❗Admin permissions are required for the process below
🧾 1. Download the Manifest File
On the revel8 platform, open
Integrations→Outlook ReportingClick
Download Manifestto save the.xmlfile to your computer
Do not modify the file name
🏢 2. Install the Manifest in Microsoft 365 Admin Center
Start deploying a custom app
On the left side, open
Settings→Integrated appsSelect
Upload custom apps
Upload the Manifest File
Inside the “Deploy New App” wizard, choose:
App type: Office Add-in
Upload manifest file (.xml) from device
Click
Choose fileSelect the
.xmlfile downloaded from revel8Click
Next
Select Which Users Should Receive the Add-in
In the “Users” step:
Recommended for first installation:
Install only for your own admin account to test the functionality.After testing, you may redeploy it to:
A security group
All employees
Specific teams
Click
Next
Complete the Deployment
Review all settings
Click
Finish DeploymentYou will now see the add-in listed under “Deployed Apps”
⌛Propagation time:
Microsoft may take up to 72 hours to display the button in user mailboxes
In practice, it usually appears within 24 hours
“Status: OK” in the admin panel only means the deployment is configured, it does not confirm the user already sees it
🔗 3. Connect Your Microsoft Tenant to revel8
Return to the Integrations → Outlook Reporting page in the revel8 platform
Click
Connect to MicrosoftSign in with a Global Admin
Grant the required permissions
Once connected, revel8 will link reported emails from your tenant to your organisation
🔐 4. Microsoft Graph API Permissions Requested
When connecting your tenant in Step 3, revel8 requests the following Microsoft Graph API permissions. Each one is required for a specific function of the Reporting Button.
Identity & Authentication
Permission | Purpose |
| Reads basic profile information of the signed-in user |
| Access to standard profile data (name, display name) |
| Enables sign-in via OpenID Connect |
Mail Processing
Permission | Purpose |
| Reads and moves the reported email within the user's mailbox (e.g. to Junk or Deleted Items) |
| Same function for shared mailboxes (e.g. team inboxes) |
| Forwards the reported email to the customer-configured forwarding address (e.g. SOC mailbox - see Step 5 below). revel8 does not send emails to itself. |
| Same forwarding function from shared mailboxes |
Threat Intelligence
Permission | Purpose |
| Submits the reported email to Microsoft Defender for evaluation as a potential threat |
🔒 Data Privacy Note
All permissions are scoped strictly to processing the email that the user has actively reported via the Reporting Button. There is no automatic scanning or reading of mailboxes. Forwarded emails are only sent to the address you configure in Step 5 - revel8 never receives end-user mail content directly.
📤 5. Configure Forwarding for Real Suspicious Emails
Return to the Integrations → Outlook Reporting page in the revel8 platform
Within the the Forwarding Configuration section:
Enter where you want real (non-simulation) reports forwarded to:
SOC mailbox (e.g., [email protected])
Security distribution group
Ticketing/SIEM ingestion address
Save the configuration
This ensures:
Simulation emails → handled inside revel8
Real user-reported emails → forwarded to your SOC automatically
🔍 6. Verify the Installation
In Microsoft 365 Admin Center
Go back to Settings → Integrated Apps:
You should see Report email (revel8 assistant)
Status should show OK
In Outlook (After Propagation)
Users will eventually see the Reporting Button in the Outlook ribbon
