We recommend that you test the Phish Alert Button before full deployment to your end users. This can be achieved by sideloading the Phish Alert Button into Outlook for testing. This will make the add-in available to any Outlook client (desktop, web and mobile) logged in to the Microsoft account you’re testing with.

Before you begin, you will need to download your manifest XML from the Phish Alert Button settings.

In this article, you'll find:

If you are testing an update to an existing installation, make a copy of the manifest for sideloading and change its Id tag. This will avoid conflicts with the installed add in that will prevent you from sideloading the updated manifest. You can use this website to generate UUIDs for use in the manifest file.

If you are comfortable editing XML files, you could also change some of the text in your test manifest to distinguish it from the installed add-in. For example, you could change the defaultValue attribute on the DisplayName tag. Please be aware that there is some duplication in the manifest file to allow it to work on mobile.

1. Open OWA logged into the Microsoft account you wish to test with

2. Open any message and click the three dots in the top right corner

3. Click the Get Add-ins option toward the bottom of the menu

4. Click My add-ins on the Add-Ins for Outlook window
​

5. Scroll to the Custom add-ins section at the bottom

6. Click Add a custom add-in and select Add from file… on the dropdown.

7. Select the manifest file you wish to test

NOTE: Always use a manifest downloaded from the application when installing via M365. Do not use modified files unless otherwise instructed.

8. A custom add-in warning will appear, click Install to continue

9. If successful you will find the new Phish Alert Button add-in under the Custom Add-Ins list

Any features that rely on the SSO AD service application may not work in Outlook Desktop on Windows or Mac OS. Namely message data retrieval and submission of suspected phishing emails via MS Graph. This is a restriction imposed by Microsoft and out of our control. If you want to test these features in those clients prior to a wider roll out you should configure an M365 deployment to go out to specific users or groups. OWA and mobile will be able to use SSO on a sideloaded add-in without any authentication issues.

1. In Outlook, click Home > Get Add-ins on the ribbon
​

2. Click My add-ins on the Add-Ins for Outlook window
​

3. Scroll to the Custom add-ins section at the bottom

4. Click Add a custom add-in and select Add from file… on the dropdown.

5. Select the manifest file you wish to test

NOTE: Always use a manifest downloaded from the application when installing via M365. Do not use modified files unless otherwise instructed.

6. A custom add-in warning will appear, click Install to continue

7. If successful you will find the new Phish Alert Button add-in under the Custom Add-Ins list