I'm guessing this:

https://www.securit360.com/blog/configure-warning-messages-office-365-emails-external-senders/

But instead of fallback action Wrap, use instead fallback action Ignore.

I'm thinking that the processing should fail on both an S/MIME Signed or an S/MIME Encrypted message, and then it should just ignore the rule as per the fallback option.

We use S/MIME signed and encrypted messages all the time, I want to make this external marking thing happen for phishing protection, but I absolutely do not want to break our S/MIME or the workflow at all.

Please someone confirm from Microsoft, or other users that have done this in their 365.