External sender callouts in Outlook now available

A new feature in Exchange Online being rolled out now is the ability to apply an “External” label to email that originated outside your organisation.

This helps people quickly differentiate between internal and external email which can help prevent phishing attacks and people inadvertently forwarding sensitive content by mistake if your Microsoft 365 compliance features have not yet been fully deployed.

This feature requires a supported version of Outlook, which are:

  • Outlook on the web: available now
  • Outlook for Windows: available in May 2021 (starting with Insider Fast)
  • Outlook mobile (iOS & Android): version 4.2111.0 and higher
  • Outlook for Mac: version 16.47 and higher

The feature is managed using the Set-ExternalInOutlook PowerShell cmdlet. To enable the feature, the following cmdlets are run:

Connect-ExchangeOnline -UserPrincipalName <admin account@yourtenant>
Set-ExternalInOutlook -Enabled $true

It can take up to 48 hours for the change to take effect.

Once enabled, new emails received from external addresses are clearly labelled, as shown in the images below:

Outlook on the Web
Outlook for iOS screens
Outlook for iOS

It is possible to add up to 30 external domains or individual addresses to an allow list. Emails from senders in the allow list won’t display the External label. The allow list is managed using the -AllowList parameter of the Set-ExternalInOutlook cmdlet. For example, to add a domain the following cmdlet is run:

Set-ExternalInOutlook -AllowList @{Add="contoso.com","paul@adventureworks.com"}

And to remove addresses from the allow list:

Set-ExternalInOutlook -AllowList @{Remove="paul@adventureworks.com"}

This feature can be monitored under feature 70595 on the Microsoft 365 roadmap.

About the author