Implementing an "External E-mail" tag in Office 365 (now known as Microsoft 365)

Implementing an "External E-mail" tag in Office 365 (now known as Microsoft 365)

Implementing an "External E-mail" tag in Office 365 (now known as Microsoft 365) is a useful method to alert users that an email is coming from outside the organization. This can help prevent phishing attacks, improve user awareness, and create a more secure environment for handling external communications. The process involves creating a transport rule in Exchange Online to append the "External E-mail" tag to emails that are received from external domains.

Here’s a step-by-step guide to implement the "External E-mail" tag for emails received from external domains in Microsoft 365.

Step 1: Sign in to the Microsoft 365 Admin Center

  1. Open a web browser and go to the Microsoft 365 Admin Center: https://admin.microsoft.com.
  2. Sign in using your admin credentials (global admin or Exchange admin).

Step 2: Access the Exchange Admin Center

  1. In the Microsoft 365 Admin Center, on the left-hand side, expand the Admin centers menu.
  2. Click on Exchange to open the Exchange Admin Center (EAC).

Step 3: Create a New Mail Flow Rule (Transport Rule)

  1. In the Exchange Admin Center (EAC), on the left-hand side, click on mail flow.
  2. Under the mail flow tab, select rules. This is where you will configure a new transport rule to tag external emails.
  3. On the rules page, click the + (plus sign) to create a new rule.
  4. From the drop-down menu, choose Create a new rule.

Step 4: Define the New Rule for External Email Tagging

  1. In the New rule window, you will define the conditions and actions for this rule.

Rule Name:

  • Enter a name for the rule. For example, "Add External Email Tag".

Apply this rule if:

  1. Click the Apply this rule if… drop-down and select The sender is located….
  2. Choose Outside the organization. This condition ensures that the rule applies only to emails coming from external domains.

Do the following:

  1. Under Do the following…, select Modify the message properties > Set a message header.
  2. In the Set the message header box, choose X-MS-Exchange-Organization-Message-Header.
  3. Enter a name for the custom message header. For example, you can enter X-External-Email.
  4. In the Value field, enter a value that indicates the email is from an external source. For example, enter External E-mail. This will be displayed as a tag on the subject line or in the email content, depending on the user’s email client.

Add an Action to Display a Banner:

If you prefer to display a visual banner inside the email, you can also include an additional action:

  1. Select Apply a disclaimer to the message….
  2. Choose Append a disclaimer.
  3. In the Disclaimer text field, enter text like: This email was received from an external source. Please be cautious when clicking links or opening attachments..

You can use HTML if you prefer to make the banner more visually distinct.

Optional: Add More Exceptions

If there are specific conditions or exceptions to the rule (for example, if emails are from certain trusted external domains), you can add them under Except if. However, for most scenarios, you can leave this part empty.

Step 5: Configure Rule Settings

  1. Under Audit this rule with severity level, choose whether to audit the rule or set its severity.
  2. Choose Enforce under Choose a mode for this rule to make the rule active.
  3. You may also want to select Stop processing more rules if you want to ensure that no other rules are applied to the email once this rule has been triggered.

Step 6: Save and Test the Rule

  1. After configuring the rule, click Save to apply it.
  2. Once saved, the new rule will be listed on the mail flow rules page.
  3. Test the rule by sending an email from an external domain (i.e., an email address not associated with your organization) to a recipient within your organization.
    • You should now see the External E-mail tag or banner in the email message or subject line, depending on how you configured the rule.

Step 7: Monitor the Rule and Adjust Settings

  1. After applying the rule, monitor the effectiveness by checking the recipient's inbox for external emails and confirming that the tag or banner is correctly appearing.
  2. You may need to tweak the rule depending on user feedback or if you notice any legitimate emails being incorrectly tagged.
    • You can adjust the text, banner style, or conditions to be more precise.

Optional Step: Use PowerShell to Create the Rule (Advanced)

If you prefer working with PowerShell or need to automate the process across multiple tenants or mailboxes, you can create the same rule via PowerShell.

To create a similar rule using PowerShell, use the following cmdlet:

powershell
New-TransportRule -Name "Add External Email Tag" -FromScope NotInOrganization -SetHeaderName "X-External-Email" -SetHeaderValue "External E-mail"

This PowerShell cmdlet will set the header X-External-Email to External E-mail for all emails received from outside the organization.

Final Thoughts

This "External E-mail" tag provides an additional layer of security and awareness for your users. By labeling emails from outside the organization, users can more easily recognize potential phishing attempts and avoid engaging with malicious content. Be sure to communicate the reason for the external tag to your users and educate them about the risks of external emails.

With this setup, you’ve successfully configured the “External E-mail” tag for emails received from external domains in Office 365.

Comments

Post a Comment

Popular posts from this blog

Mastering Threat Hunting in Microsoft Sentinel: A Senior Cloud Architect’s Guide

Image
Perform threat hunting in Microsoft Sentinel Microsoft in details Mastering Threat Hunting in Microsoft Sentinel: A Senior Cloud Architect’s Guide Meta Description: Learn how to effectively perform threat hunting in Microsoft Sentinel with this comprehensive guide designed for IT professionals. Deep dive into implementation architecture, step-by-step configuration walkthroughs, advanced troubleshooting, and best practices for enterprise environments. Introduction – Strategic Context and Business Value In today's complex cybersecurity landscape, organizations face a myriad of threats that can compromise their data integrity, disrupt operations, and harm their reputation. As a Senior Cloud Architect specializing in Microsoft Azure, I understand that threat hunting has become an essential part of a robust cybersecurity strategy. Threat hunting involves proactively searching through networks, endpoints, and datasets to identify and isolate threats that evade existing security meas...
Read more