Enabling First Contact Safety Tip
O365 has a feature that adds a notification at the top of the email, when the recipient receives an email from an email address that they normally don’t receive email from. The instructions below explain how to enable this.
- Log in to MS Office admin portal
- Navigate to Security > Email & collaboration > Policies & rules > Threat policies > Enhanced filtering
- Create or enable Proofpoint Inbound Connector:
- If the inbound connector is applied to a set of users, a mail flow rule need to be added:
In Exchange admin center, navigate to Mail flow > Rules and click Add a rule.
Create a new rule Proofpoint Spam Filter Bypass:
- If/when it is time to apply the inbound connector to the whole company, the Proofpoint Spam Filter Bypass rule needs to be disabled.
- Navigate to Security > Email & collaboration > Policies & rules > Threat policies > Anti-phishing
- Edit settings for Office365 AntiPhish Default (Default), scroll to the bottom and click “Edit actions”
- Enable “Show first contact safety tip”
- An attempt was made to make a mail flow rule on the admin side of O365 for messages with the first email tooltip attached in order to notify the IT department, but this text is generated after the mail flow rules are triggered, so that did not work.
Another solution for this is described in the SOP “Email Rules via PowerShell”.- Please note that Automatic forwarding rules will need to be changed from “Automatic – System-controlled” to “On – Forwarding is enabled” for forwarding from one organization to another to work.
This was already enabled for BRP, and needed to be changed for RL and OSCO.