In today’s digital landscape, email remains a primary mode of communication for businesses worldwide. However, with the increasing sophistication of phishing attacks and email scams, safeguarding your organization’s email system is more crucial than ever. Microsoft Office 365 offers a valuable feature known as the External Email Warning, which helps users identify emails coming from outside the organization, thereby reducing the risk of falling victim to malicious attacks. In this article, we’ll explore how to set up and effectively use the External Email Warning in Office 365 to enhance your organization’s email security.
How to Set Up External Email Warning in Office 365
Setting up an External Email Warning in Office 365 involves creating a mail flow rule that adds a warning message to emails received from external sources. Follow these steps to configure this feature:
Step 1: Access the Exchange Admin Center
- Sign in to your Office 365 account with administrative credentials.
- Navigate to the Microsoft 365 admin center.
- From the left-hand menu, select “Exchange” to open the Exchange Admin Center (EAC).
Step 2: Create a New Mail Flow Rule
- In the EAC, click on “Mail flow” in the left-hand navigation pane.
- Select the “Rules” tab.
- Click the “+” icon and choose “Create a new rule” from the drop-down menu.
Step 3: Configure the Rule Conditions
- In the new rule window, enter an appropriate name for your rule, such as “External Email Warning”.
- Click on “Apply this rule if…” and select “The sender is located…”.
- Choose “Outside the organization” from the options.
Step 4: Set the Warning Message
- Click on “Do the following…” and select “Prepend disclaimer”.
- In the disclaimer text box, enter your warning message. For example:
[EXTERNAL EMAIL] Caution: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.You can also format the text using HTML to make the warning more noticeable.
Step 5: Save and Test the Rule
- Review your settings and click “Save” to activate the rule.
- Test the rule by sending an email from an external account to ensure the warning appears correctly.
- Monitor and adjust the rule as necessary to suit your organization’s needs.
Best Practices for Using External Email Warnings
To maximize the effectiveness of the External Email Warning feature, consider the following best practices:
- Clear and Concise Messaging: Ensure that the warning message is straightforward and easy to understand by all users.
- Consistent Formatting: Use consistent and prominent formatting (e.g., bold text, colors) to make the warning stand out without being overly intrusive.
- Regular Training: Provide ongoing training and reminders to employees about the importance of verifying external emails and recognizing potential threats.
- Monitor and Update: Regularly review the effectiveness of the warning system and update the message or settings as needed based on emerging threats or organizational changes.
- Combine with Other Security Measures: Use the External Email Warning in conjunction with other security tools like spam filters, antivirus software, and multi-factor authentication for comprehensive protection.
Customizing the External Email Warning Message
Customizing the warning message allows you to tailor it to your organization’s specific requirements:
- Language Adaptation: Translate the message into the primary language used within your organization for better comprehension.
- Include Contact Information: Provide contact details for your IT or security department so users know where to report suspicious emails.
- Dynamic Content: Utilize variables to include dynamic content such as the sender’s email address or domain for more context.
- Visual Elements: Incorporate company logos or icons to maintain brand consistency while emphasizing the warning.
Example Customized Warning in HTML:
<div style="color: red; font-weight: bold;">
[EXTERNAL] Alert: This email comes from outside OurCompany. Verify the sender and be cautious with links and attachments. Report suspicious emails to security@ourcompany.com.
</div>
Native external sender warning on email in Outlook
While many admins use Exchange transport rules to add tags to the subject line or message body to indicate emails from external senders. However, this method has limitations such as
- Issues include duplicate “[External]” tags in ongoing threads, disrupted conversation threading in Outlook due to modified subject lines, and confusion when the subject or message body changes in internal replies or forwards.
- Additionally, localization problems may arise, and lengthy subject lines can be difficult to preview on smaller devices.
In response to this, Microsoft has developed a native feature that introduces an “External” tag in emails. This tag, which adapts to the user’s language settings, will appear at the top of the message view, making it easier to identify and verify external senders, thereby enhancing protection against spam and phishing threats
How to Setup Microsoft Native External Sender Warning on email in Outlook
To enable the native external sender warning in outlook , you can only do so through powershell. Make sure you have installed the Exchange Online Module to connect to your O365 tenant via powershell.
Step 1: Connect to Exchange Online
Connect to exchange online
Connect-ExchangeOnline -userPrincipalName john@contoso.comStep 2: Enable the external InOutlook cmdlet
To enable the external tagging , use the below ExternalInOutlook cmdlet.
Set-ExternalInOutlook -Enabled $trueTo verify if the cmdlet is enabled , you can use the below command and it shall show “true” value under the enabled.
Get-ExternalInOutlookStep 3: Add domain to allow list
You can add an email domain to the allow list so that the external email warning is not displayed when the email is received from that specific domain. It maybe useful if you have another domain or sister company that you don’t want to tag as external.
Set-ExternalInOutlook -AllowList @{Add="oxugeek.com.", "abc.ca", "xyz.com"}The above cmdlet will set the allowlist and remove any other allowed list that may exist.
To remove the domains from allowed list , use the below cmdlet:
Set-ExternalInOutlook -AllowList @{Remove="oxusgeek.com", "abc.ca", "xyz.com}Since this is Microsoft’s native external sender warning tagging,therfore; you will not be able to set a customized message.
Note: Enabling the external sender warning message may take up-to 48 hours to start working.
Adding external email warnings in Office 365 and Outlook is a proactive step toward securing your organization’s communications. By clearly identifying external emails, you empower users to be vigilant and reduce the risk of falling prey to phishing and other email-based attacks. Regular updates and employee training further enhance the effectiveness of this security measure, helping to protect your organization from ever-evolving cyber threats.
By following these steps, you can enhance your organization’s email security and help safeguard against external threats. For more detailed guidance, refer to Microsoft’s official documentation.
