How to Enable and Use Exchange Online’s External Email Tagging Feature


Exchange Online tenants can activate external email tagging, which causes Outlook clients (not desktop yet) to highlight messages received from external domains. The feature can replace custom implementations to mark external email, usually done with transport rules. It’s easy to implement and control, but the mail tip offering to block an external sender seems a little over the top.

13 Replies

@Tony Redmond 


Is there a date set for enabling this feature in Outlook?

Haven't seen it turn up in a build yet,.

@Tony Redmond 


Thanks. I have this enabled for my clients since last year and it seems to work great in Outlook online and in the Outlook app. Not sure why its taking so long to enable the feature in Outlook. 

The nature of Outlook desktop is that it always takes longer to develop and implement UI than it does in OWA.

@Tony Redmond Do you know if there is there a way to change the layout of the tag in Outlook to make it stand out a little more?  Currently it has just the small exclamation point and the text "This sender xxx is from outside your organisation".  To really make it less subtile and have a better effect.


Best regards 

Jacob Christensen

I don't believe you can customize any aspect of the warning.
There exists is a Windows program that allows you to modify the configuration of external sender identification. Use it if you don't want to run Exchange PowerShell.
Google for "SetExternalInOutlook for Office 365".
That's the same Exchange Online cmdlet described in the article (did you read the article?). There isn't a program to manage the setting because there isn't a public Graph API for that purpose.
Hi Tony,
yes, the exe uses the same Exchange Online cmdlet.
I thought somebody prefer to run exe instead of PowerShell.
Why anyone would want to use an executable is beyond me. The cmdlet is simple and easy to run. It's a one-time operation, and using PowerShell avoids the need to consent to permissions etc. that an executable would need.
It's not one-time operation. What if you need to change allowed sender addresses/domains quite often?
How often do you think you need to change the domain list? In my experience, this is a one-time operation unless you have a tenant-to-tenant migration.

In any case, cmdlet execution is always easier than messing with executables. There is simply no comparison.
I can imagine somebody need to change allowed sender addresses (not domains) quite often.