Forward Email Configuration
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Forward Email Configuration

      Set up O365 to Forward Phishing Emails to Radiant Security

      Auto-forward O365 phishing emails to Radiant Security.

      Overview

      Radiant Security analyzes phishing emails reported by end users for malicious indicators. Each email is evaluated against a series of questions or actions that determine if an email is benign or malicious. 

      In order to analyze these emails, Radiant Security needs access to the original email reported by end users. We do this by forwarding emails from your dedicated in-house phishing mailbox to a mailbox on our side.  

      This guide will walk you through how to set up Microsoft O365 to automatically forward suspected phishing emails to Radiant Security for triage and investigation.

      Screen Shot 2022-03-15 at 4.25.56 PM(1)Prerequisites

      This configuration requires that you are an administrator of the O365 account.

      Configure Method for Reporting Phishing Emails

      There are two configuration requirements that are necessary to complete in order to enable the Report Phishing button so that an end user can submit a suspected phishing email: 

      Create a dedicated phishing mailbox

      Note: If your organization already has a phishing mailbox, skip to Enable Report Phish button.

      In this step, you will create a dedicated phishing mailbox for your organization.

      1. Log in to the Admin Exchange Center portal.
      2. From the menu, navigate to Recipients > Mailboxes.
        Screen Shot 2022-03-15 at 12.54.43 PM
      3. Click Add a shared mailbox.
        Screen Shot 2022-03-15 at 12.56.48 PM
      4. Fill in the details for the mailbox:
        1. Display Name: Phishing Mailbox
        2. Email address: Phishing
        3. Select Domain: <select your domain>
          Screen Shot 2022-03-15 at 12.58.43 PM
      5. Click Create to save the new mailbox.

      Enable auto-forwarding to Radiant Security

      Next, enable auto-forwarding O365 to automatically forward emails from your new dedicated phishing mailbox to Radiant Security. You can choose to do this in O365 client or in the Outlook application. Complete the following series of steps to enable auto-forwarding.

      Add Radiant Security as a Trusted Domain

      In this step, you will enable forwarding emails from your domain to our external domain.

      1. From the Exchange Admin Center menu, navigate to Mail flow > Remote domains.

      2. Click + Add Remote Domain.

      3. Fill in the details for the external domain

        1. Name: Radiant Security
        2. Domain: report.radiantsecurity.ai

      4. Click Next.

      5. On the Email reply types page, confirm that Allow automatic forwarding is enabled.

        Screen Shot 2022-03-15 at 1.29.14 PM
      6. Click Next to keep all default settings unchanged.
      7. Click Save to add the external domain.

      Add “Radiant Security Alerts” as a contact

      In this step, you’ll add Radiant Security as a contact so that we receive the forwarded phishing emails to a mailbox on our side.

      1. From the Exchange Admin Center menu, navigate to Recipients > Contacts.
      2. Click + Add a contact.
      3. Fill in the following contact details:
        • Contact type: Mail Contact
        • Display Name: Radiant Security Alerts
        • Email address: alerts@report.radiantsecurity.ai
      4. Click Add to save the new contact.

      Note: To complete the next step, you might have to allow some time for Microsoft to update your contacts. This may take anywhere from 1-15 minutes.

      Set up Auto-Forwarding

      In this step, you’ll configure O365 to automatically forward all suspected phishing emails to the new Radiant Security Alerts contact created in the previous step.

      1. From the Exchange Admin Center menu, navigate to Recipients > Mailboxes.
      2. Click the row to open the Phishing Mailbox created in the very first step.
      3. In the pop-out menu, click the Manage mail flow settings link.
        Screen Shot 2022-03-15 at 1.47.24 PM
      4. Next to Email Forwarding, click Edit.
        Screen Shot 2022-03-15 at 1.50.54 PM
      5. Click the toggle to enable Forward all emails sent to this mailbox.
      6. Set the forward address as the contact from the previous step: Radiant Security Alerts.
      7. Click Save.
      8. Return to the Manage mail flow settings page, then click Edit to change the Message Size Restrictions to the following values:
        1. Sent messages maximum size (KB): 153600
        2. Received messages maximum size (KB): 153600
          Screen Shot 2022-03-15 at 4.36.50 PM
          Screen Shot 2022-03-15 at 1.55.15 PM
      9. Click Save.

      Enable the Report Phishing button

      In this step, you’ll enable the O365 right-click action which allows a user to report suspected phishing emails to the dedicated phishing mailbox you created in the previous step. 

      1. Log in to Microsoft 365 Defender.
      2. From the menu, navigate to Policies & Rules > Threat policies > User reported message settings.
      3. Enable the toggle for Microsoft Outlook Report Message button.
      4. Select Microsoft and my organization's mailbox.
        Screen Shot 2022-03-15 at 1.10.25 PM
      5. From the drop-down, select the phishing@<your domain>.com mailbox that you created previously.
      6. Leave all default settings unchanged.
      7. Click Save.

      Allow forwarding to an external email

      1. From the Microsoft 365 Defender menu, navigate to Policies & rules > Threat policies > Anti-spam policies.
      2. Click + Create Policy and select Outbound.
        Screen Shot 2022-03-15 at 2.14.28 PM
      3. Fill in the details for Name your policy:
        1. Name: Forwarding alerts to Radiant Security
      4. Under Users, groups, and domains, enter the following:
        1. Users: Phishing Mailbox
          Screen Shot 2022-03-15 at 2.19.47 PM

      5. Under Protection settings, set the following rule:

        1. Automatic forwarding Rules: On - Forwarding is enabled
          Screen Shot 2022-03-15 at 2.19.34 PM

      6. Click Create to save the forward rule.

      Report a test email

      In this step, you’ll report an email in order to make sure the integration is working and also that there is organizational knowledge on how to report phishing emails end-to-end.

      1.   Log into a mailbox within your organization, generate a test message by sending an email to yourself, and then click on that email message.
      2.   Report the test message as Phishing
        1. In case you’ve configured the Report Phishing button, use it to easily report the test message as phishing
        2. In case you haven’t configured the Report Phishing button, click on the and then choose “Other reply actions” and then “Forward as attachment”; then just fill the To field with the dedicated phishing mailbox address within your organization and send
      		 Screenshot 2024-03-13 at 16.54.12

       
      3.   The email will take some minutes to show up on the Radiant Security UI.

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23