Phishing Report Button Compatibility Matrix
You’re viewing the documentation for the new Beta version of the Phishing Report Button. Feel free to take a look! Consult the regular PRB documentation if you need help with the non-Beta version.
Below is a detailed breakdown of the Phishing Report Button’s compatibility for primary and shared inboxes in Outlook.
Primary inboxes compatibility matrix
The Phishing Report Button uses Exchange Web Services (EWS) or the Outlook Graph API to retrieve data from the user’s mailbox. The following sections state the availability of the APIs for all supported Exchange server/Outlook client combinations and their effect on how reported email are forwarded.
Please note: For all Exchange Online environments (including hybrid deployments) we can only support Graph API and for all Exchange On-Premise servers we can only support EWS.
Using Exchange on premise and EWS: EWS must be enabled and must be exposed to the Internet. This Microsoft requirement is further explained here.
Windows
Windows Outlook clients | ||||
MS 365 | Outlook 2021 | Outlook | ||
Server | Exchange Online (cloud) | Graph | Graph | Graph3 |
Exchange hybrid1 | Graph | Graph | Graph3 | |
Exchange on-premise | EWS | EWS | EWS | |
MacOS
MacOS Outlook clients | |||
Office on Mac (classic UI) | Office on Mac (new UI) | ||
Server | Exchange Online (cloud) | Graph | Graph |
Exchange hybrid1 | Graph | Graph | |
Exchange on-premise | EWS | EWS | |
Other
Outlook clients | ||||||
Android | iOS | Web Browser | Mobile browser | |||
Exchange Online | Exchange on-premise | |||||
Server | Exchange Online (cloud) | Graph | Graph | Graph | Not supported | Not supported |
Exchange hybrid1 | Graph | Graph | Graph | Not supported | Not supported | |
Exchange on-premise | Not supported | Not supported | Not supported | EWS | Not supported | |
Differences in the email report via EWS and Graph
It is important to understand the impact using EWS vs Graph has on the format in which reported emails are forwarded to the inbox you specify. Email reports can be provided as an .eml file or in a more parsed file format called “split mode”. Depending on the available API and the chosen configuration, the two formats will be appear differently as shown below.
.eml mode |
|
|
Split mode |
|
|
1 Connected to Exchange Online (hybrid deployment, Mailboxes synced or managed by Microsoft)
2 If the email contains attachments
3 Please note: In Outlook 2013–2019, when users open the Phishing Report button for the first time, they’ll be prompted via a pop-up to sign in to their email - this only needs to be done once. For all future uses, the same pop-up will still appear but users will be automatically signed in within a few seconds. This behaviour is due Outlook 2013–2019 not supporting Microsoft Single Sign-On (SSO).
Shared Inboxes compatibility matrix
The vast majority of email inboxes are so-called primary inboxes. They are used by a single person only as their primary inbox. However, there are some exceptions. This article explains Phishing Report Button compatibility within Outlook in these 2 scenarios:
Shared inboxes: These are inboxes that can be accessed by multiple people and are usually not associated with a single person. This is often used for teams or departments so that there is a single point of contact. Think
support@company.com, for instance.Shared folders / delegated access: In this scenario, a user might share access to their primary, individual inbox or a folder of their inbox with someone else (a “delegate”)
The Phishing Report Button can work in both scenarios, but technical limitations within Outlook limit compatibility based on your organization’s specific environment.
Microsoft offers no way for the Phishing Report Button add-in to determine the environment it is operating in, so you will have to verify this yourself.
Server environment | Mailbox access | Graph API | REST API | EWS | Notes |
|---|---|---|---|---|---|
Microsoft 365 (Cloud) | primary mailbox | ✅ | ❌ | ❌ | Graph is the only modern, supported API. REST & EWS are deprecated. |
Microsoft 365 (Cloud) | delegated access | ✅ | ❌ | ❌ | Graph is the only modern, supported API. REST & EWS are deprecated. |
Microsoft 365 (Cloud) | shared mailbox | ✅ | ❌ | ❌ | Supported and works seamlessly with the correct access token. |
On-premise Exchange (2016+) | primary mailbox | ❌ | ✅ | ✅ | Both can be used, but REST is the more modern choice. |
On-premise Exchange (2016+) | delegated access | ❌ | ✅ | ✅ | Both can be used, but REST is the more modern choice. |
On-premise Exchange (2016+) | shared mailbox | ❌ | ✅ | ❌ | REST is the only supported api due to authentication context (see Details below) |
EWS support is limited to on-premise Exchange environments and does not work properly with shared mailboxes. The reason for this is the Office JavaScript API (Office.js), which is provided by Microsoft and enables the Phishing Report Button to communicate with Outlook. Although it can authenticate the user correctly, it has no mechanism for recognizing that the user is working in the context of a shared mailbox rather than their primary inbox. It will therefore misinterpret all access attempts.
Helpful links
Microsoft - Implement shared folders and shared mailbox scenarios in an Outlook add-in