The permanent fix for the Catch Phish Email Plug-in issue is now available. Our team has completed testing and confirmed that the solution resolves the loading issue caused by Microsoft’s recent changes.
Applying the fix requires removing the existing version of Catch Phish and re-deploying the updated version. Our Support team will be reaching out to those who have previously opened a ticket related to this issue. For those who have not opened a support ticket but would like detailed instructions on how to implement the permanent fix, please contact our Support team at help@breachsecurenow.com.
Thank you for your patience and continued support as we worked toward a long-term solution.
Posted May 19, 2025 - 17:32 EDT
Update
We’re in the final stages of testing a permanent fix for the issue preventing Catch Phish from loading for some users. Our team has been working diligently to ensure the upcoming solution is compatible with Microsoft’s evolving requirements. We expect to roll out the fix shortly.
Thank you for your continued patience and partnership. We’ll provide another update as soon as the fix is live.
Posted May 06, 2025 - 13:55 EDT
Monitoring
A temporary fix has been discovered for the issue preventing Catch Phish from loading for some users. Once legacy tokens are enabled and Outlook is restarted, Catch Phish should function normally again. A link to the instructions for turning on legacy Exchange Online tokens and re-enabling Outlook add-ins is included below. Our team is currently working on a permanent fix. If you have any additional questions, please reach out to our Support team for assistance. Thank you for your patience and understanding.
An issue has been identified with the Catch Phish Email Plug-in not loading for some users. The cause of this issue has been linked to an update made by Microsoft which turns off all legacy Exchange user identity and callback tokens by default for Exchange Online tenants, encouraging the adoption of Nested App Authentication (NAA). This change affects Outlook add-ins that rely on these tokens, potentially impacting their functionality. Administrators can temporarily turn legacy tokens back on, but Microsoft will permanently disable them for all tenants by June 2025. We are working to ensure the smooth operation of Catch Phish while looking into options for the future. Thank you for your patience.