HacWare’s Phish Reporter Seamlessly Integrates with Microsoft’s Native Reporting Tools

In this post, we'll walk through how the HacWare Phish Reporter works alongside Microsoft’s built-in phishing reporting tools, why this is a game-changer for Microsoft and HacWare users, and how to ensure it's enabled in your environment.

Integration with Microsoft’s Native Phish Reporting

HacWare now integrates directly with Microsoft’s User Reported Submissions feature.

This means that when a user clicks the HacWare Phish Reporter button:

• The message is logged in HacWare’s simulation reporting system if it's a simulated email.

• The message is forwarded to Microsoft's security backend for further investigation, response, and threat sharing.

• The message appears in Microsoft 365 Defender's User Reported Submissions for security team review.

• The message is forwarded to the Phish security contact listed in HacWare.

  
  

This tight integration enables an all-in-one reporting pipeline. It gives security teams visibility into both real and simulated threat reports without requiring separate tools or duplicate workflows.

Why This Is a Win for Microsoft Users and HacWare Customers

Here’s why this integration matters:

For Microsoft Security Teams:

• Faster Response: Emails reported via HacWare automatically show up in Microsoft 365 Defender, reducing time to action.

• Centralized Submissions: Real and simulated reports are accessible from the Investigation & Response → Submissions → User Reported Submissions panel.

• Threat Sharing: Real threats reported through HacWare contribute to Microsoft’s global threat intelligence.

For HacWare Simulation Admins:

• Simplified Training: No need to differentiate tools for real vs. simulated phishing.

• Better Metrics: Capture accurate reporting behavior without sacrificing integration.

• All-in-One Experience: Users don’t have to remember different steps or buttons depending on the email type.

Check a brief video about how this solution will work for you.

Already Enabled for New Users

If you’ve onboarded to HacWare after May 15, 2025, this integration is automatically enabled. No further action is needed!

How Existing Users (Before May 15, 2025) Can Enable It

To enable Microsoft Native Reporting integration:

1. Go to your HacWare Dashboard

2. Select Manage → Licenses

3. Click the “Sync with Microsoft” button

4. Complete the Microsoft approval process

That’s it! Once approved, your users’ reported emails will start syncing with Microsoft automatically.

How to Configure User-Reported Alerts in Microsoft 365

To ensure emails reported by users are routed correctly:

1. Go to Microsoft 365 Defender Admin Center

2. Navigate to:Settings → Email & Collaboration → User Reported Settings

3. In the Reported message destinations section, add one or more Exchange Online mailboxes to the field:"Add an exchange online mailbox to send reported messages to"

This ensures reported messages are stored where your SOC or security team can access them.

Where to See User-Reported Submissions in Microsoft

To view reported phishing messages:

1. Go to Microsoft 365 Defender

2. Navigate to:Investigation & Response → Actions & Submissions → Submissions → User Reported Submissions

Here, your team can see emails flagged by users using the HacWare Phish Reporter—giving you full visibility into user-driven threat detection.

Final Thoughts

The HacWare + Microsoft Phishing Report integration creates a seamless, intelligent feedback loop that helps reduce dwell time, improve training efficacy, and boost incident response.

By uniting phishing simulation data with real-time user reports inside Microsoft 365, you're not just training users—you're turning them into your first line of defense.

Want help getting set up? Reach out to the HacWare support team or check your admin dashboard today.