EOP First Contact Safety Tip Anti Phish rule

Posted on by

EOP First Contact Safety Tip Anti Phish rule

Hello,

Today I wanted to share a nice feature hidden in Exchange Online Protection. Even without Microsoft Defender for Office 365, you can have some advanced anti-phishing feature.

You can enable a mail rule that will add a mail header on incoming mail. This specific header will add a safety tip on received email if the sender is not a usual one, or if it’s a new one.

The header name is ‘X-MS-Exchange-EnableFirstContactSafetyTip’ the value should be ‘enable’. The transport rule should only target mails from outside the organization.

You can use the following PowerShell line to create it in seconds:

New-TransportRule -Name FirstContactSafetyTip -FromScope "NotInOrganization" -SetHeaderName 'X-MS-Exchange-EnableFirstContactSafetyTip' -SetHeaderValue 'enable'

Note: You’ll need the ExchangeOnlineManagement PowerShell module, and use “Connect-ExchangeOnline” first.

You can also use the Exchange Online administrative console to create this transport rule.

You can find more information in the Microsoft Defender for Office 365 documentation (the blue rectangle, you need to scroll down).

Once enabled, you can expect a Safety tip like this one:

EOP First Contact Safety Tip Anti Phish
EOP First Contact Safety Tip Anti Phish

This is kind of a nice feature, it works with or without Microsoft Defender for Office 365 (formerly known as Office 365 ATP).

The link “lean why this is important” is redirecting to http://aka.ms/LearnAboutSenderIdentification.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.