the shared mailbox to Adaptive’s email alias

✅ Prerequisites

Before beginning, make sure you have:

  • Admin access to Microsoft 365 Admin Center and Security Center

  • Your company’s Adaptive Security email alias (e.g., [email protected])

How to Retrieve Your Adaptive Email Alias

If you don’t already have your Adaptive email alias, here’s how to find it:

  1. Log into the Adaptive Admin platform

  2. Go to the Workspace section in the sidebar

  3. Click Settings

  4. Select the Phishing tab

  5. Scroll to the Phish Reporting section

  6. Look for the Manual reporting via email alias field

  7. Click the copy icon next to your alias to save it to your clipboard

Step 1: Set Up a Shared Mailbox for Forwarding

This mailbox will act as an intermediary that receives phishing reports and forwards them to Adaptive.

1.1 Create the Shared Mailbox

  • Go to Microsoft 365 Admin Center

  • Navigate to Teams & GroupsShared Mailboxes

  • Click Add a Shared Mailbox

1.2 Name and Create the Mailbox

  • NOTE: This mailbox is not used by employees directly

1.3 Configure Email Forwarding

  • After creating the mailbox, click into it

  • Click Edit under Email Forwarding

  • Enter the Adaptive email alias (e.g., [email protected])

Step 2: Route Microsoft-Reported Emails to the Shared Mailbox

This ensures emails reported via the native Microsoft PAB are sent to the shared mailbox.

2.1 Go to Microsoft Security Admin Center

  • From Admin Center, go to Security

2.2 Navigate to Email Policies

  • Click Email & CollaborationPolicies & Rules

  • Then click Threat Policies

2.3 Add Shared Mailbox as a SecOps Mailbox

  • Under Threat Policies, click Advanced Delivery

  • In the SecOps Mailbox tab, click Edit

  • Add the shared mailbox you created

2.4 Set User Reported Destination

  • Navigate to SettingsEmail & Collaboration

  • Click User Reported Settings

  • Under Reported Message Destinations, select the shared mailbox

Step 3: Allow External Forwarding from Shared Mailbox

Microsoft blocks external forwarding by default. You’ll need to enable it specifically for this shared mailbox.

3.1 Create a Custom Outbound Anti-Spam Policy

  • Go to Email & CollaborationPolicies & RulesThreat Policies

  • Click Anti-Spam under Policies

  • Click Create PolicyOutbound

3.2 Configure the Policy

  • Name the policy (e.g., “Adaptive Forwarding Policy”)

  • Add the shared mailbox as a user under “Users”

  • Under Automatic Forwarding Rules, set to On – Forwarding Enabled

✅ Validate the Integration

After configuration, confirm that phishing reports are successfully flowing into Adaptive.

Test the Flow

  1. From a Microsoft 365 user account, open a test phishing email from a training campaign.

  2. Use the Report Phishing button in Outlook.

  3. Check to confirm that the campaign reporting shows that the email was reported.

  4. If you use Phish Triage, wait a few minutes, then check your Adaptive Phish Triage dashboard to confirm that the email arrived and has with the correct metadata (sender, subject, headers)

You're Done!

You’ve now successfully routed Microsoft phish reports directly into the Adaptive platform —ensuring visibility and remediation workflows stay centralized, regardless of reporting method.

🔧 Troubleshooting

If you're experiencing issues with emails not forwarding from the shared mailbox to Adaptive, there's an additional configuration that may resolve the problem.

Check Remote Domains Configuration

Microsoft may be blocking forwarding to external domains even after you've configured the anti-spam policy. To fix this:

  1. Go to Exchange Admin Center

  2. Navigate to Mail FlowRemote Domains

  3. Look for your Adaptive domain entry (e.g., adaptivesecurity.com)

  4. If it doesn't exist, you'll need to add it:

    • Click Add or New Remote Domain

    • Enter a name for the domain (e.g., "Adaptive Security")

    • Add the domain: adaptivesecurity.com

    • Save the new remote domain

  5. Once the remote domain exists, click on it to edit

  6. Ensure that automatic forwarding is allowed for this domain

  7. Save your changes

You can read more on the Microsoft website here and here.

This configuration explicitly tells Exchange that it's safe to forward emails to Adaptive's domain, which can resolve forwarding issues that persist even after configuring the anti-spam policy.

Did this answer your question?