I spotted a mysterious note while reading Microsoft Documentation about Anti-Phishing policies with an important note of a configuring a header to enable a message on certain emails that will say:
‘You don’t often get email from email@example.com. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification‘
‘Some people who received this message don’t often get email from firstname.lastname@example.org’
When I discovered this, I couldn’t find a google search result on X-MS-Exchange-EnableFirstContactSafetyTip beyond this single tip above. No instructions or details anywhere. It sounded like something I wanted though, and after some basic testing I couldn’t get it to work.
After raising it with Microsoft, it’s been clarified that this value needs to be set to ‘Enabled‘ – not ‘True’ or ‘Yes’. It was also recommended to only apply to emails coming from outside the organisation. This is fairly easily achieved via a Transport Rule, and you can narrow it down to certain recipients if you’d like to test it first:
At this stage I’m getting mixed results with it. In my Australian Microsoft 365 tenant, it’s adding the warning to the body of the email rather than a safety tip – I first thought this was probably an Outlook 2016 thing:
but the same happened in Outlook for the Web:
On my US tenant, it worked a bit differently in both Outlook 2016 and Outlook for the Web:
The tip appears at the top of the email but in a grey box, more closely resembling how it would look as a Safety Tip.
I’ve also seen the Safety Tip work on Outlook for the Web but only in a threaded email, and not at the top of the email – some weird things going on.
Anyway, it may be something worth playing with, but until we see more information about this feature, I’d leave it in testing mode only.