fbpx

External email warning tag in Outlook

Introduction

External email warnings are an important security measure which help users identify phishing, spam and other malicious emails sent from external senders. They have long been implemented by administrators using Exchange transport rules, typically in the form of an ‘[External]’ message in the subject line or prepending the email body with a highly visible warning message. Whilst effective, these approaches have some drawbacks.

As of August 2021 (roadmap)(announcement), Exchange Online provides a native external email warning tag setting supported by Outlook clients on Windows, Mac, iOS, Android and Outlook on the Web. By default, the setting is disabled in Exchange Online.

Outlook clients supporting External tags

  • Outlook on the web: available now
  • Outlook for Windows: available in builds 16.0.13930.10000 and higher
  • Outlook mobile (iOS & Android): version 4.2111.0 and higher
  • Outlook for Mac: version 16.47 and higher

This MSPMagic setting allows you to configure external email warning tags to be either enabled or disabled.

User Impact

Low – Enabling external email warning tag has little to no user impact.

Parameters

Enabled – True/False

Admin Portal Reference

Not available in admin portal

PowerShell Reference

To enable

Set-ExternalInOutlook -Enabled $true

To disable

Set-ExternalInOutlook -Enabled $false

Further details – Set-ExternalInOutlook (ExchangePowerShell) | Microsoft Docs

Additional Notes

External email warning tags only appear in Outlook clients and Outlook Web. Third party email clients such as Apple mail will not display the warning tag.

If you are currently using transport rules to add an [EXTERNAL] tag in external email subject line, please turn off the transport rule first before turning on this setting to avoid emails being marked ‘External’ twice (once by new native functionality and once by the transport rule).

External email warning tags can take up to 24-48 hours to appear after enabling the setting.

If Action is set to Notify

We report the setting as compliant if the setting matches the enabled value as set by the parameter.

We report the setting as non-compliant if the setting does not match the enabled value as set by the parameter.

If Action is set to Enforce

We report the setting as compliant if the setting matches the enabled value as set by the parameter.

We report the setting as compliant-fixed if the setting does not match the enabled value as set by the parameter and we adjust it to match.

Get Started!

The first three tenants are free! No credit card required.

Sign Up