Native external sender notifications in Exchange Online

image

I’ve never been a big fan of setting up rules to add a HTML banner to inbound emails, as shown above, that “warn” a user about an external email source. I dislike this solution for a number of reasons, including that it is something that an attacker can replicate, it creates a certain amount of complacency for the receiver and it ends up embedded in every reply to the email going forward.

i do however understand what is trying to be achieved here due to a lack of something provided by Exchange Online. That is, until now! A native approach is now available.

image

image

You can now get the External tag, as shown above, to appear in all versions of Outlook (desktop, web and mobile) to help understand the origin of email messages. I like this solution much better because it is built into the platform and appears in an area that an attack would find really hard to replicate. Having such labelling as a native part of Exchange Online is a much better approach I feel.

image

image

You also get the above when you view the email item.

You can enable this on new inbound messages received (only from the point you enable it going forward) using PowerShell.

image

You’ll need to firstly ensure that you have the latest version of the Exchange Online V2 PowerShell module. The minimum version required is 2.0.4. To verify this, and to ensure all the Microsoft 365 PowerShell modules are current in your environment, I encourage you to use my script:

https://github.com/directorcia/Office365/blob/master/o365-update.ps1

that will verify and update if necessary. Just remember to run the PowerShell environment as an administrator prior to running my update script.

Now connect to Exchange Online using PowerShell. Again, you can use my script at:

https://github.com/directorcia/Office365/blob/master/o365-connect-exo.ps1

to do this. In fact, using that script will also ensure that you have the latest version of the Exchange Online PowerShell V2 module installed.

Once connected to Exchange Online as an administrator running the command:

Set-externalinoutlook -enabled $true

The best documentation is currently here:

https://github.com/MicrosoftDocs/office-docs-powershell/blob/master/exchange/exchange-ps/exchange/Set-ExternalInOutlook.md

as this is still a new command at this point in time. You’ll also note that the command also has an Identity and AllowList option that you can further customise your settings.

Once the command has been run it will take a few hours for the External label to start appearing on emails from outside the organisation.

I would expect to see further configuration options become available as well as improvements to the label display. However, a very handy option that will improve the security in your environment and I’d encourage you enable it today!

2 thoughts on “Native external sender notifications in Exchange Online

  1. This is a good thing, especially since inserting a bit of HTML in the body of an e-mail leads to users complaining they can’t preview the first bit of a message in Outlook 🙂 Any idea on whether or not this propagates to Exchange on-prem as well in a hybrid situation?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s