πΌ Management Samenvatting
External sender warnings in emails help users identify external senders, en vermindert phishing success.
Aanbeveling
IMPLEMENT
Risico zonder
Medium
Risk Score
5/10
Implementatie
2u (tech: 1u)
Van toepassing op:
β M365
β Exchange
β Exchange
Users assume emails are van colleagues Tenzij warned. External sender tag alerts users: Verifieer sender voordat clicking links, be cautious met requests, suspect Phishing aanvallen.
PowerShell Modules Vereist
Primary API: Exchange Online PowerShell
Connection:
Required Modules: ExchangeOnlineManagement
Connection:
Connect-ExchangeOnlineRequired Modules: ExchangeOnlineManagement
Implementatie
Configureer external sender identification: warning banner in Outlook showing 'External sender' of aangepaste message. via Exchange mail flow rule of ingebouwde setting.
- Option 1: Exchange admin center β Mail flow β Rules β Add external sender warning
- Option 2: Native external tag (if available in Tenant instellingen)
- Message: 'EXTERNAL: Deze email originated buiten de organization'
- Apply to alle inbound external emails
Vereisten
- Exchange Online
- Exchange Administrator
Implementatie
- Option 1: Exchange admin center β Mail flow β Rules β Add external sender warning
- Option 2: Native external tag (if available in Tenant instellingen)
- Message: 'EXTERNAL: Deze email originated buiten de organization'
- Apply to alle inbound external emails
Compliance en Auditing
- CIS M365 - regelen 2.1.10
- BIO 13.02
- ISO 27001 A.13.2.1
Monitoring
Gebruik PowerShell-script external-sender-identified.ps1 (functie Invoke-Monitoring) β Controleren.
Remediatie
Gebruik PowerShell-script external-sender-identified.ps1 (functie Invoke-Remediation) β Herstellen.
Compliance & Frameworks
- CIS M365: Control 2.1.10 (L2) - External sender identification
- BIO: 13.02 - Email security awareness
- ISO 27001:2022: A.13.2.1 - Email policies
Automation
Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).
PowerShell
<#
.SYNOPSIS
External Sender Identification
.DESCRIPTION
Shows visual indicator for external emails in Outlook
.NOTES
NL Baseline v2.0
#>
#Requires -Version 5.1
#Requires -Modules ExchangeOnlineManagement
[CmdletBinding()]
param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert,
[switch]$WhatIf)
$ErrorActionPreference = 'Stop'
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "External Sender Identification" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan
function Invoke-Monitoring {
try {
Connect-ExchangeOnline -ShowBanner:$false -ErrorAction Stop
$config = Get-ExternalInOutlook -ErrorAction Stop
$enabled = $config.Enabled
Write-Host " External Sender Tags: $(if($enabled){'ENABLED'}else{'DISABLED'})" -ForegroundColor $(
if ($enabled) { 'Green' }else { 'Red' }
)
Write-Host "`n Visual Indicator:" -ForegroundColor Cyan
Write-Host " β’ Shows `"External`" tag on emails" -ForegroundColor Gray
Write-Host " β’ Helps users identify phishing" -ForegroundColor Gray
Write-Host " β’ Reduces social engineering risk" -ForegroundColor Gray
if ($enabled) {
Write-Host "`n[OK] COMPLIANT - Users can identify external emails" -ForegroundColor Green
exit 0
}
else {
Write-Host "`n[FAIL] NON-COMPLIANT - No visual indicator!" -ForegroundColor Red
exit 1
}
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
function Invoke-Remediation {
try {
Connect-ExchangeOnline -ShowBanner:$false -ErrorAction Stop
$config = Get-ExternalInOutlook
if ($config.Enabled) {
Write-Host " [OK] Already enabled" -ForegroundColor Green
exit 0
}
Set-ExternalInOutlook -Enabled $true -ErrorAction Stop
Write-Host "`n[OK] External sender identification enabled" -ForegroundColor Green
Write-Host "Users will see `"External`" tag on external emails" -ForegroundColor Cyan
exit 0
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
function Invoke-Revert {
try {
Connect-ExchangeOnline -ShowBanner:$false -ErrorAction Stop
Set-ExternalInOutlook -Enabled $false -ErrorAction Stop
Write-Host " β οΈ Disabled - users can't identify external emails" -ForegroundColor Yellow
exit 0
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
try {
if ($Revert) { Invoke-Revert }
elseif ($Monitoring) { Invoke-Monitoring }
elseif ($Remediation) { Invoke-Remediation }
else { Write-Host "Use: -Monitoring | -Remediation | -Revert" -ForegroundColor Yellow }
}
catch { throw }
finally {
Write-Host "`n========================================`n" -ForegroundColor Cyan
}
Risico zonder implementatie
Risico zonder implementatie
Medium: Medium - Users kan niet easily identify external emails. Phishing succeeds via impersonation.
Management Samenvatting
External sender warnings in emails. User awareness aid. Voldoet aan CIS 2.1.10 L2. Setup: 1u.
- Implementatietijd: 2 uur
- FTE required: 0.02 FTE