One can not always blame the end-user for clicking links in phishing emails. Phishers are becoming very skilled in making their deceptions look genuine. A way to help your users recognize incoming external phishing emails is by making sure it is very obvious when an inbound email is received from outside the own, trusted environment. This is where the free and build-in feature External Sender Identification is useful. It allows for an “external” tag (or message) to be added to email messages that are coming from an external domain. The feature is designed to be subtle but still visible.
Note: before this External Sender feature was available, this notification to users could also be handled by injecting HTML via a Transport Rule. While this method is still supported, you can now provide a more polished message inline. Do not forget to disable your Transport Rule to avoid duplicate warnings if you also use those.
External Sender Identification will work in Outlook Online, Outlook for Windows, Outlook for Mac, and both IOS and Android apps. You want to make sure you have updated to a version later than May 2021.
Enabling External Sender Identification
To check the current state of the setting, connect to Exchange Online and put in this command:
Get-ExternalInOutlookYou will get a response with either Enabled set to True or Enabled set to False.
To enable this feature, you use this command:
Set-ExternalInOutlook -Enabled $trueNote that it may take 24 hours to enable this across your tenant fully.
Once enabled, it will look like this:
Excluding domains or email addresses
It is possible to exclude domains from the detection. This can be useful if your organization has different tenants or works closely with specific partners. This is done via the AllowList. By default, this list is empty but implicitly holds all domains that are configured in your tenant. You can add or remove domains and even email addresses like this:
Set-ExternalInOutlook -AllowList @{Add="friendlydomain1.com", "friendlydomain2.com"}
Set-ExternalInOutlook -AllowList @{Remove="friendlydomain1.com"}The maximum number of entries is 50, and the total size of all entries can’t exceed one kilobyte.
MailTips
Do not confuse this setting with MailTips. A MailTip is used for outbound messages (you are sending an email). This External Sender Identification tag is used for inbound messages (you received an email).