Integrate the user reported events from the Outlook reporting button with the CyberPilot App

Integrate user-reported events from the Outlook reporting button with the CyberPilot App 

When a real phishing attempt happens, the goal is to detect it quickly, remove the threat, and assess any damage — all within a short time frame. You need to be in the right environment to act fast. 

Why tracking reported emails matters 
When users report phishing emails, it’s a strong sign your training is working. It shows they can recognize threats and take the right action — helping stop attacks early. These reports are one of your most valuable indicators of real-world awareness. 

Why get this data in the CyberPilot App 
Bringing this reporting data into CyberPilot gives you everything in one place. You can instantly see who clicked, who ignored, and who reported — without juggling multiple systems. It streamlines analysis and decision-making. 

What you can measure 
With reporting data integrated, you can fully track how users respond to simulations: clicks, risky actions, and reports. This helps you measure training effectiveness, identify trends, and spot areas needing more attention — all with real, actionable insights. 

How it works
When you run a phishing simulation, users can report it via the Outlook button. Microsoft flags this as a simulation event. CyberPilot pulls these events from Defender (with your permission), letting you track them alongside other simulation data. 

How to get started 
You’ll need to set up AD integration and grant a few permissions. Follow this guide, then let us know once it's done — we’ll enable the feature for you.