Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Attack Simulation Training - external tag

Brass Contributor

I am testing the Attack Simulation Training. I noticed on the phishing email I received, that the "External" tag that Outlook assigns was missing. That would be a red flag for many people. Is there a way to make this more realistic and have the External tag?

 
 
5 Replies
Hello JG
Yes, you can enable external email tags via Windows PowerShell by typing the following lines and pressing Enter: `Set-ExternalInOutlook -Enabled $true`. Then restart your PC and check Outlook after 24-48 hours to see if the External warning tag or label appears¹.

However, external tagging is disabled by default, so you may connect to Exchange online PowerShell and run the command `Set-ExternalInOutlook –Enabled $false`².

There are multiple ways to add [External] tag to emails received from outside the organization. You can apply [External] tag using transport rule in Exchange and Office 365. You can also set up [External] tag using rules in your third-party gateway³.

I hope this helps!

Source: Conversation with Bing, 4/16/2023
(1) How to Remove The External Tag/Label in Outlook - Windows Report. https://windowsreport.com/outlook-external-tag-remove/.
(2) Outlook External Email Tag - Microsoft Community. https://answers.microsoft.com/en-us/outlook_com/forum/all/outlook-external-email-tag/726edfb4-fd09-4....
(3) Users cannot see [External] tag in OWA and Outlook Conversation View. https://techcommunity.microsoft.com/t5/exchange/users-cannot-see-external-tag-in-owa-and-outlook-con....

Hope this help

@JG-Burke Did you get an answer to this elsewhere?  Have started to test the attack simulation training, and the lack of an "External" flag stuck out like a sore thumb.  Can't seem to find much information elsewhere.

 

Regards, James

I did not. We continue to use KnowBe4.

@Tarot_resolution  Does your answer apply to Attack Simulation Training?

Thanks -- not sure you read the question/issue.
This has to deal with Microsoft's attack simulation -- not external labels. I have external labels on and I have a transport rule to prepend messages. the issue is MS attach simulation ignore those, so the simulation is not realistic.