Appendix L: Outlook Add-In

The Outlook Add-In enhances user security awareness and actionability by integrating protection features directly into the Outlook application. The add-in supports the following primary use cases:

Misdirected Email Prevention

Identifies and alerts users to potential mistakes when sending emails, such as typos in recipient addresses, lookalike domains, or unauthorized external recipients. See Configuring Misdirected Email Prevention.

Misdirected Email Prevention requires a DLP license (either the DLP add-on or the Complete Package).
Report Phishing

Enables users to report suspicious emails directly from Outlook, contributing to faster threat detection and response. See Check Point Report Phishing Button.
Email Security Portal Access

Allows authorized users to quickly access the Email Security Administrator Portal to manage quarantined emails and submit restore requests directly from their inbox. See Accessing the Email Security Portal from Outlook.

Outlook Add-In Permissions

Microsoft may display the following permission requests when users sign in to the Email Security Outlook Add-In:

Maintain access to data you have given it access to
View users’ basic profile

The Email Security Outlook Add-In requires only delegated Microsoft identity / OpenID Connect permissions for user authentication and session continuity.

Required Permissions

The Outlook Add-In requires the following scopes:

Scope	Microsoft Permission Display	Purpose
offline_access	Maintain access to data you have given it access to	Used only to maintain the authenticated user session and enable sign-in continuity. This scope does not grant additional access to mailbox data or contacts.
profile	View users’ basic profile	Used only to retrieve basic identity information required for user authentication and the sign-in process.

Permissions Not Required

The Outlook Add-In does not require any Microsoft Graph application permissions and does not request or require permissions such as:

Mail.Read
Contacts.Read
User.Read.All

Configuring the Outlook Add-In

00:03: This tutorial demonstrates how to configure the Outlook Add-in in the Email Security

00:07: Administrator portal.

00:10: Log in to Check Point Portal and access the Email Security Administration Portal.

00:16: From the left navigation panel, click User Interaction and then click Misdirected Emails. The portal shows all the supported on-screen warnings for misdirected emails.

00:27: To configure the Outlook Add-in, click Add-In Configuration.

00:31: The "Outlook Add-In Configuration" pop-up appears. In the Add-In name field, enter a name for the add-in. This appears as the name of the add-in in the Outlook application. To use the default name of the add-in, click "Default Label".

00:44: In the "Select Outlook version" section, select your Outlook version.

00:49: To enable on-screen warnings before sending an email, when a misdirected recipient is detected select the misdirected. Recipients checkbox.

00:57: To show checkpoint branding in the warning dialogue. Enable the display powered by checkpoint, toggle to allow users to bypass the warning if needed enable, the allow and users to ignore warnings tog.

01:10: To add a "Report Phishing" button to the Outlook ribbon, select the "Report Phishing" checkbox. In the "Label Name" field, enter a name for the button. This appears as the name of the button in the Outlook application.

01:23: To add a button that opens the End User Portal directly from Outlook, select the Email security portal checkbox. It allows users to manage quarantined emails and restore requests without re-authentication.

01:36: Now, that the add-in configuration is complete, you must download these configuration settings XML file and upload it to Microsoft 365 Admin Center. To do that, click "Save and Download .xml" and then upload the xml file to the Microsoft 365 Admin Center to deploy the add-in.

01:55: Select the notifications that you want the users to be alerted about.

01:59: When the maximum number of alerts is reached, based on the prioritized list, the system displays only the highest priority alerts to users. To configure this setting, select the required number from the "Max alerts shown to end users" dropdown and click "Save Changes".

02:15: Once the Outlook add-in is deployed, it performs real-time checks with the user actions such as Send, Reply, Reply All, and Forward. When a potential risk is detected, the system displays an on-screen warning to the user before the email is sent.

02:30: Thank You for Watching.

This section explains how to configure and deploy the Outlook Add-In for your organization.

Configuring the Outlook Add-In consists of two main steps:

Generating the Add-In XML
Deploying the Outlook Add-In through Microsoft 365 Admin Center

Generating the Add-In XML

Administrators can configure the Outlook Add-In from the User Interaction settings in the Email Security Administrator Portal. These settings allow administrators to enable features, customize labels, and define end-user interaction preferences.

To generate the Add-In XML:

Access the Email Security Administrator Portal.
From the left navigation panel, go to User Interaction > Misdirected Emails.
In the Misdirected Emails page, click Add-In Configuration.

In the Outlook Add-In Configuration pop-up that appears, configure the following settings.

In the Add-In name field, enter a name for the add-in. This appears as the name of the add-in in the Outlook application. To use the default name of the add-in, click Default Label.

In the Select Outlook version section, select your Outlook version.

New Outlook

Classic Outlook

Notes:

By default, the New Outlook option is selected.
The Outlook Add-In is supported in the following Classic Outlook versions.
- macOS: 16.104
- Windows Admin Center: 2511

Configure the Add-In features section:

To enable on-screen warnings before sending an email when a misdirected recipient is detected, select the Misdirected recipients checkbox.

Note - The Misdirected recipients checkbox is not available on mobile devices.

To show Check Point branding in the warning dialog, enable the Display ‘Powered by Check Point’ toggle.

To allow users to bypass the warning if needed, enable the Allow end users to ignore warnings toggle.

Note - The Display ‘Powered by Check Point’ and Allow end users to ignore warnings toggles are not available on mobile devices.

To add a Report Phishing button to the Outlook ribbon, select the Report Phishing checkbox.
- In the Label Name field, enter a name for the button. This appears as the name of the button in the Outlook application. To use the default name of the button, click Default Label.
To add a button that opens the Email Security Portal directly from Outlook, select the Email Security portal checkbox. It allows users to manage quarantined emails and restore requests without re-authentication.
- In the Label Name field, enter a name for the button. This appears as the name of the button in the Outlook application. To use the default name of the button, click Default Label.
Click Save & Download .xml to download the add-in configuration file.

Deploying the Outlook Add-In through Microsoft 365 Admin Center

After configuring the Outlook Add-In and downloading the .xml configuration file. Upload it to the Microsoft 365 Admin Center to deploy or update the add-in for your users.

For more information, see Deploy Add-Ins in the Microsoft 365 Admin Center.

Notes:

Any configuration change requires downloading and re-uploading the updated xml file to the Microsoft 365 Admin Center for the changes to take effect.
The Outlook Add-In may appear up to 72 hours after installation.

Outlook Add-In - Supported Outlook Types and Platform

Use Case	Desktop Outlook	Mobile Outlook	Modern Outlook	Classic Outlook
Misdirected Emails	Yes	No	Yes	No
Report Phishing Button	Yes	Yes	Yes	Yes
End User Portal Access	Yes	Yes	Yes	Yes