Outlook: Block External Images Settings Update

🚨 The Signal: Outlook on the web and new Outlook for Windows now offer granular control over external image loading. This enhances protection against tracking pixels and malicious content, allowing admins to enforce stricter default policies beyond the existing safe sender rule.

The Impact

All Outlook users are affected by improved email security, reducing risks from malicious external content.

• End Users: May see blocked images in emails, reducing tracking risks.
• Security Teams: Gain new controls to mitigate phishing and data exfiltration.
• Admins: Can enforce stricter organization-wide policies for external content.

The Action

1. Review existing Outlook Web Access mailbox policies for external content settings.
2. Evaluate new options to 'Block all external content' or 'Load all content by default' based on organizational risk appetite.
3. Communicate changes to end-users regarding external image display and manual loading options.
4. Monitor user feedback and security logs for any unexpected impacts or blocked legitimate content.

Domain: Exchange · Impact: medium · Workload: Exchange Online · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860