Exchange Online: Tagging External Email Feature

Exchange Online: Tagging External Email Feature
Photo by Pascal Müller / Unsplash

Phishing is a problem. One indicator that makes it easier for users to spot phishing emails is a clear indication when an email comes from external. External email tagging has been available on Exchange Online for some time. This article describes short and briefly how to activate External email tagging in Exchange Online.

External email tagging means that messages received from external domains are marked as "external" by Exchange. The administrator has the possibility to determine which domains are set apart as internal.

Activating External Email Tagging

External tagging is disabled by default. To enable it follow the following steps:
in Powershell: make sure the ExchangeOnlineManagement Module is installed. if not alredy avaiable you can install it using:

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.0.0

than connect to your Exchange Online Instance:


and issue:

Set-ExternalInOutlook -AllowList "" -Enabled $True

The -AllowList holds the list of domains or email-adresses you trust and therefore will not receive the External tag. The AllowList uses the 5322.From address format.

activation period

Be aware that after an admin has enabled this setting, it can take up to 48 hours for users to see the External icon in messages from external senders.

check status of External Email Tagging

If you are unsure whether External Email Tagging is active or not (yet), you can check this as follows. Also the AllowedList is displayed with this command


Identity                             Enabled AllowList
--------                             ------- ---------
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx    True {}

Microsoft Learn: SetExternalInOutlook