I’ve never been a big fan of setting up rules to add a HTML banner to inbound emails, as shown above, that “warn” a user about an external email source. I dislike this solution for a number of reasons, including that it is something that an attacker can replicate, it creates a certain amount of complacency for the receiver and it ends up embedded in every reply to the email going forward.
i do however understand what is trying to be achieved here due to a lack of something provided by Exchange Online. That is, until now! A native approach is now available.
You can now get the External tag, as shown above, to appear in all versions of Outlook (desktop, web and mobile) to help understand the origin of email messages. I like this solution much better because it is built into the platform and appears in an area that an attack would find really hard to replicate. Having such labelling as a native part of Exchange Online is a much better approach I feel.
You also get the above when you view the email item.
You can enable this on new inbound messages received (only from the point you enable it going forward) using PowerShell.
You’ll need to firstly ensure that you have the latest version of the Exchange Online V2 PowerShell module. The minimum version required is 2.0.4. To verify this, and to ensure all the Microsoft 365 PowerShell modules are current in your environment, I encourage you to use my script:
that will verify and update if necessary. Just remember to run the PowerShell environment as an administrator prior to running my update script.
Now connect to Exchange Online using PowerShell. Again, you can use my script at:
to do this. In fact, using that script will also ensure that you have the latest version of the Exchange Online PowerShell V2 module installed.
Once connected to Exchange Online as an administrator running the command:
Set-externalinoutlook -enabled $true
The best documentation is currently here:
as this is still a new command at this point in time. You’ll also note that the command also has an Identity and AllowList option that you can further customise your settings.
Once the command has been run it will take a few hours for the External label to start appearing on emails from outside the organisation.
I would expect to see further configuration options become available as well as improvements to the label display. However, a very handy option that will improve the security in your environment and I’d encourage you enable it today!