Outlook: Emails marked with External to be supported as Rules conditions

🚨 The Signal: Outlook rules can now use the 'External' email tag as a condition. This allows automated handling of external emails, improving user awareness and potentially reducing phishing risk by enabling custom mail flow actions.

The Impact

Security teams and end-users are affected, gaining new tools to manage external email risks.

• Security Teams: Can enforce policies to quarantine or flag external emails.
• End-Users: Can automate sorting or flagging of external communications.
• Help Desk: May see increased queries regarding new email rule configurations.
• Compliance Officers: Can leverage for demonstrating controls around external data handling.

The Action

1. Review existing mail flow rules and transport rules for potential overlap or enhancement.
2. Communicate new rule capabilities to end-users and provide guidance on best practices for external email handling.
3. Consider creating organization-wide transport rules to automatically move external emails to specific folders or add disclaimers.
4. Update security awareness training to include guidance on using 'External' tag in Outlook rules.

Domain: Exchange · Impact: medium · Workload: Exchange Online