A year after the other clients received external tagging, builds of Outlook for Windows support the feature. I’ve been using it with beta channel releases (Version 2210, build 15726.20000 and later). External tagging works as expected with Outlook for Windows, but a potential reason for its delay is apparent at first sight.
Fitting External Tagging into Outlook for Windows
Compared to the other Outlook clients, Outlook for Windows is a antique beast of a program. Although Microsoft has tweaked Outlook’s design over the years, the same basic layout persists. Anyone who used Outlook 97 twenty-five years ago would recognize the latest click-to-run build. Sure, the menu is nicer, and Outlook boasts a reading pane to make it easier to triage a busy inbox, but the structure of mailbox resources, folders, and messages remains.
Preserving the essence of Outlook’s interface creates continuity for users. Change has happened over the years, but nothing to totally rebuild the interface in the same way that the Monarch project is progressing. The upshot is that Outlook’s interface is full of items and options, and the views used to display lists of messages are quite tight. The result is that the new external tag must fit into a confined space, and it looks like it (Figure 1).
Figure 1: External tagging in Outlook for Windows
I realize I am not a professional designer and that my reaction is very much that of an amateur, but the external tag adds more clutter to an already crowded Outlook screen. In any case, the UI is what it is.
As you’d expect, external tagging works exactly the same way as in other Outlook clients. Any email received from an external domain that isn’t marked for exclusion for tagging is tagged as external (see my previous article for details about how to exclude a domain). Most of the email I receive is from external domains, and even after excluding domains that I correspond with extensively, I see many tagged messages.
Raising User Awareness
To be fair, that’s the point. The idea of external tagging is to highlight these messages to users with the hope that people will pay extra attention to any links and other content. Organizations have used transport rules to stamp inbound email with similar labels for years and highlighting email does help. However, like any visual clue, user fatigue grows over time and the tags are probably less effective once they become part of the Outlook landscape.
One is when email appears to come from an internal domain but really comes from a domain with a very similar name that’s set up by attackers with the aim of duping recipients. Humans might be fooled when an attacker swaps 1 for an l in a domain name, but a computer won’t be. Unfortunately, there’s no guarantee that people won’t ignore the external tag on an email that apparently comes from an internal sender.
External Tagging for Some, Not All
Adding external tagging to Outlook for Windows rounds out the Office 365 story. At least, if you use the click-to-run version. Perpetual versions like Outlook 2019 don’t include the necessary interface and Exchange Server doesn’t implement the feature for on-premises users. The classic approach of using transport rules to label external mail work in these scenarios. If you prefer to keep these methods, disable external tagging for Outlook by running the Set-ExternalInOutlook cmdlet:
Set-ExternalInOutlook -Enabled $False
Microsoft has probably done as good a job as possible to implement external tagging given the constraints of Outlook for Windows. External tagging works, it’s a valuable feature, and it will keep some out of trouble. That is, if you notice and respect the tags.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.
39 Replies to “Outlook for Windows Gets External Mail Tagging”
Do you have any idea when the external tagging will become available? Maybe, I am just asking when Monarch gets completely released. I know you don’t have the have the Microsoft release schedule, but if you were to guess, what would be your guess?
It sounds as though all accepted domains are automatically excluded. Would that mean that if a sender were to spoof one of our domains (legitimately or not), those emails – even though they originated outside of the O365 tenant – would not have the external tag?
Well, yes, if the spoofed mail managed to get through the rest of the Exchange Online Protection defenses. This is the kind of thing that SPF and DMARC would stop.
What I’m thinking of are systems like Salesforce or other external platforms legitimately spoofing our internal addresses. We have DMARC and SPF implemented and these messages pass through, but we still like it when those emails have an external sender stamp since the message does, in fact, originate outside of our network.
Loading...
I don’t have these systems to test so I can’t say for definite. It should be easy to test.
Loading...
Kreera, You must trust the mail systems of SalesForce and other external platforms a great deal. We don’t. We allow no vendors to spoof our systems. But to train your employees than to open this vector up for an avenue of attack. You have no idea how sloppy of how tight their mail systems are.
Thank you for that article. This new feature is hitting Outlook now and my users don’t like it. Is there a way to disable it so, “External” does not appear in the Outlook pane?
Thank you for the quick response. When I run the command on the affected computer I receive an error indicating the command is not recognized. Is this command run against the local computer or against Exchange Online? I don’t want to disable it for the tenant, just one computer.
C:\> Set-ExternalInOutlook -Enabled $false
The term ‘Set-ExternalInOutlook’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
C:\>
Loading...
Last week the External tags started appearing in my Outlook for Windows client. This week they are gone!?
Christopher W Ryan, Set-ExternalInOutlook is a command to run against Exchange Online. Currently there is no way to disable it per user / computer, only per tenant.
It seems the external tagging rollout is off to a rough start. There are a couple of things I wish Microsoft would do for these types of enhancements.
1. Predictability-Select members of our IT staff are in the Insider Channel (now called the Beta Channel.) One would hope that new features like this would surface there first. This one didn’t. Some of our users got this but no one in our IT staff received this (Beta Channel or not.) Everyone in our company uses the same version/build of Office.
2. Communication-As you might have noticed above, I asked when this was supposed to be released? Tony offered the very reasonable answer of a couple of months. I guess not. (Roadmap, Message Center?)
3. Visibility-I contacted our users that had this (past tense used on purpose) to find out which build of Office they were using. They were using the same build as our. So, I used the Get-ExternalInOutlook command (which show’s whether its enabled or not.) But this also includes OWA. So, everyone in our company shows as enabled. In other words, we have no way of knowing who has what. When those tickets started pouring in, it would be nice to be able to assess the impact for that P1 ticket I am about to submit. As noted above, the feature went away as quickly as it was rolled out. No notification about that either. Did someone just push the wrong button or something?
4. Tunability-(I feel like a sports announcer using a like word like that.) As noted in #3, how about having the option of enabling it or disabling it per client type. Just that one option would be so powerful and could be used so many ways.
5. Deploy disabled (especially) if channels are not used. (I know it doesn’t help their engagement metric, but the metrics are here for us, we aren’t here for the metrics.)
Microsoft does so many things very well. But as I have come to understand from my own personal experience, consistency is most important in our business. Features and functionality are nice, but surprises are for birthdays, not IT.
I rather like the idea of being able to disable the feature on a per-client basis, much like you can enable or disable client access via Set-CASMailbox or an OWA mailbox policy.
This feature just dropped on my machine… it took me all of five minutes to decide to run Set-ExternalInOutlook -Enabled $false
Showing external senders in the email itself is acceptable but the tagging in the list view is far too much clutter in my opinion, and several of my high-level users have sent me complaints in the last few days.
Just run the Set-ExternalInOutlook cmdlet. Set-ExternalInOutlook -Enabled $False
Loading...
Is there any other down stream impact of turning this feature off? Its way too cluttered and overall gain at this point is too minimal, maybe if this had come 10 years ago, but at this point we have been showing users that email are external via headers for 5 years already.
Hi Tony, thanks for the help. I’m trying to run that cmdlet and it’s saying that term is not recognized. Any suggestions?
I’m running as an Administrator, and I tried it with & without the ” -Enabled $False”.
I believe I have a Workaround. Instead of setting this at the server level, set it at the client level and replace the “From” field with a different one that does not include the External notification.
Right click on the “From” header at top of emails. Then “Field Chooser”
Then “New”, change the “Type” field to “Formula”, give the new field a name (e.g. MyFrom). Enter, [From] ,in the Formula box.
Click OK. After clicking OK, left-click and hold the “MyFrom” line and drag it up to your column heading area between “From” and “Subject” and release. Once you see it as a new column, then left-click on the original “From” column heading and drag it down into your mailbox until you see a large black X appear, then release your left-click and it will go away.
Now, click and drag the original From field off the email list. The EXTERNAL Label is tied to that field, and by removing the ‘real’ From field it will take away the label.
Loading...
Any idea how long it takes to disable across users in the Tenant once done?
Before the external tag disappears from email? In my experience, it took a couple of hours. However, it depends on how many email servers need to be updated for all the mailboxes in the organization.
Was wondering the same. I set it to $false like 4 hours ago and it’s still not going away. We have less than 30 users in our tenant. Not everyone was even seeing this new external box yet when some of our users started seeing it on Monday.
I have an odd one for you Tony, While the Outlook Desktop client on a Mac or Windows shows the External call out tag which is labeled as “External”. I do have one incident, at my job, where the label is written as “Unverified” on a Outlook for Mac Desktop Client. Any idea, other than the obvious as to why this new label appeared for that one external email so far?
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
Do you have any idea when the external tagging will become available? Maybe, I am just asking when Monarch gets completely released. I know you don’t have the have the Microsoft release schedule, but if you were to guess, what would be your guess?
It’s in the beta channel for Outlook now. I imagine that it will turn up in the mainstream in a couple of months.
It sounds as though all accepted domains are automatically excluded. Would that mean that if a sender were to spoof one of our domains (legitimately or not), those emails – even though they originated outside of the O365 tenant – would not have the external tag?
Well, yes, if the spoofed mail managed to get through the rest of the Exchange Online Protection defenses. This is the kind of thing that SPF and DMARC would stop.
What I’m thinking of are systems like Salesforce or other external platforms legitimately spoofing our internal addresses. We have DMARC and SPF implemented and these messages pass through, but we still like it when those emails have an external sender stamp since the message does, in fact, originate outside of our network.
I don’t have these systems to test so I can’t say for definite. It should be easy to test.
Kreera, You must trust the mail systems of SalesForce and other external platforms a great deal. We don’t. We allow no vendors to spoof our systems. But to train your employees than to open this vector up for an avenue of attack. You have no idea how sloppy of how tight their mail systems are.
I had External tagging in Outlook desktop for a good amount of time and today it’s gone…
consider yourself lucky is a pain
is it possible to turn it off? I don’t like it either ; )
Thank you for that article. This new feature is hitting Outlook now and my users don’t like it. Is there a way to disable it so, “External” does not appear in the Outlook pane?
See https://learn.microsoft.com/en-us/powershell/module/exchange/set-externalinoutlook?view=exchange-ps – Set the enabled flag to False.
Thank you for the quick response. When I run the command on the affected computer I receive an error indicating the command is not recognized. Is this command run against the local computer or against Exchange Online? I don’t want to disable it for the tenant, just one computer.
C:\> Set-ExternalInOutlook -Enabled $false
The term ‘Set-ExternalInOutlook’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
C:\>
Last week the External tags started appearing in my Outlook for Windows client. This week they are gone!?
And today the external tags are back!
Christopher W Ryan, Set-ExternalInOutlook is a command to run against Exchange Online. Currently there is no way to disable it per user / computer, only per tenant.
It seems the external tagging rollout is off to a rough start. There are a couple of things I wish Microsoft would do for these types of enhancements.
1. Predictability-Select members of our IT staff are in the Insider Channel (now called the Beta Channel.) One would hope that new features like this would surface there first. This one didn’t. Some of our users got this but no one in our IT staff received this (Beta Channel or not.) Everyone in our company uses the same version/build of Office.
2. Communication-As you might have noticed above, I asked when this was supposed to be released? Tony offered the very reasonable answer of a couple of months. I guess not. (Roadmap, Message Center?)
3. Visibility-I contacted our users that had this (past tense used on purpose) to find out which build of Office they were using. They were using the same build as our. So, I used the Get-ExternalInOutlook command (which show’s whether its enabled or not.) But this also includes OWA. So, everyone in our company shows as enabled. In other words, we have no way of knowing who has what. When those tickets started pouring in, it would be nice to be able to assess the impact for that P1 ticket I am about to submit. As noted above, the feature went away as quickly as it was rolled out. No notification about that either. Did someone just push the wrong button or something?
4. Tunability-(I feel like a sports announcer using a like word like that.) As noted in #3, how about having the option of enabling it or disabling it per client type. Just that one option would be so powerful and could be used so many ways.
5. Deploy disabled (especially) if channels are not used. (I know it doesn’t help their engagement metric, but the metrics are here for us, we aren’t here for the metrics.)
Microsoft does so many things very well. But as I have come to understand from my own personal experience, consistency is most important in our business. Features and functionality are nice, but surprises are for birthdays, not IT.
I rather like the idea of being able to disable the feature on a per-client basis, much like you can enable or disable client access via Set-CASMailbox or an OWA mailbox policy.
This feature just dropped on my machine… it took me all of five minutes to decide to run Set-ExternalInOutlook -Enabled $false
Showing external senders in the email itself is acceptable but the tagging in the list view is far too much clutter in my opinion, and several of my high-level users have sent me complaints in the last few days.
Ian, totally agree… Any shot you can give an amatuer like me the steps to do the same?
Ian, agreed! Any shot you can give a novice like me the help/steps to do the same?
Just run the Set-ExternalInOutlook cmdlet. Set-ExternalInOutlook -Enabled $False
Is there any other down stream impact of turning this feature off? Its way too cluttered and overall gain at this point is too minimal, maybe if this had come 10 years ago, but at this point we have been showing users that email are external via headers for 5 years already.
No problem if you disable external tagging. There’s no other dependencies.
Any idea where we can find some official documentation from Microsoft regarding this feature (for Outlook desktop client)?
https://learn.microsoft.com/en-us/powershell/module/exchange/set-externalinoutlook?view=exchange-ps
Hi Tony, thanks for the help. I’m trying to run that cmdlet and it’s saying that term is not recognized. Any suggestions?
I’m running as an Administrator, and I tried it with & without the ” -Enabled $False”.
Do you have the latest version of the Exchange Online management module loaded on the PC?
I believe so… 3.0.0 is what I have
Are you signed in with an administrator account?
I believe I have a Workaround. Instead of setting this at the server level, set it at the client level and replace the “From” field with a different one that does not include the External notification.
Right click on the “From” header at top of emails. Then “Field Chooser”
Then “New”, change the “Type” field to “Formula”, give the new field a name (e.g. MyFrom). Enter, [From] ,in the Formula box.
Click OK. After clicking OK, left-click and hold the “MyFrom” line and drag it up to your column heading area between “From” and “Subject” and release. Once you see it as a new column, then left-click on the original “From” column heading and drag it down into your mailbox until you see a large black X appear, then release your left-click and it will go away.
Now, click and drag the original From field off the email list. The EXTERNAL Label is tied to that field, and by removing the ‘real’ From field it will take away the label.
Any idea how long it takes to disable across users in the Tenant once done?
Before the external tag disappears from email? In my experience, it took a couple of hours. However, it depends on how many email servers need to be updated for all the mailboxes in the organization.
Was wondering the same. I set it to $false like 4 hours ago and it’s still not going away. We have less than 30 users in our tenant. Not everyone was even seeing this new external box yet when some of our users started seeing it on Monday.
These kinds of system refresh do take time to process. It can take up to a week.
Yes, signed in with administrator account.
I have an odd one for you Tony, While the Outlook Desktop client on a Mac or Windows shows the External call out tag which is labeled as “External”. I do have one incident, at my job, where the label is written as “Unverified” on a Outlook for Mac Desktop Client. Any idea, other than the obvious as to why this new label appeared for that one external email so far?
No idea. I don’t have a Mac to test it on either! Maybe someone else with a Mac can comment?