Microsoft 365 External Email Warning

Microsoft 365 External Email Warning

Email is an essential part of how businesses communicate these days. But did you know that it’s also one of the biggest targets for hackers looking to break into your company’s network, steal your data, or install nasty viruses on your computers? That’s why it’s so important to take steps to protect your business from external emails that come from people outside of your organization.

In this blog post, I’ll show you how to append disclaimer to all messages where sender is from external domain outside the organization.


How to create Mail Flow rule?

Connect to Exchange Online and enable External In Outlook feature.

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Set-ExternalInOutlook -Enabled $true


Identity                             Enabled AllowList
--------                             ------- ---------
8b673629-db6e-4028-98a2-4ea683651193    True {}


Navigate to Exchange Online administrator portal and create new Mail flow rule.


Apply this rule if:

  • The Sender is external/internal (Not In Organization / External)


Do the following:

  • Apply a disclaimer to the message.
  • Prepend a disclaimer
  • Enter the text and select what the option if the disclaimer can’t be inserted.


Example of the HTML code for warning message. Choose prepand a disclaimer.

<table border=0 cellspacing=0 cellpadding=0 align="left" width="100%">
    <td style="background:#dc3232;padding:3pt 1pt 3pt 1pt"></td>
    <td width="100%" cellpadding="3px 6px 3px 15px" style="background:#ffffff;padding:3pt 4pt 3pt 12pt;word-wrap:break-word">
      <div style="color:#222222;">
        <span style="color:#222; font-weight:bold;">Important:</span>
        Be careful. This message is from an EXTERNAL SENDER.

Active and Enforce the rule. Set severity as high.


The result.

Enabling disclaimers for messages received from external users outside of your organization is an important step towards enhancing your email security. With cybercrime on the rise, it’s more critical than ever to take proactive measures to protect your company’s digital assets.

By following the step-by-step guide I’ve provided in this blog post, you can quickly and easily enable disclaimers for all external messages received by your organization.

See ya in next posts 😉

Leave a Reply