Skip to main content
Skip table of contents

PRB migration from REST API to Graph API

General information on the migration

As announced in November 2021, REST API will be fully decommissioned by Microsoft in November 2022 globally for all customers using Microsoft Exchange Online. 

This means we will be transitioning to Graph API, and we kindly ask all customers using Microsoft Exchange Online (Cloud, MS356) to switch from REST API to Graph API if possible, in order to continue providing the same functionalities of the Phishing Report Button.

From Microsoft: https://docs.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/use-outlook-rest-api

What is Graph API?

Graph API is a restful API that has been developed by Microsoft and is the new way to communicate with Microsoft 365 services. It works the same way as REST API but adds an additional layer of authentication and authorization. 

What does this mean?

  • This means that everything you can do as an application is based on the user interacting with the application. This gives more control in the hands of the user, Admin, and company. 

  • However, please note Graph API is only for MS365 users, and non-MS365 users cannot use Graph API

From Microsoft: https://docs.microsoft.com/en-us/graph/overview

Who needs to migrate to Graph API?

Exchange online (MS365) 

For every customer using the cloud solutions of Exchange Online in combination with a Microsoft 365 subscription it is highly recommended to change to Graph API by November 2022. The Phishing Report Button will no longer be able to render any email information with the REST API.   Alternatively, depending on your set up, customers can still fallback to EWS API if needed. However, this is not recommended as this will restrict the Phishing Report Button feature set. Please, check our updated Outlook client and server API compatibility matrix here to ensure you choose the proper API according to your set up.

Exchange On-Premises hybrid deployments

Customers using a hybrid configuration (Microsoft 365 + Exchange On-Premises) are able to use REST API until June 2023. After that, all REST API requests will be blocked by Microsoft, and we ask you to contact Microsoft for further steps on migration. 

Please find our updated Outlook client and server API compatibility here: Outlook client and server API compatibility of the Phishing Report Button

From Microsoft: Using the Outlook REST API (version 2.0):https://docs.microsoft.com/en-us/graph/hybrid-rest-support

Recommended: We strongly recommend customers to contact Microsoft support to correctly proceed and migrate according to their setup.

How to migrate the Phishing Report Button to Graph API?

Disclaimer: Before switching to Graph API please check for the compatibility of your system. For further questions please contact Microsoft support. 

Steps for migration:

  1. Download the new Graph manifest file from the Phishing Report Button settings of Manager. 

    • Phishing Report Button > Settings > Microsoft Outlook > Phishing Report Button Manifest

    • Select the correct manifest depending on your Azure environment. 

    • Download MS Outlook Manifest

  2. Update the Phishing Report Button with the Graph manifest file.

  3. During installation, permissions will have to be granted to the requested scopes of the Phishing Report Button application. We recommend that you grant permissions for all users ahead, otherwise each user will have to grant their permission separately after the update by entering their credentials. 

    • Please note: This does not work for mobile devices due to technical limitations by Microsoft. Mobile device users who experience issues authenticating will see a pop-up window with the Microsoft sign-in page where they will have to enter their credentials to authenticate themselves. This should only happen once.  

  4. After installation of the Graph manifest, we recommend waiting 24 hours until the update is deployed to every tenant user. 

  5. Lastly, activate the Graph API in the Manager under Phishing Report Button settings. 

    • Phishing Report Button > Settings > Microsoft Outlook > Microsoft API > Interfaces

Will this change anything for end users?

Nothing will change for end users. 

Once the transition to Graph API is done, users should not notice a difference in the usage of the Phishing Report Button as the user flow and functionality will remain the same.

Will the Phishing simulation have to be paused?

Throughout the migration process, the Phishing simulation does not have to be paused as switching to Graph API only takes a matter of minutes.

Will EWS and REST API still be supported?

Yes, the Phishing Report Button will continue to support EWS and REST API.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.