Introduction

In a world of daily security challenges, one simple preventive action you can take to improve the chances of your users staying safe is to make external emails POP more in their eyes. The idea is to make external emails more visible to them in the hopes that they won't fall prey to a phishing email pretending to be from an internal email address, or that simply they'll be more aware when working with external senders

What are my options?

There's a multitude of options out there in Exchange Online, but the ones I find to work best are the following, and yes you can use both simultaneously:

1. ExternalInOutlook
2. MessageClassification

1. ExternalInOutlook

This is a rather "new" feature (from a couple of years ago) that marks emails in 2 ways: an "External" tag on the small view within the email list, and a Mail Tip saying:""

To set this up, you just need to connect to ExchangeOnline via PowerShell and use these cmdlets to enable it and to add or remove exceptions:

Set-ExternalInOutlook -Enabled $true

Get-ExternalInOutlook

Set-ExternalInOutlook -AllowList @{Add="yoursupplier.com"; Remove="seller@client.com"}

And this is how it should look in OWA and Outlook New (Notice the marking near the Email in the list of Emails + the Mail Tip with the big red exclamation mark above the email body):

1. MessageClassification

There's another way to achieve this, but this will be more of a banner or Mail Tip inside the body of the message, so it may catch the attention of your users. As said before, it can work in conjunction with the first option.

New-MessageClassification -Name "EXTERNAL MESSAGE" -DisplayName "EXTERNAL MESSAGE" -SenderDescription "Message marked automatically as external" -RecipientDescription "This message was received from outside the organization, check the sender before replying" -RetainClassificationEnabled $true

Note, the -RetainClassificationEnabled is responsible for

Then we need to create and enable a transport rule that will enforce this message classification on emails coming from external senders. This can be done via Graphical User Interface or PowerShell.

And don't forget to enable the transport rule at the end.

It should look something like this (Notice the supplementary Mail Tip in gray above the one from ExternalInOutlook):

Conclusion

If you want to have more peace of mind that you've done your part to help prevent users getting phished or leaking information to unwanted parties, these 2 methods can help. I'm not saying these are the only ways. You can always find alternatives with Mail Tips, adding words to the Subject, or maybe something more creative, but the methods I showcased feel just right for the task.

Hope you enjoyed it, and if so, please consider subscribing to keep informed about new posts.