Skip to main content

Understanding NINJIO Alert: XML 2.0 Phish Reporting Button

Updated

Note: This feature is currently in the Early Access phase and may be updated during this period.

Executive Summary

The NINJIO XML 2.0 Phish Reporting Button is our next-generation, cloud-native Outlook add-in. Built to integrate seamlessly with modern Microsoft 365 environments, this update transitions the core reporting experience into a native Outlook Sidebar (Taskpane) on desktop and web clients, while introducing advanced data privacy controls and centralized visual customization directly within your administrative portal.

Key Benefits & Capabilities

  • Streamlined User Experience: Opens as a clean, pinnable Outlook sidebar (Taskpane) on desktop and web clients rather than a disruptive popup dialog.

  • True Cross-Platform Support: Compatible across modern email ecosystems, including Classic Outlook, New Outlook, Outlook Web App (OWA), and Outlook Mobile (iOS and Android).

  • Enterprise-Grade Data Privacy: Features an optional Privacy Mode to accommodate highly regulated environments. When activated, no email content ever leaves your local perimeter or reaches NINJIO's cloud infrastructure.

  • Tailored Security Settings: Administrators can opt to exclude specific message layers—such as strips of text or specific attachments—from automated evaluations to comply with internal privacy standards.

  • Automated Inbox Remediation: Supports Restore-to-Inbox rules. If a user reports an email that is subsequently verified as safe, the system automatically returns the message to the user’s inbox from their deleted items folder.

⚠️ Important Privacy Note: If your organization requires Privacy Mode to be enabled, all cloud-forwarding pipelines are completely deactivated. 

Core Administrative Adjustments: XML 1.0 vs. XML 2.0

For teams upgrading from our legacy framework, please review the operational shifts below:

Functional Area XML 1.0 Framework XML 2.0 Framework
Interface Layout Restricted to popup overlays on desktop clients. Default Pinnable Taskpane (Sidebar) for desktop/web. Custom choice of popup or sidepane configuration available at download.
Mobile Deployment Mobile compatibility was unavailable in production. Fully supported natively inside Outlook for iOS & Android.
Branding Implementation Base manifests required manual code overrides by support to remove placeholder text and legacy assets. Generated instantly using branding assets uploaded directly to your portal.
Popup Theming Control Text configurations and placeholder tools operated with strict technical limits. Full interface control panel featuring hex color validations, gradient adjustments, and optional logo integration.
Whitelisting Layout Relied purely on global corporate domain configurations. Supports granular, per-address whitelisting controls via advanced feature gates.

System Requirements & Limitations

  • Supported Environments: Classic Outlook, New Outlook, and Outlook Web Access (OWA) across Google Chrome and Microsoft Edge. (Note: In line with industry standards, the plugin cannot run in Incognito or Private browsing sessions).

  • Mobile Layout Constraint: Because the Microsoft mobile ecosystem does not support third-party application sidebar panels, Outlook Mobile utilizes an optimization fallback that displays an inline popup confirmation window.

  • Post-Reporting Routing: Post-reporting folder commands are mutually exclusive. The application can automatically move messages to your Deleted Items directory OR route them to a designated Custom Folder, but cannot execute both simultaneously.

  • Rule Thresholds: Automated platform routing rules can distribute copies of filtered emails to a maximum of three target destination boxes per rule.

Upgrading to XML 2.0?

  • To successfully deploy our next-generation XML 2.0 Phish Reporting Button and enjoy an updated interface, enhanced privacy settings, and a pinnable Outlook sidebar, any older version of our legacy reporting add-in must be completely removed first.

  • This is because versioning rules dictate that a manifest must share the exact same ID to update seamlessly, and legacy platforms require a clean environment to completely overwrite old configuration parameters, your Microsoft 365 Global Administrator must execute this clean uninstallation process before uploading the new XML 2.0 manifest. Please see our guide.

Standard Installation & Deployment Workflow

To deploy across your enterprise, your Microsoft 365 global administrator must execute the following steps:

  1. Log into your NINJIO Admin Platform and ensure the phishing reporting module is toggled ON.

  2. Navigate to branding parameters, upload your preferred organizational logo, and configure your Popup Theming palette.

  3. Customize your manifest download settings by specifying your preferred Outlook DisplayName (up to 25 approved alphanumeric characters) and choosing your manifest view variant (Sidepane or Popup).

  4. Click Download Manifest to generate your organization's custom XML file.

How to Customize & Brand the XML 2.0 Reporter Button:

To see more step-by-step instructions in detail, please click here to see our guide.

 

How to deploy the XML 2.0 Reporter Button:

  1. Access your Microsoft 365 Admin Center and navigate to the Integrated Apps section.

  2. Choose Deploy Add-in, select Upload custom apps, and upload the custom XML file you generated.

  3. Assign user deployment scopes to Everyone, set your implementation behavior method to Fixed, and save the permissions.

Related to

Comments

0 comments

Please sign in to leave a comment.