I spotted a mysterious note while reading Microsoft Documentation about Anti-Phishing policies with an important note of a configuring a header to enable a message on certain emails that will say:
‘You don’t often get email from [email protected]. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification‘
or
‘Some people who received this message don’t often get email from [email protected]’
When I discovered this, I couldn’t find a google search result on X-MS-Exchange-EnableFirstContactSafetyTip beyond this single tip above. No instructions or details anywhere. It sounded like something I wanted though, and after some basic testing I couldn’t get it to work.
After raising it with Microsoft, it’s been clarified that this value needs to be set to ‘Enabled‘ – not ‘True’ or ‘Yes’. It was also recommended to only apply to emails coming from outside the organisation. This is fairly easily achieved via a Transport Rule, and you can narrow it down to certain recipients if you’d like to test it first:
At this stage I’m getting mixed results with it. In my Australian Microsoft 365 tenant, it’s adding the warning to the body of the email rather than a safety tip – I first thought this was probably an Outlook 2016 thing:
but the same happened in Outlook for the Web:
On my US tenant, it worked a bit differently in both Outlook 2016 and Outlook for the Web:
The tip appears at the top of the email but in a grey box, more closely resembling how it would look as a Safety Tip.
I’ve also seen the Safety Tip work on Outlook for the Web but only in a threaded email, and not at the top of the email – some weird things going on.
Anyway, it may be something worth playing with, but until we see more information about this feature, I’d leave it in testing mode only.
Have you since then noticed any difference between the tenants? I also see some tenants adding it to the body and some as a safety tip.