Sync Email Reports from Outlook to CultureAI

How to sync reports from the in-built Outlook reporting button to CultureAI

Steps

If you'd like to sync reports made via the in-built Outlook reporting button to CultureAI, you can do this via your Microsoft integration in CultureAI.

If you haven't already enabled this, please click here to view our guide.

 

Good to know

  • Reported emails will show in the Triage section of your dashboard here
  • Emails reported via the Outlook reporting button may not have as much context as reports from the CultureAI button. You may find missing information, such as, Email Subjects, Email Previews, Attachments & Links. This is a limitation of Microsoft, and CultureAI is unable to improve upon this
  • Simulated Phishing email reports will still separate from non-simulated phishing emails. However, some may appear as potential reports in the triage section

Steps

  1. Login to your CultureAI admin account
  2. Click the settings cog at the top of your dashboard
  3. Click into the "Integrations" section
  4. Click into your Microsoft integration
  5. Click the "Outlook Reporting Integration" tab
  6. Toggle the setting to "On"
  7. Click "Save"

Once enabled, you may see a "Fix Permissions" button next to your integration. Click this, and you will be taken to the permissions confirm screen to re-confirm the permissions for CultureAI to Microsoft.

If you don't click this, your integration may stop working.

You may also need to set-up some extra settings in your MS defender, if you are having trouble getting your reports to sync, please try the below;

  1. Navigate to this page in Microsoft Defender https://security.microsoft.com/securitysettings/userSubmission

  2. Locate "Reported message destinations" section

  3. Set "Send reported messages to" to "Microsoft and my reporting mailbox"

  4. Specify said mailbox in the "Add an exchange online mailbox to send reported messages to" input

  5. Use an existing email inbox. You will not need to keep track of this inbox, but it will receive copies of all phishing reports of your users. It should look like the below;