API & Integrations - KnowBe4 Outlook End User Reporting

This article provides steps on how to forward KnowBe4 non-simulated email reports from End Users to Mimecast, by utilizing the KnowBe4 Phish Alert Button.

Prerequisites

• Mimecast Email Incident Response (MEIR) is enabled on your account.
• You have a Mimecast Basic Administrator role, or higher.
• You have a Microsoft 365 Administrator role.
• You have a KnowBe4 Administrator role.

• Configured Outlook End-User Reporting, to create the SecOps Mailbox, and have made a note of the mailbox, e.g. Mimecast-End-User-Reporting@domain.onmicrosoft.com
• Verified that Microsoft 365 Defender Integration for KnowBe4 has been fully configured.

Configuring KnowBe4 Phish Alert Button to Forward using Microsoft 365 Defender Integration 

You can configure KnowBe4 Phish Alert button to forward using the Microsoft 365 Defender integration, by using the following steps:

1. Log in to the KnowBe4 Console.
2. Navigate to Account Settings | Account Integration | Phish Alert.
3. Under Microsoft 365 Defender Integration, add the SecOps Mailbox from Outlook End-User Reporting to Submit Reported Emails to.
   
4. Click on Save Phish Alert Settings.

Configuring KnowBe4 Phish Alert Button to Forward Non-Simulated Reports

You can configure KnowBe4 Phish Alert button, to forward non-simulated reports, by using the following steps:

1. Log in to the KnowBe4 Console.
2. Navigate to Account Settings | Account Integration | Phish Alert.
3. Add the SecOps Mailbox from Outlook End-User Reporting to Send Non-Simulated Emails to:
    
4. Optionally, toggle Save a copy of reported emails, if you would like KnowBe4 to save a copy of reported emails in the Sent folder of the End User who reported them.
5. Under Languages, select your default language, and change Forwarded Email Prefix to Phishing: or Junk:   
    
6. Click on Save Phish Alert Settings.

Considerations

• KnowBe4 simulated email reports will not be sent to Mimecast.
• Steps are dependent on KnowBe4 Phish Alert settings to provide the option to forward non-simulated reports to an email address.
• Outlook End User Reporting will change User Report Settings in Microsoft Defender, to point to the Mimecast SecOps mailbox created.
• Microsoft API integration for Mimecast’s Outlook End User Reporting may be subject to Microsoft Graph service throttling & limitations.
• Microsoft integrated app deployment completion time will vary per tenant.

See Also...

• End User Applications - Configuring Outlook End-User Reporting
• MEIR Knowledge Hub
• KnowBe4 Microsoft Phish Alert Button Manual