External sender callouts on email in Outlook

Posted on by

It is important to provide mechanisms for users to help them identify potential phishing emails. One way to do this is by giving users a way to distinguish emails from senders outside the organisation. Typically, this is accomplished by using a Exchange transport rules to prepend subject line or insert the message body to show the email is from external senders. This can cause several issues, including multiple tags in the subject, broken conversation threads, lack of localisation, and the handling of S/MIME-encrypted or ‑signed emails. Instead, Exchange Online can tag emails from external senders so that the Outlook client will display the [External] tag in the message list and a warning in the info bar when reading a message.

To set this up

  1. Exchange Online tenant admin will need to run the cmdlet Set-ExternalInOutlook to enable the new user interface for the whole tenant (this is available now); adding certain emails and domains to the allow list via the cmdlet is also possible.
  2. Outlook on the web already supports this. Outlook Mobile (iOS & Android) and Outlook for Mac are rolling out this feature. Specific versions:
    • Outlook on the web: available now
    • Outlook for Windows: Update 10/6/23: This feature is now available in Semi-Annual Enterprise Channel (Preview) too. External Tag view in Outlook for Windows (matching other clients) released to production for Current Channel and Monthly Enterprise Channel in Version 2211 for builds 15831.20190 and higher. We anticipate the External tag to reach Semi-Annual Preview Channel with Version 2308 on the September 12th 2023 public update and reach Semi-Annual Enterprise Channel with Version 2308 with the January 9th 2024 public update.  If any of the versions or dates change we will update this topic. See Update history for Microsoft 365 Apps (listed by date) to see release status of versions.
    • Outlook mobile (iOS & Android): version 4.2111.0 and higher
    • New Outlook for Mac: version 16.47 and higher

If you are using the prepend subject line transport rules currently to add an [EXTERNAL] tag in external email subject line: the new Outlook native callouts are adding a new MAPI property called IsExternalSender to the email item. Once all the (above listed) client versions you require have this functionality, to avoid emails being marked ‘External’ twice (once by new native functionality and once by the transport rule), please turn off the transport rule first before turning on Outlook native external sender callouts.

Microsoft tracked this feature in Microsoft 365 Roadmap ID 70595. This feature can be enabled on the tenant level now.

Enable tagging of emails from external senders by running the follow command:
# Connect to Exchange Online
Connect-ExchangeOnline

# Use the Set-ExternalInOutlook cmdlet to modify the configuration of external sender identification
Set-ExternalInOutlook -Enabled $true

# This example prevents the specified email addresses from receiving the External icon in the area of the subject line in supported versions of Outlook.
Set-ExternalInOutlook -AllowList admin@fabrikam.com,admin@fourthcoffee.com

# This example adds and removes the specified email addresses from the exception list without affecting other existing entries.
Set-ExternalInOutlook -AllowList @{Add=“admin@cohovineyard.com”;Remove=“admin@fourthcoffee.com”}

Outlook Desktop

Outlook Mobile

Once this feature is enabled via PowerShell, it might take 24-48 hours for your users to start seeing the External sender tag in email messages received from external sources (outside of your organization), providing their Outlook version supports it. If enabling this, you might want to notify your users about the new feature and update your training and documentation, as appropriate.

Leave a comment