VIPRE Security Knowledge

Guided Setup for SafeSend Web Add-in v6.0+

This article is for SafeSend version 6.0 or later

Super Administrator

Written By Marissa Fegan (Super Administrator)

Updated at December 2nd, 2025

Table of Contents

Step 1: Deployment Script Customization Step 3: Grant and Assign Admin Consent/Roles Step 4: Enter License Key Assign Users to Policy Add your Logo Step 5: Copy SafeSend PC Add-in v5.5 or below Settings to SafeSend 6.0+ Assign Users to Policy Add your Logo Step 5: Configuring the SafeSend Web Add-in Assign Users to Policy Add your Logo

Sending an email to the wrong person or attaching a sensitive file by mistake can happen in an instant. The VIPRE SafeSend Web Add-in for Microsoft Outlook helps eliminate these common but risky errors. It intelligently prompts users to verify external recipients, adding a simple but powerful layer of security to your email workflow.

Warning

This guided setup applies only to SafeSend Web add-in version 6.0 or later If you are using an older version of SafeSend prior to 6.0, please review the Deployment Guide for SafeSend Web Add-in instead.

 

Ready to get started? You're in the right place. This guide will lead you through the deployment process from start to finish. If you'd like to learn more about its features first, we invite you to check out our product overview and comparison chart.

How SafeSend Works

Once installed, SafeSend integrates directly into your Microsoft Outlook sending process to prevent accidental data leaks. The workflow is simple and intuitive:

  1. Click Send: After composing an email, click the "Send" button as you normally would.
  2. Scan & Verify: SafeSend automatically scans the email for external recipients. If any are found, a confirmation window appears.
  3. Confirm Recipients: In the pop-up window, you must verify each external recipient and any attachments by clicking the checkbox next to their name.
  4. Release the Email: After confirming all items, click the "Send" button within the SafeSend window to securely release your email.

Prerequisites

Before you install the SafeSend Web add-in, please verify that you have all of the required prerequisites listed here.

  • Verify that your organization meets the System Requirements
  • Ensure you have access to create a web app within the Microsoft Azure web server, with Global Admin privileges
  • Microsoft Exchange Online 

Warning

It is extremely important to note that SafeSend 6.0 was developed largely for use with Microsoft Azure web server

While, technically, SafeSend 6.0 should still support the use of any .NET Core 8.0 Capable Web Server, such as IIS, you will need to contact our Technical Support team for assistance with the installation and deployment.

 

Understanding the Installation Package

When you unzip your SafeSendArchive-[version].zip file, you will find the following contents. This guide will focus on the files inside the SafeSendWeb_[version] folder.

  • 3rd Party Licenses (txt file)
  • Get_Started_With_SafeSend (pdf)
    • Contains helpful links and resources to begin the setup process.
  • SafeSendPC_[version] (For the PC/COM Add-in)
    • Administrative Templates: For managing settings via Group Policy after deployment.
    • Admin Password: Credentials for local access to settings (not applicable for trial licenses).
    • SafeSendSetup: The .MSI installer for the PC add-in.
  • SafeSendWeb_5.5.6.12 (For v5.5 of the Web Add-in)
    • End-User License Agreement (EULA) (txt)
    • Packagename (txt)
    • Deployable files (e.g., SafeSendWebPackage[version].zip)
  • SafeSendWeb_[version] (For v6.0 and higher of the Web Add-in)
    • azure-deploy (txt)
      • This is the deployment script that is discussed in detail in Step 1: Deployment Script Customization below
    • End-User License Agreement (EULA) (txt)

Once you have located the SafeSendWeb_[version] folder and its contents, please proceed to the next step.

If you are migrating from the PC Add-in to the Web Add-in, please verify that you meet the system requirements for SafeSend Self-Hosted Web Add-in v6.0 and higher before continuing.

 

Step 1: Deployment Script Customization

 
 

Step 1: Deployment Script Customization

The deployment script (azure-deploy.txt) can be modified to fit your specific needs. The customizable properties are located between the ## Begin Properties ## and ## End Properties ## comments in the file. Altering this script will change the outcome of the installation. 

Key parameters you need to modify to get started are:

  • $location: Sets the Azure App Service region using all lowercase characters with no spaces (e.g., 'uswest', 'westeurope', centralus) for your resources; this is set to ‘uswest’ by default
  • $deploymentName: Defines a unique name for this deployment using 3-45 lowercase characters with no spaces; this name cannot start or end with a hyphen; all resources created in the resource group will be named based on this value

Optional parameters you can modify include:

  • $dbSkuTier, $dbSku: Specifies the size and performance tier for the database

Once you have finished modifying the deployment script, save the azure-deploy.txt file, and continue to Step 2.

Step 2: Quick Start Deployment Script

 
 

Step 2: Quick Start Deployment Script

This process will walk you through deploying all the necessary components in Microsoft Azure. 

  1. Log in to https://shell.azure.com with an account that has the required permissions for the Azure subscription
    1. If the shell defaults to bash, switch it to PowerShell
  2. Copy the entire contents of the modified azure-deploy.txt file and paste it directly into the PowerShell console to run the script

The script can take up to 30 minutes to complete. Once finished, the Admin Consent and SafeSend portal URLs will be displayed in the console. Be sure to copy these URLs before moving on to Step 3.

Step 3: Grant and Assign Admin Consent/Roles

 
 

Step 3: Grant and Assign Admin Consent/Roles

  1. Click on the Admin Consent URL
  2. If prompted, sign in and allow the permissions being requested
  3. Navigate to https://portal.azure.com
  4. Go to Enterprise Applications
  5. Select the most recently created application; its name will match the deployment name from the script
  6. Go to Manage > Users and Groups and click Add User/Group
  7. Under "Users and Groups," click None Selected to choose which users or groups will have administrative access to SafeSend
  8. Ensure the SafeSend Admins role is selected and click Assign
    • SafeSend admins do not need to be Azure, or Global, admins

Step 4:  Enter License Key

 
 

Step 4: Enter License Key

  1. Open the SafeSend Portal URL you copied earlier and sign in with a user account that has been assigned the SafeSend Admin role
    1. The URL is your deployment name + /admin so, as an example, it would look similar to https://yourdeploymentname.azurewebsites.net/admin 
  2. Enter your SafeSend License Key
    1. You'll only be asked for this the first time you log in

Allow up to 10 minutes for web server to come up.

 

 

I currently use a SafeSend Web Add-in v5.5 or older and want to migrate my existing settings

 

I currently use the SafeSend PC Add-in and want to migrate my existing settings

 

I am configuring the SafeSend Web Add-in for the first time

 
 

Step 5: Copy SafeSend Web Add-in v5.5 or below Settings to SafeSend 6.0+

In the SafeSend 6.0 web console, you'll see options to configure your desired policies, rules, and user assignments. 

To migrate your existing settings:

  1. Open your old App Service in Microsoft Azure in a new browser tab
  2. Open Settings > Environment Variables

Now you're going to copy the environment variable values from your old App Service and paste them into the new SafeSend web console. Find complete details on SafeSend policies by reading Web Add-in v6.0+ Policies.

  1. In the new SafeSend web console, under Manage, select Policies
  2. Click + Add Policy in the top right corner
  3. Add a descriptive name and click Save
  4. Click on the name of your newly created policy to open it and locate the following environment variables: 
    • Safe Domains: click General > Add Safe Domain
      • Enter one safe domain or email address per line
    • General Settings: Under the Settings tab, there are options to toggle certain features on or off; refer to the Web Add-in Settings Reference for a description and valid options for each setting
      • enableplatform value: Still within your policy configuration, select Settings, then search the word enable
        • You should see Enable for Mac, Enable for PC, Enable for Web under Advanced; toggle the correction option(s) on as is necessary
    • DLP: Click the DLP tab from the top navigation menu, then click the + to create a new ruleset to add content scanning and client/keyword domain rules
      • To edit your newly created DLP ruleset and add your existing configuration:
        1. In the Not Linked list, select your ruleset
        2. Click the name of your ruleset on the main part of the screen to open the configuration rules
        3. Under Content Scanning Rules, click +Add Rule, then copy/paste your Content Scanning Rules as desired
        4. Under Client/Keyword Domain Rules, click +Add Rule, then copy/paste your Client/Keyword Domain Rules as desired
        5. Assign the DLP ruleset to your policy by selecting the policy from the Not Linked column and dragging it over to the Linked column 
        6. Click Save
      • To read more about Data Loss Prevention, visit Web Add-in: Data Loss Prevention 
    • Forbidden Recipients: Click Forbidden and type one email address or domain per line; you can also toggle Block Distribution Lists on or off

Assign Users to Policy

These users and groups will be auto-populated from Microsoft Entra ID. Any groups you want to create specifically for SafeSend should be created in Entra ID first.

 
  1. Click Assignments in the left side menu, then the +Add Assignment button
  2. Name your assignment, then choose a policy from the dropdown menu
  3. To assign specific users or groups to the chosen policy, click Add Users and/or Add Groups
  4. Click Save

Add your Logo

  1. Under Settings, click Edit Logo
    1. Image size must be no larger than 155x40
    2. Image type must be .png file type
    3. Images with transparent backgrounds are recommended so that your logo matches the rest of SafeSend
  2. Upload your logo
  3. Click Apply

Since we're in already on the Settings page, let's move on to deploying the manifest. 

 

Step 6: Deploy the Manifest

 
 

Step 6: Deploy the Manifest

Choosing Your SafeSend Web Add-in Manifest

How your SafeSend Web add-in behaves during a network interruption isn't random. It is dictated by the manifest you choose. SafeSend provides three pre-configured manifests to control security policies, offline access, and connectivity rules. Understanding the differences is key to ensuring a seamless and secure experience for your users.

SafeSend Manifest Configuration Options

Choosing the right manifest depends on your organization's security posture, user workflow, and compliance needs. 

Warning

Any changes to your manifest deployment option can take up to 72 hours.

 

Enforced Protection Mode

Choose this if your organization is seeking a balance between robust security and practical usability.

This manifest is the best-of-both-worlds solution. It enforces your security policies to prevent accidental data loss but is designed to handle common issues like network interruptions gracefully, ensuring users remain productive. It provides real security without the heavy-handed restrictions of the strictest mode. 

  • Ideal for: A general deployment across most of your users
  • User Experience: Secure and reliable, with built-in safeguards
  • Core Benefit: Enforces security rules while maintaining a smooth workflow

User Experience

Emails are checked as you're composing. If a review is needed, tips are provided insight at the top of the email asking you to Review. (Clicking Dismiss only dismisses the tip, not the need to review.) If the task pane is pinned, it will also appear in there. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. End user won't be able to use Outlook Offline Mode. 

User Prompt Mode

Choose this if your primary goal is to educate users and foster security awareness with minimal disruption.

This manifest acts as a helpful "guardrail" rather than a locked gate. It alerts users to potential issues with their email but ultimately trusts them to make the final decision. It's the best choice for organizations that prioritize workflow speed and user autonomy while still encouraging secure practices. When using in Outlook Offline Mode, 

  • Ideal for: Organizations with a strong culture of trust
  • User Experience: Lowest friction; policies are advisory
  • Core Benefit: Promotes awareness without blocking productivity

User Experience

Emails are checked as you're composing. Tips are provided in the task pane asking you to Review or Send. When the end user clicks Send without reviewing, these three choices come up every time: Send Anyway, Review, or Don't send. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. In Outlook Offline Mode, end users can hit Send and the email will wait in the Outbox and send automatically upon reconnection to the internet, bypassing SafeSend (acting as if there is no add-in).

Legacy Compatibility Mode

Choose this if your organization operates under strict compliance regulations or requires the absolute highest level of security with no exceptions.

This is your "zero-trust" option. In this mode, sending is completely blocked until all SafeSend validations are passed—no overrides are possible. It is essential for legal, financial, or healthcare industries where compliance is mandatory. It also perfectly mimics the behavior of the legacy SafeSend add-in (v5.5), making it ideal for organizations that want to maintain that specific, strict user experience.

  • Ideal for: Legal, finance, and other highly regulated industries
  • User Experience: Most restrictive; security is non-negotiable
  • Core Benefit: Guarantees compliance and ensures no email ever bypasses SafeSend

User Experience

Emails are checked at the moment you click Send. If there is something within the message to review, the review dialog box will automatically popup. In the event of a loss of connectivity to the SafeSend web server, messages will be saved to the Draft folder and will need to be manually sent once connectivity is restored. End user won't be able to use Outlook Offline Mode. 

Manifest Configuration Comparison 

Manifest Config Mode UI Style SafeSend Behavior in Outlook Offline Mode SafeSend Behavior in SafeSend Server is unreachable
Enforced Protection Mode Task Pane

Email Blocked

  • Dialog box states SafeSend cannot process email - Click OK
  • Dialog box asks to save changes - Click X
  • Email is saved to Draft folder

Bypasses SafeSend

  • Click Send Anyway sends email without review
User Prompt Mode Task Pane

Bypasses SafeSend

  • Click Send
  • Email waits in Outbox folder until Internet connectivity is reestablished

Bypasses SafeSend

  • Click Send Anyway sends email without review
Legacy Compatibility Mode Post Send Dialog Box

Email Blocked

  • Email saved to Draft folder after clicking Send

Email Blocked

  • Email saved to Draft folder after clicking Send

Still unsure? Contact our Technical Support team for additional help. 

Once you have chosen the manifest that is most appropriate for your organization's needs: 

  1. Download the manifest .xml file from the Settings page in the SafeSend portal
  2. Deploy via the following path: https://portal.office.com > Settings > Integrated Apps > Upload Custom App > Office Add-in

Testing your SafeSend Deployment

You can test the add-in by sideloading the manifest and navigating to https://aka.ms/olksideload, or by deploying it to a small test group through the Microsoft 365 admin center.

Helpful Articles

Congratulations! SafeSend Web Add-in has now been installed and deployed. 

 
 

Step 5: Copy SafeSend PC Add-in v5.5 or below Settings to SafeSend 6.0+

In the SafeSend 6.0 web console, you'll see options to configure your desired policies, rules, and user assignments. To migrate your existing settings:

  1. Open the settings.json file from SafeSend PC add-in in a text editor
  2. Create a new policy in the SafeSend web console by selecting Policies > Create; find complete details for how to configure SafeSend policies by reading Web Add-in v6.0+ Policies
  3. Copy the environment variable values from the settings.json file and paste them into the new SafeSend policy
    1. To add a safe domain, click General > Add Safe Domain; enter one safe domain or email address per line
    2. Under Settings, there are options to toggle certain features on or off; refer to the Web Add-in Settings Reference for a description and valid options for each setting
      • enableplatform value: Still within your policy configuration, select Settings, then search the word enable
        • You should see Enable for Mac, Enable for PC, Enable for Web under Advanced; toggle the correction option(s) on as is necessary
    3. To create a Data Loss Prevention (DLP) ruleset, click the DLP tab from the top navigation menu, then click the + to create a new ruleset to add content scanning and client/keyword domain rules; to assign a policy to the DLP ruleset, drag your policy from Not Linked to Linked
    4. To add forbidden recipients, click Forbidden, include one email per line
      1. To read more about Forbidden Lists and Recipients, visit Web Add-in: Forbidden Lists and Recipients
    5. When you're done, click Save

Assign Users to Policy

These users and groups will be auto-populated from Microsoft Entra ID. Any groups you want to create specifically for SafeSend should be created in Entra ID first.

 
  1. Click Assignments in the left side menu, then the +Add Assignment button
  2. Name your assignment, then choose a policy from the dropdown menu
  3. To assign specific users or groups to the chosen policy, click Add Users and/or Add Groups
  4. Click Save

Add your Logo

  1. Under Settings, click Edit Logo
    1. Image size must be no larger than 155x40
    2. Image type must be .png file type
    3. Images with transparent backgrounds are recommended so that your logo matches the rest of SafeSend
  2. Upload your logo
  3. Click Apply

 

Step 6: Deploy the Manifest

 
 

Step 6: Deploy the Manifest

Choosing Your SafeSend Web Add-in Manifest

How your SafeSend Web add-in behaves during a network interruption isn't random. It is dictated by the manifest you choose. SafeSend provides three pre-configured manifests to control security policies, offline access, and connectivity rules. Understanding the differences is key to ensuring a seamless and secure experience for your users.

SafeSend Manifest Configuration Options

Choosing the right manifest depends on your organization's security posture, user workflow, and compliance needs. 

Warning

Any changes to your manifest deployment option can take up to 72 hours.

 

Enforced Protection Mode

Choose this if your organization is seeking a balance between robust security and practical usability.

This manifest is the best-of-both-worlds solution. It enforces your security policies to prevent accidental data loss but is designed to handle common issues like network interruptions gracefully, ensuring users remain productive. It provides real security without the heavy-handed restrictions of the strictest mode. 

  • Ideal for: A general deployment across most of your users
  • User Experience: Secure and reliable, with built-in safeguards
  • Core Benefit: Enforces security rules while maintaining a smooth workflow

User Experience

Emails are checked as you're composing. If a review is needed, tips are provided insight at the top of the email asking you to Review. (Clicking Dismiss only dismisses the tip, not the need to review.) If the task pane is pinned, it will also appear in there. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. End user won't be able to use Outlook Offline Mode. 

User Prompt Mode

Choose this if your primary goal is to educate users and foster security awareness with minimal disruption.

This manifest acts as a helpful "guardrail" rather than a locked gate. It alerts users to potential issues with their email but ultimately trusts them to make the final decision. It's the best choice for organizations that prioritize workflow speed and user autonomy while still encouraging secure practices. When using in Outlook Offline Mode, 

  • Ideal for: Organizations with a strong culture of trust
  • User Experience: Lowest friction; policies are advisory
  • Core Benefit: Promotes awareness without blocking productivity

User Experience

Emails are checked as you're composing. Tips are provided in the task pane asking you to Review or Send. When the end user clicks Send without reviewing, these three choices come up every time: Send Anyway, Review, or Don't send. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. In Outlook Offline Mode, end users can hit Send and the email will wait in the Outbox and send automatically upon reconnection to the internet, bypassing SafeSend (acting as if there is no add-in).

Legacy Compatibility Mode

Choose this if your organization operates under strict compliance regulations or requires the absolute highest level of security with no exceptions.

This is your "zero-trust" option. In this mode, sending is completely blocked until all SafeSend validations are passed—no overrides are possible. It is essential for legal, financial, or healthcare industries where compliance is mandatory. It also perfectly mimics the behavior of the legacy SafeSend add-in (v5.5), making it ideal for organizations that want to maintain that specific, strict user experience.

  • Ideal for: Legal, finance, and other highly regulated industries
  • User Experience: Most restrictive; security is non-negotiable
  • Core Benefit: Guarantees compliance and ensures no email ever bypasses SafeSend

User Experience

Emails are checked at the moment you click Send. If there is something within the message to review, the review dialog box will automatically popup. In the event of a loss of connectivity to the SafeSend web server, messages will be saved to the Draft folder and will need to be manually sent once connectivity is restored. End user won't be able to use Outlook Offline Mode. 

Manifest Configuration Comparison 

Manifest Config Mode UI Style SafeSend Behavior in Outlook Offline Mode SafeSend Behavior in SafeSend Server is unreachable
Enforced Protection Mode Task Pane

Email Blocked

  • Dialog box states SafeSend cannot process email - Click OK
  • Dialog box asks to save changes - Click X
  • Email is saved to Draft folder

Bypasses SafeSend

  • Click Send Anyway sends email without review
User Prompt Mode Task Pane

Bypasses SafeSend

  • Click Send
  • Email waits in Outbox folder until Internet connectivity is reestablished

Bypasses SafeSend

  • Click Send Anyway sends email without review
Legacy Compatibility Mode Post Send Dialog Box

Email Blocked

  • Email saved to Draft folder after clicking Send

Email Blocked

  • Email saved to Draft folder after clicking Send

Still unsure? Contact our Technical Support team for additional help. 

Once you have chosen the manifest that is most appropriate for your organization's needs: 

  1. Download the manifest .xml file from the Settings page in the SafeSend portal
  2. Deploy via the following path: https://portal.office.com > Settings > Integrated Apps > Upload Custom App > Office Add-in

Testing your SafeSend Deployment

You can test the add-in by sideloading the manifest and navigating to https://aka.ms/olksideload, or by deploying it to a small test group through the Microsoft 365 admin center.

Helpful Articles

Congratulations! SafeSend Web Add-in has now been installed and deployed. 

 

Step 5: Configuring the SafeSend Web Add-in

In the SafeSend 6.0 web console, you'll see options to configure your desired policies, rules, and user assignments. Find complete details for how to configure SafeSend policies by reading Web Add-in v6.0+ Policies.

 

  1. To create a new policy, select Create New Policy from the Getting Started Wizard
  2. To add a safe domain, click General > Add Safe Domain; enter one safe domain or email address per line.
  3. Under Settings, there are Advanced, Commonly Used, and Special Case settings to toggle certain features on or off; refer to the Web Add-in Settings Reference for a description and valid options for each setting
    • enableplatform value: Still within your policy configuration, select Settings, then search the word enable
      • You should see Enable for Mac, Enable for PC, Enable for Web under Advanced; toggle the correction option(s) on as is necessary
  4. Click the DLP tab from the top navigation menu, then click the + to create a new ruleset to add content scanning and client/keyword domain rules
    • To edit your newly created DLP ruleset:
      1. In the Not Linked list, select your ruleset
      2. Click the name of your ruleset on the main part of the screen to open the configuration rules
      3. Under Content Scanning Rules, click +Add Rule
        1. Name your content scanning rule
        2. Select from the following actions in the dropdown box: Inform, Confirm, ConfirmText, Deny; Confirm is the default selected action
        3. Choose the content type: All Support Files, All Except PDF, or Specific File Types; If selecting Specific File Types, a box will appear allowing you to select all desired file types you want DLP to scan for 
        4. Write a regular expression (also known as regex); If you need assistance, you can do an Internet search for a regex generator or use an AI model to help create a regex
        5. Test your regex by adding test strings to match and test strings to NOT match; Green indicates the test passed; Red indicates the test failed
        6. When done, click OK at the bottom 
      4. Under Client/Keyword Domain Rules, click +Add Rule
        1. Add any keywords you want SafeSend to look for
        2. Add any domains or email addresses you want to associate with the above keyboards
        3. If you want SafeSend to automatically rewrite the listed domains with alternate text, add that under Alternate Text Domain
        4. Click OK 
      5. Assign the DLP ruleset to your policy by selecting the policy from the Not Linked column and dragging it over to the Linked column 
      6. Click Save
    • To read more about Data Loss Prevention, visit Web Add-in: Data Loss Prevention 
  5. Click Forbidden and type one email address or domain per line; you can also toggle Block Distribution Lists on or off

Assign Users to Policy

These users and groups will be auto-populated from Microsoft Entra ID. Any groups you want to create specifically for SafeSend should be created in Entra ID first.

 
  1. Click Assignments in the left side menu, then the +Add Assignment button
  2. Name your assignment, then choose a policy from the dropdown menu
  3. To assign specific users or groups to the chosen policy, click Add Users and/or Add Groups
  4. Click Save

Add your Logo

  1. Under Settings, click Edit Logo
    1. Image size must be no larger than 155x40
    2. Image type must be .png file type
    3. Images with transparent backgrounds are recommended so that your logo matches the rest of SafeSend
  2. Upload your logo
  3. Click Apply

 

Step 6: Deploy the Manifest

 
 

Step 6: Deploy the Manifest

Choosing Your SafeSend Web Add-in Manifest

How your SafeSend Web add-in behaves during a network interruption isn't random. It is dictated by the manifest you choose. SafeSend provides three pre-configured manifests to control security policies, offline access, and connectivity rules. Understanding the differences is key to ensuring a seamless and secure experience for your users.

SafeSend Manifest Configuration Options

Choosing the right manifest depends on your organization's security posture, user workflow, and compliance needs. 

Warning

Any changes to your manifest deployment option can take up to 72 hours.

 

Enforced Protection Mode

Choose this if your organization is seeking a balance between robust security and practical usability.

This manifest is the best-of-both-worlds solution. It enforces your security policies to prevent accidental data loss but is designed to handle common issues like network interruptions gracefully, ensuring users remain productive. It provides real security without the heavy-handed restrictions of the strictest mode. 

  • Ideal for: A general deployment across most of your users
  • User Experience: Secure and reliable, with built-in safeguards
  • Core Benefit: Enforces security rules while maintaining a smooth workflow

User Experience

Emails are checked as you're composing. If a review is needed, tips are provided insight at the top of the email asking you to Review. (Clicking Dismiss only dismisses the tip, not the need to review.) If the task pane is pinned, it will also appear in there. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. End user won't be able to use Outlook Offline Mode. 

User Prompt Mode

Choose this if your primary goal is to educate users and foster security awareness with minimal disruption.

This manifest acts as a helpful "guardrail" rather than a locked gate. It alerts users to potential issues with their email but ultimately trusts them to make the final decision. It's the best choice for organizations that prioritize workflow speed and user autonomy while still encouraging secure practices. When using in Outlook Offline Mode, 

  • Ideal for: Organizations with a strong culture of trust
  • User Experience: Lowest friction; policies are advisory
  • Core Benefit: Promotes awareness without blocking productivity

User Experience

Emails are checked as you're composing. Tips are provided in the task pane asking you to Review or Send. When the end user clicks Send without reviewing, these three choices come up every time: Send Anyway, Review, or Don't send. In the event of a loss of connectivity to the SafeSend web server, end users will still be able to click Send Anyway and bypass SafeSend. In Outlook Offline Mode, end users can hit Send and the email will wait in the Outbox and send automatically upon reconnection to the internet, bypassing SafeSend (acting as if there is no add-in).

Legacy Compatibility Mode

Choose this if your organization operates under strict compliance regulations or requires the absolute highest level of security with no exceptions.

This is your "zero-trust" option. In this mode, sending is completely blocked until all SafeSend validations are passed—no overrides are possible. It is essential for legal, financial, or healthcare industries where compliance is mandatory. It also perfectly mimics the behavior of the legacy SafeSend add-in (v5.5), making it ideal for organizations that want to maintain that specific, strict user experience.

  • Ideal for: Legal, finance, and other highly regulated industries
  • User Experience: Most restrictive; security is non-negotiable
  • Core Benefit: Guarantees compliance and ensures no email ever bypasses SafeSend

User Experience

Emails are checked at the moment you click Send. If there is something within the message to review, the review dialog box will automatically popup. In the event of a loss of connectivity to the SafeSend web server, messages will be saved to the Draft folder and will need to be manually sent once connectivity is restored. End user won't be able to use Outlook Offline Mode. 

Manifest Configuration Comparison 

Manifest Config Mode UI Style SafeSend Behavior in Outlook Offline Mode SafeSend Behavior in SafeSend Server is unreachable
Enforced Protection Mode Task Pane

Email Blocked

  • Dialog box states SafeSend cannot process email - Click OK
  • Dialog box asks to save changes - Click X
  • Email is saved to Draft folder

Bypasses SafeSend

  • Click Send Anyway sends email without review
User Prompt Mode Task Pane

Bypasses SafeSend

  • Click Send
  • Email waits in Outbox folder until Internet connectivity is reestablished

Bypasses SafeSend

  • Click Send Anyway sends email without review
Legacy Compatibility Mode Post Send Dialog Box

Email Blocked

  • Email saved to Draft folder after clicking Send

Email Blocked

  • Email saved to Draft folder after clicking Send

Still unsure? Contact our Technical Support team for additional help. 

Once you have chosen the manifest that is most appropriate for your organization's needs: 

  1. Download the manifest .xml file from the Settings page in the SafeSend portal
  2. Deploy via the following path: https://portal.office.com > Settings > Integrated Apps > Upload Custom App > Office Add-in

Testing your SafeSend Deployment

You can test the add-in by sideloading the manifest and navigating to https://aka.ms/olksideload, or by deploying it to a small test group through the Microsoft 365 admin center.

Helpful Articles

Congratulations! SafeSend Web Add-in has now been installed and deployed. 

 
 
 
 
 
 

 

 

 

 

Related Articles

Release Notes for VIPRE Email Cloud - Feb 1, 2023

Product release information for VIPRE Email Security Cloud, released on February ...