External email warning banner in O365:
? Step 1: Sign in to Exchange Admin Center
Log in with your Global Admin / Exchange Admin account.
? Step 2: Create a Mail Flow Rule
In the left menu, select Mail flow > Rules.
Click + Add a rule > Create a new rule.
Give it a name, e.g.,
External Email Warning Banner.
? Step 3: Configure the Conditions
Under Apply this rule if… choose:
The sender is located… → Outside the organization
? Step 4: Configure the Action
Under Do the following… choose:
Prepend the message subject with…
Example:[EXTERNAL]AND/OR
Apply a disclaimer to the message… → Prepend a disclaimer
In the disclaimer text box, paste your warning banner. For example:
<div style="background-color:#ff0000; color:white; padding:10px; font-size:14px;"> ⚠️ This email originated from outside your organization. Do not click links or open attachments unless you recognize the sender. </div>
Set the fallback action: Wrap.
? Step 5: Exclusions (Optional)
Add exceptions so your own trusted domains don’t trigger the banner.
Under Except if… choose:
The sender domain is… → add your internal domains (e.g.,
yourcompany.com).
? Step 6: Save and Test
Click Save.
Send a test email from a Gmail/Yahoo account to verify the red banner is displayed.