How to Enable and Configure Phish Alert Button (PAB) in Outlook

Posted on by Summa Lai

Before you install the PAB, you will need to enable and configure the PAB in your Account Settings. To enable and configure the PAB, follow the steps below.

  1. Log in to your KnowBe4 console and navigate to your Account Settings screen. This screen will look different depending on your account version.
  • Free Version: If you have a free account, log in to your console and click the Get Started button. When you click, you will be taken to the Phish Alert Enabled screen. Skip to Step 3 for further instructions.
  • Paid Version: If you have a paid account, log in to your console and click on your email address in the top-right corner of the screen. Then, select Account Settings.
  1. Navigate to Account Integrations > Phish Alert.
  2. Select the Enable Phish Alert checkbox.
  3. Click the green Add Phish Alert Instance button.
    Note: If you have already enabled and configured one PAB instance, a pop-up window will ask you to confirm if you want to create a new instance. For more information about setting up multiple instances, see our How to Set Up Multiple Phish Alert Button Instances article.
  4. Configure your PAB by filling out the fields in your Account Settings. For information about these fields, see below:  
  1. Enable Phish Alert: Select this check box if you want to enable Phish Alert Button for your account. If you deploy the PAB in your organization but you don’t select this check box, your organization’s PAB reports will not be recorded.
  2. Icon: Upload your own custom icon for the Phish Alert Button. If you do not upload a custom icon, the default PAB icon will be used. To learn more about the image requirements for the icon, see our article on How to Change the Phish Alert Button (PAB) Icon article.
    If you have previously installed the Phish Alert Button and this is your first time adding a custom icon, you will need to reinstall the PAB for the change to occur.
  3. License Key: Use the license key to install the Phish Alert Button on your workstations. If you are using Google Apps with the Google Workspace Chrome extension, your license key is automatically built into your config .json file.Note: A 2-digit environment indicator is included at the beginning of the PAB license key, to specify which environment the license key is from (US, EU, CA, etc.). The environment indicator is not available for the PAB for Outlook or HCL Domino (Lotus).
  4. Limit CRID Validation: Enable this setting to allow a reported email with any Campaign Recipient ID (CRID) header to be classified as a simulated phishing email. When this option is not selected, the PAB uses CRID validation to detect whether or not an email that is marked with a training header is a simulated phishing email. If an email has a valid CRID and is reported for the first time within the past hour from the same account where the PAB was installed, it will be treated as a simulated phishing email. A simulated phishing email will be deleted and only shown as reported in the KMSAT console instead of being forwarded to PhishER. The PAB for HCL Domino (Lotus) does not use CRID validation.Note: Enabling this setting is not recommended. However, you can enable this setting if CRID validation is causing simulated phishing emails to be reported as non-simulated phishing emails.
  5. Send Non-Simulated Emails to: If a user reports a non-simulated email, you can send a copy of this email to specific users in your organization. To send these users a copy of these emails, enter the users’ email addresses in this field. Email addresses must be separated by commas. Any simulated emails will not be forwarded.
  6. Add PhishER Email Address: Click this button to add the first reporting email address from your PhishER account in the Send Non-Simulated Emails to: field.Note: If you set up an account with PhishER already enabled, the reporting email address will be automatically entered in the field. If you would like to remove this email address from the list, click the Remove PhishER Email Addresses button.
  7. Send Us a Copy: Enable this setting to send a copy of reported non-simulated phishing emails to KnowBe4 analysis. This email will include the original email header. We can use these emails to create phishing templates to use in future simulated phishing attacks. To learn more about sharing emails with us, see our Sharing Reported Phishing Emails with KnowBe4 with the Phish Alert Button (PAB) article.
  8. Email Format (Hybrid PAB Only): Select how forwarded emails from the PAB should be formatted.
  9. Autofill Phishing Languages with PAB Locale (Hybrid PAB Only): If you enable this setting, the PAB will autofill your users’ profiles with their preferred phishing languages if that field is blank. For more information on how to set individual user languages, see our Localization Guide.
  10. Enable Email Forwarding (Hybrid PAB Only): If you enable this setting, you will be able to forward emails to services that require email forwarding, such as Proofpoint. Enter the additional forwarding email address(es) in the Send Non-Simulated Emails to: field, and change the Email Format setting to .MSG.
  11. Exclude original body text from reported emails (Hybrid PAB Only): Select this check box to exclude the body text in the copy of reported emails. The original body text will only be included in the attached EML or MSG file.
  12. Enable Microsoft 365 Defender Integration: Select this check box if you would like to send a copy of reported emails to Microsoft’s Submissions page. For more information, see our How to Integrate Microsoft Defender for Office 365 with the Phish Alert Button (PAB)Note: If you enable this setting but don’t enable the Allow users to leave comments and disposition setting, your users can only select the Phishing/Suspicious or Spam/Junk  disposition for reported emails.
  13. Enable Automatic PAB Activation (Gmail Add-on PAB Only): Select this check box to enable automatic activation for the Gmail Add-on PAB. For more information, see our Using Automatic Activation for the Gmail Add-on Phish Alert Button (PAB) article.
  14. Add the reported message’s headers to the forwarded message’s body (Exchange version of the Office Add-in PAB only): Select this check box to include the headers of the reported message in the body of the forwarded message.
  15. Allow users to leave comments and disposition: Enable this setting to allow your users to add comments and decide the disposition of an email when they use the PAB. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.
  16. Disable Unknown Email Disposition: Select this check box if you would like to exclude the Unknown disposition from options your users can choose when they use the PAB.
  17. Send Dispositioned Emails to: Enter the additional forwarding email addresses based on the reported email’s disposition in the disposition fields below. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.
  18. Forwarded Email Prefix: This prefix will be added before the original subject line when a non-simulated phishing email is forwarded to the recipients you set in the Send Non-Simulated Emails to: field.
  19. Confirmation Message: This message will be displayed to users after they click the Phish Alert Button. By default, this message asks the user to confirm whether or not they want to report the email. This field has a maximum of 255 characters.
  20. Show a response when the user reports a non-simulated phishing email: If you enable this setting, the user will see this message when they report a non-simulated phishing email. This field has a maximum of 469 characters for the Client PAB and 500 characters for the Server PAB.
  21. Show a response when the user reports a phishing security test email (Paid Only): If you enable this setting, the user will see this message when they report a simulated phishing email. This field has a maximum of 469 characters for the Client PAB and 500 characters for the Server PAB.
  22. Response Duration __ seconds: Set the length of time the email response messages appear on the screen. The maximum duration is 60 seconds.
  23. Button Text: This is the text that will appear on the Phish Alert Button in the user’s email client.
  24. Button Group Text: This is the text will appear under the Phish Alert Button in the user’s email client.
  25. Add Language: Click this button to add additional languages to your Phish Alert Button instances. This feature is only compatible with specific versions of the PAB. To see if your version of the PAB is compatible with the additional languages feature, see our Adding Languages to the Phish Alert Button article.
  26. Save Phish Alert Settings: Click this button to save any changes made to your Phish Alert Button settings.
  27. Outlook PAB installer for Windows: Download this PhishAlertButtonSetup.exe installation file to download the latest version of the PAB for Microsoft Outlook.
  28. PAB manifest for Microsoft products: Download this manifest file to install the PAB for Microsoft 365 or Microsoft Exchange.
  29. Chrome Extension PAB config file: Download this is the config file to install the PAB for Google Workspace.
  30. Send Gmail PAB Add-on Magic Mail: Click this button to send activation emails to your users using Magic Mail. For more information, see the Sending Activation Emails Using Magic Mail section of our Gmail Phish Alert Button (PAB) Add-on Product Manual.Note: All settings, except Enable Phish Alert and Send Non-Simulated Emails to:, will be applied to the mail client once it has restarted. The updated settings for the Send Non-Simulated Emails to: option will be applied once a user clicks the PAB to report an email.

Ref: Phish Alert Button (PAB) Product Manual – Knowledge Base (knowbe4.com)