As we know, many phishing attempts happen daily, so we need to tighten our email security. For non-IT user awareness, you can create an external email warning configuration, which will add a header to an email when it is coming from outside of your organization.
This article will apply only to Exchange online. The steps are quite simple but you need to prepare an HTML tag for the header.
Preparation
In preparation, you need to create an HTML file which you can use while you do configuration.
I have given you a sample below, which you can modify as per your needs.
<!-- Caution banner --> <table border=0 cellspacing=0 cellpadding=0 align="left" width="100%"> <tr> <!-- Change following line if you dont want in Yellow --> <td style="background:#ffb900;padding:5pt 2pt 5pt 2pt"></td> <td width="100%" cellpadding="7px 6px 7px 15px" style="background:#fff8e5;padding:5pt 4pt 5pt 12pt;word-wrap:break-word"> <div style="color:#222222;"> <span style="color:#222; font-weight:bold;">Caution:</span> This is an external email and has a suspicious subject or content. Please take care when clicking links or opening attachments. When in doubt, contact your IT Department </div> </td> </tr> </table> <br />
Configuration
Let’s start the configuration for the external email warning header.
- Go to the Exchange Admin center.
- Click on Mail Flow and open
- Create a new Rule.
- Select Create a New Rule
- Provide the appropriate name of the rule
- Select 1st condition where The Sender is External & recipient is internal
- In the Do Following Section Apply the disclaimer to the message and append a disclaimer
- In the Text section add the above-mentioned HTML code, you can make the change as you need in the format.
- Add the fallback action in it as a wrap.
- Click on Next once the above-mentioned configuration has been
- In the Set rule setting section, enforce this rule. Along with this setting, you can set severity, rule validity etc.
- Review the configuration and save it.
Validation
One rule created and synced, you can verify external email to your mailbox should have below mentioned header
Notes:
You can add an exclusion domain which doesn’t require this header except if section or add any actions in the rules.
You can modify it as per your needs.
That’s it!!
Check out more about Intune & I have a specific section for Windows troubleshooting I hope you will like to explore.