MS.EXO.7.1v1 - External sender warnings SHALL be implemented.

Information

Phishing is an ever-present threat. Alerting users when email originates from outside their organization can encourage them to exercise increased caution, especially if an email is one they expected from an internal sender.

Solution

To create a mail flow rule to produce external sender warnings:

1. Sign in to the Exchange admin center.

2. Under Mail flow, select Rules.

3. Click the plus (+) button to create a new rule.

4. Select Modify messages....

5. Give the rule an appropriate name.

6. Under Apply this rule if..., select The sender is external/internal.

7. Under select sender location, select Outside the organization, then click OK.

8. Under Do the following..., select Prepend the subject of the message with....

9. Under specify subject prefix, enter a message such as "\[External\]" (without the quotation marks), then click OK.

10. Click Next.

11. Under Choose a mode for this rule, select Enforce.

12. Leave the Severity as Not Specified.

13. Leave the Match sender address in message as Header and click Next.

14. Click Finish and then Done.

15. The new rule will be disabled. Re-select the new rule to show its settings and slide the Enable or disable rule slider to the right until it shows as Enabled.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|IA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-44, 800-53|SI-2, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: fee490a95db02637934610ebd1aa2c903d1c30e594e30daf5a638ad1bc8cd114