< All Topics

How to configure Office 365’s ‘Report Phishing’ add-in for Outlook to use Suspicious Email Reporting Service (SERS)

This guidance describes how to configure the Office 365 ‘Report Phishing’ add-in for Outlook, so that users can report suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS).

This guidance is aimed at system owners responsible for administering Office 365 within organisations. Once configured, users can quickly report emails that they suspect to be phishing attempts, using a single mouse-click.


The Report Phishing add-in is only available to corporate or business versions of O365. The add-in is not currently available to Office 365 users with home or student licences.

Installing the Office 365 ‘Report Phishing’ add-in

Your organisation must be willing to accept Microsoft’s terms of use before installing the Report Phishing add-in.

  1. Go to the Microsoft AppSource and search for the Report Phishing add-in.
  2. Click the Get it now button.
  3. Follow the instructions to complete the installation.


It could take up to 12 hours for the add-in to appear in your organisation. Once it does, you can configure it to include the SERS service.

Including the NCSC’s SERS in the Report Phishing add-in

  1. Log into the Microsoft 365 Admin Center.
  2. Navigate to the Exchange Admin Center.
  3. From here navigate to Mail Flow -> Rules.
  4. Click the Create New Rule button.
    A ‘New Rule’ window is displayed.
  5. Enter a name for your rule Report Phishing to SERS.
  6. Set Apply this rule if to The recipient is phish@office365.microsoft.com
    If you want to see what emails your users are reporting, you can also enter the email address of an email account you manage.
  7. Set Do the following to Bcc the message to report@phishing.gov.uk
    The rule should look as follows.
    How the Outlook rule should look when setting up
  8. Click the Save button.
    The rule is added. All emails flagged using the Report Phishing button will be routed to the NCSC’s SERS.

You may also be interested in this article: