Empower every employee. Protect the whole organization.
Phishing is the entry point for most breaches. Users who spot a suspicious email need a fast, no-excuses way to report it — and your security team needs those reports in a structured form they can actually analyze.The Lavawall® Phishing Reporter adds a Report Phishing button right inside Outlook, exactly where users already work.
One click. No decisions to make. No cryptic instructions. No risky forwarding. No losing the original headers.
- Works in classic Outlook, new Outlook, Outlook on the web, Outlook for Mac, Outlook for iOS, and Outlook for Android.
- Deployed centrally by an admin — users don’t install anything themselves.
- Reports include the full message source, headers, links, and attachments so your analysts have everything they need.
- Every report feeds the Lavawall® reputation system to help you spot campaigns and repeat offenders.
- Admin dashboard with reports, domain reputation, statistics, and tunable settings.
Give your security team everything they need to respond fast — with the original email preserved exactly as the user received it, complete with headers, attachments, and embedded links.
Give your users the confidence that they’ve done the right thing, without having to second-guess themselves.
Security first
Lavawall® brings you enterprise-grade phishing intake without compromising user or tenant security. We designed the add-in from the ground up to minimize attack surface and maximize auditability. Some of the controls we’ve implemented include:
- No storage of mailbox credentials — the add-in uses Microsoft’s native Office.js permissions, not password or token access to your mailbox
- Read-only access to the message being reported; the add-in never reads unrelated mail
- Reports transmitted over TLS 1.2+ directly to your tenant’s Lavawall console
- No third-party tracking, pixels, or analytics in the taskpane
- Per-tenant data isolation — one organization’s reports are never visible to another
- Granular role-based access to the admin dashboard
- Full audit trail of who reported what, when, and the disposition of every report
- Deployable via Microsoft 365 centralized deployment or the Integrated Apps portal
- Optional SSO via Microsoft Entra ID for the admin console
The taskpane is lightweight and explicit about what it’s doing — no surprises for the user.
Configure reporter behaviour and messaging per company from the admin console.
Full-fidelity intake — so your analysts have everything they need
Forwarded phishing emails lose critical forensic information — headers get rewritten, attachments get stripped, and the chain of custody is broken.
The Phishing Reporter captures the full original message (.eml-style fidelity) including every header, link, and attachment exactly as the user received it.
Your analysts see what the user saw, not what Outlook’s forwarding engine decided to include.
Every reported sender domain is scored and tracked over time. Repeat offenders, newly-registered domains, and typosquats bubble to the top of your reputation view.
Click any domain to see every report, every recipient, and every observed indicator in one place.
Works everywhere your users read email
The add-in is certified for every modern Outlook surface. Deploy once and it appears on every client your staff use — no per-device install, no manual updates.
- Outlook on Windows (classic and new)
- Outlook on Mac
- Outlook on the web
- Outlook for iOS
- Outlook for Android
Updates to the add-in are pushed automatically through Microsoft’s add-in infrastructure — no client-side deployment needed when we ship new features or fixes.
Admin dashboard built for security teams
Every report lands in a single pane of glass with the context your team needs to triage.
Filter by reporter, sender, domain, date, disposition, or free-text search.
Drill from a report into the domain reputation, the reporter’s history, and the full raw message.
Easy to deploy — no client software
The add-in is deployed to all your users at once through Microsoft 365’s built-in centralized deployment.
Paste the manifest URL into the M365 admin center, assign to your entire organization, and the button appears in Outlook within 24 hours.
No MSIs. No Group Policy. No user action required.
Multi-tenant — built for MSPs
Every Lavawall® tenant gets its own isolated reporting pipeline, admin console, and reputation database.
MSPs can manage phishing reporting across every client from a single Lavawall® account, while keeping each client’s data, users, and configuration strictly separated.
The same multi-tenant architecture that powers our remote support, threat hunting, and compliance tools extends to the Phishing Reporter — no separate deployment per client, no data leaking between tenants.
What’s included
Every deployment of the Lavawall® Phishing Reporter ships with:
- The Outlook add-in (Windows, Mac, web, iOS, Android)
- Central admin console with reports, reputation, settings, and setup tabs
- Structured report intake with full message fidelity
- Domain reputation scoring and historical tracking
- Per-report audit trail and disposition tracking
- Microsoft 365 centralized deployment support
- Microsoft Entra ID SSO for the admin console
- Email notifications for new reports (configurable)
- Role-based access control for the admin dashboard
Support
We’re here to help. If you’re evaluating the Phishing Reporter, deploying it for the first time, or running into issues after rollout, reach out through any of the following:
- Email and web form: contact.php — typical response within one business day
- Phone (Alberta): 1-403-538-5053
- Phone (British Columbia): 1-778-731-1339
- Phone (Ontario): 1-289-724-8829
- Phone (United States): 1-406-988-7333
When contacting us about a deployment issue, please have the following ready if possible:
- Your tenant’s Microsoft 365 domain (for example,
contoso.onmicrosoft.com) - The error message or correlation ID from the admin center, if any
- Screenshots of the problem (optional but helpful)
Common questions
Does the add-in read all my email?
No. The add-in uses Microsoft’s native Office.js permissions to read only the message the user is currently viewing when they click Report Phishing. It has no access to your mailbox otherwise, no access to other users’ mail, and no background activity.
Do the reports leave my Microsoft 365 tenant?
The reports are transmitted over TLS 1.2+ to your dedicated Lavawall® console. Your tenant’s data is stored in your tenant’s region and is never accessible by other Lavawall® customers.
Does it work with shared mailboxes?
Yes. Any mailbox that supports Outlook add-ins (which includes all standard user mailboxes and most shared mailboxes in Exchange Online) can use the reporter.
How long does deployment take to reach users?
Microsoft propagates add-in deployments within 12–24 hours for most tenants. Individual users can pick up the add-in sooner by restarting Outlook.
Can I customize the button name or colour?
Yes. MSPs and larger organizations can request co-branded variants with their own button label, tooltip, and confirmation messaging. Contact us for details.
What happens to the reported email in the user’s mailbox?
By default, the reported message is moved to a folder you configure (for example, Reported Phishing) or left in place — your choice, per tenant. We never permanently delete user mail.
If you have any questions or need further assistance, feel free to reach out through our chat, phone, or email on our contact page!