Callout External Senders in Outlook

What is External Sender Callouts?

External Callouts is what some organizations use to inform their staff that an email is coming from outside of their environment. IT Admins has created transport rule like this one http://www.thatlazyadmin.com/how-to-prepend-office-365-email-subject-when-email-is-received-from-external-sender/

The transport rule approach has some limitations which has been listed by Microsoft based on feedback from customers.

  • You can end up with duplicate [External] tags in subject line if external users keep replying to the thread (some of our customers use customized solutions to remove the duplicates).
  • Adding things to subject line breaks Outlook conversation threading, as the subject line is modified, so messages no longer “belong” to the same conversation.
  • Changed subject (or message body) stays as a part of the message during reply or forward, which leads to confusion if the thread becomes internal.
  • There can be localization issues, as transport rules have no knowledge of client language that end-users are using.
  • Those additions might take a lot of space in the subject line, making it hard to preview the subject on smaller devices.

Based on the feedback from different customers Microsoft has decided to make the functionality available in Exchange Online. We will look at who we setup this feature in Exchange Online.

How to Implement?

To get started we will launch the Exchange Online Management PowerShell Cmdlet.

Connect-ExchangeOnline

Complete the sign-in process.

We will enable the “Set-ExternalInOutlook” feature by running the following cmdlet.

Set-ExternalInOutlook -Enabled $true

You can also exclude users in the environment so that they dnt get the icon in their Outlook profiles. You can use the “Allowlist” to exclude certain email addresses.

Set-ExternalInOutlook -AllowList info@thatlazyadmin.com

Which Outlook Version are Supported?

  • Outlook on the web: available now
  • Outlook for Windows: available in May 2021 (starting with Insider Fast)
  • Outlook mobile (iOS & Android): version 4.2111.0 and higher
  • Outlook for Mac: version 16.47 and higher

If you are using a Transport rule like mentioned in the above post, then you need to disable the Transport Rule, this rule will create duplicate marked as [External] in the subject line.

One thing to note, once the feature has been enabled for the tenant it might take 24 -48hours before the users start seeing the [External] tag in email messages they received from outside senders.

Here is an example of what it looks like on Outlook, OWA and Mobile device. (these images are from Microsoft techcommunity)

Outlook on the web view of External sender:

In Outlook for iOS, External sender user interface in the message list, External tag when reading chosen email and view of sender’s email address after tapping External label:

Post created by ThatlazyAdmin

Original Post by: TechCommunity


How to Configure Azure Sentinel to collect data from Office 365

What is Azure Sentinel:

 

https://www.youtube.com/watch?v=XXZp6LQZSJU

 

How do you connect Office 365 to Azure Sentinel? By connecting Office 365 to Azure Sentinel you can view all events in a single console.

 

From your Azure Sentinel Dashboard, click on Data connectors

From the data connectors overview page click on Office 365.

From the connector page, you will see the following configuration settings.

Expand Configuration and click on “click here to install solution”

The solution will install, to continue expand connect tenant to Azure Sentinal.

 

Click on +Add tenant you will be prompted for your Global Admin credentials.

Login with your administrator credentials.

Once you have provided your login credentials, you will be promoted to accept the permission request for your Office 365 organisation. Azure Sentinal will read health and activity data from your organisation.

Now that your Microsoft 365 organisation has been added to your Azure Sentinal, expand stream Office 365 activity logs. Click on select to select which logs you want to view in sentinel.

Select Exchange and Sharepoint.

Then click apply changes at the bottom

On the Next section you need to select which dashboard you want to install.

Click on “Recommended dashboards” and click on Exchange Online.

On the left-hand sider click on install.

Do the same for Office 365 Dashboard.

To view the newly installed dashboard, from the Azure Sentinel Home Dashboard click on Dashboards.

Then select the dashboard you want view. In this example I will select Office 365 Dashboard and then click on “view dashboard” from the right-hand slider.

From the Office 365 Dashabord, you can view the following:

 

  • Activity by workload
  • Admin Activity by Type
  • Update, Create and delete activities
  • Group activities

 

These are just some of the activities you can view from the Office 365 Dashboard in Azure Sentinel.