This document show how you can install the SoSafe Phishing Report Button add-in for Outlook if you use Microsoft 365.  

Using the Phishing Report Button, all your employees can report suspicious emails as phishing attempts in their Outlook mail program. If the reported email was one of our phishing simulations, the user receives a message, that he successfully detected our phishing attempt. If the reported email is not from us, the case will be automatically forwarded to the IT department for examination. The forwarding address can be chosen freely. If you have any questions, please contact us at any time. 


One of the following servers is required:

  • Microsoft 365 for Business / Microsoft 365 for Education
  • Exchange Server 2016 (only Hybrid), Version 15.1.544.27 (CU3) or later version

Furthermore, you should have received a manifest file in XML-format (sosafe-manifest.xml), which is needed for the installation. If not, you can download it yourself in the SoSafe Manager via: "Settings > Phishing Report Button > Microsoft Outlook".

The centralized deployment of add-ins should be enabled(

After the installation is complete the button can be used in the following mail clients: 

  • Microsoft 365 Outlook Web Access (OWA)
  • Outlook for Office MSO
  • Outlook 2016 for Windows (only in Click-to-Run installation)
  • Outlook 2016 for Mac
  • Outlook for iOS
  • Outlook for Android


Step 1

Log on to your admin center and click on “Admin”.

Step 2

Click on “Show all” on the left sidebar and select “Settings” (1) and then “Integrated Apps” (2).


Step 3

Click on “Upload custom apps”.

Step 4

Select the option "Upload manifest file (.xml) from device." (1) and click on "Choose File" (2).

That will open a window, where you select the provided manifest file in the .XML-format (sosafe-manifest.xml). Then press “Open”.

Step 5

The name of the manifest file should be visible next to the "browse" button. Press "Next". The manifest file will be processed quickly.

Step 6

The option “Entire organization” should be selected. Click on “Next”.

Step 7

You should now receive the following message:

Click on “Next” and in the following window on “Finish deployment”. Wait till the installation is completed and click "Done". 

Note: After the aforementioned steps, the add-in will be provided within the next 24 hours. It is best to log off right away from your Microsoft Online Account and log back on. Check if you can find the add-in as mentioned below. Should that not be the case, check again after 24 hours.   

The Add-In Sosafe Phishing-Reporting should be visible in the overview “Integrated Apps” (c.f. Installation, Step 3):



If you do not want to use the button anymore, you can uninstall it with three easy steps. 

Step 1

Open the overview “Integrated Apps” (c.f. Installation, Step 3). Press on the add-in “SoSafe Phishing-Reporting”.

Step 2

A new window will open. There click on "Remove app”.

Step 3

Click on “Yes, I'm sure I want to remove the app and associated data” (1) and afterwards on "Remove" (2).