Exchange admin Configure External Email Warning Banner in Exchange Admin Center

Exchange admin Configure External Email Warning Banner in Exchange Admin Center

Purpose

This Knowledge Base (KB) article explains how to configure an external email warning banner in Microsoft Exchange Online using Mail Flow Rules. The banner helps users identify emails originating from outside the organization and improves protection against phishing or spoofing attempts.

Prerequisites

  • Microsoft 365 Global Admin or Exchange Admin access
  • Access to the Exchange Admin Center (EAC)
  • Approved external email banner HTML content
  • Email security provider public IP ranges (if exceptions are required)

Procedure

Step 1 – Access Exchange Admin Center

  1. Sign in to the Microsoft 365 Admin Portal.
  2. Navigate to Exchange Admin Center.

Alternatively:

  • Open:
    • Microsoft 365 Admin Center → Admin Centers → Exchange

Step 2 – Open Mail Flow Rules

  1. In the left pane, select:
    • Mail flow
  2. Click:
    • Rules

Step 3 – Create a New Rule

  1. Click:
    • + Add a rule
  2. Select:
    • Create a new rule

Rule Configuration

Rule Name

Set the rule name as:

External Email Warning Banner

Apply This Rule If

  1. Under Apply this rule if, select: 
The sender is located
  1. Choose: 
Outside the organization

This ensures the rule applies only to emails received from external domains.

Step 4 – Configure Exception for Trusted IPs

Add Exception

  1. Click: 
+ Add exception
  1. Select: 
The sender → IP address is in any of these ranges or exactly matches
  1. Add the trusted email security provider public IP ranges.

Example

192.0.2.0/24
203.0.113.5

Note:
Add all approved IP ranges provided by your email security vendor or security team.

Step 5 – Configure the Disclaimer Banner

Action

Under Do the following, select:

Apply a disclaimer to the message

Then choose:

Prepend a disclaimer

Step 6 – Add Banner HTML

Use the following sample HTML code:

<div style="border:2px solid #ff0000; background-color:#fff4f4; padding:10px; font-family:Calibri; font-size:14px;">
<b>Warning:</b> This email originated from outside the organization. 
Do not click links or open attachments unless you recognize the sender and know the content is safe.
</div>

Step 7 – Configure Fallback Action

If the disclaimer cannot be inserted:

  1. Select: 
Wrap

This ensures the email is still delivered with the banner content attached.

Step 8 – Save and Enable the Rule

  1. Click:
    • Next
  2. Review the configuration.
  3. Ensure:
    • Rule Mode = Enforce
  4. Click:
    • Finish
  5. Verify the rule status is:
    • Enabled

Validation

Send a test email from an external email address and confirm:

  • The warning banner appears at the top of the email
  • Internal emails do not display the banner
  • Trusted IP exceptions bypass the rule if configured

Best Practices

  • Keep the banner concise and clearly visible
  • Avoid excessive colors or large banners
  • Regularly review trusted IP ranges
  • Test after Microsoft 365 updates or mail flow changes

Troubleshooting

IssuePossible CauseResolution
Banner not appearingRule disabledEnable the rule
Banner applied to internal emailsIncorrect conditionVerify sender location setting
Banner missing for some external emailsTrusted IP exception configuredReview exception list
HTML formatting brokenUnsupported HTML tagsUse simple HTML formatting