Outlook Safe-sender list group policy not working

Question

We have been using a GPO to deploy junk email settings for some time such as described in this article.

https://support.microsoft.com/en-us/help/2252421/how-to-deploy-junk-email-settings-such-as-the-safe-senders-list-by-usi

This used to work but stopped some time ago, I think when we deployed Office365 version of Outlook.

Is this still known to work with 365 versions of Outlook or do we need to change to using Set-MailboxJunkEmailConfiguration commands

I already have the sending domains listed in https://protection.office.com/antispam safe list

The message are delivered to inbox, but we want Outlook to automatically show the embedded pictures without the user having to click on a thing to download the images.
We are setting up a phish test simulation and need to get the emails delivered correctly.

Answer 1

Actually, the post above is not correct, it may have been co-incidence that it worked once, but I could not replicate it again.

The correct policy path is

Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Mail

I found the issue is with the txt file itself that contains the trusted domains. I imported the list manually into Outlook, then exported it to a new file. Then replaced the file on the network share with this new file, and Outlook started reading in the contents again into 'Safe Senders'. (need to restart Outlook client)

Answer 2

I found the problem, something has changed with where Outlook looks in the registry for these keys,

the gpo applies the setting to

Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Mail

I created the same keys manually under

Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\Mail

and it now works

Answer 3

Hi@MikeLehmann-8939,

We have been using a GPO to deploy junk email settings for some time such as described in this article.

I have tried to deploy this setting via GPO on my Microsoft 365 for testing, and it couldn't work, which is same as your situation. So the setting may not be available to Microsoft 365 as you mentioned, but I haven't found any official document to declare it now.

I already have the sending domains listed in https://protection.office.com/antispam safe list

For this option, as I know, we just could add the "allow list" here, this list controls if the sender could send messages to your organization, and it's different from the safe list in Outlook. For the safe list itself, we could only use Set-MailboxJunkEmailConfiguration commands as you mentioned to deploy. For more information about the feature and precautions of these options, please refer to this official article: Create safe sender lists in EOP, it's suggested to choose the appropriate option according to your need.

but we want Outlook to automatically show the embedded pictures without the user having to click on a thing to download the images

For this situation, it would actually be affected by the setting in Outlook client, we could change it via:

• Add the sender to safe sender list(through Outlook client or Exchange PowerShell)
• Turn off "don't download picture automatically" in trust center setting(File>Options>Trust center>Trust center settings>uncheck these options), but for your safety, it's recommended to keep this on.

Hope that would be helpful to you.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

thanks for the update

the key JunkMailImportLists(1) does exists

I also have the latest GPO ADMX template installed. I've looked at several troubleshooting guides for this but they all say basically the same thing.

this is what I have in my registry currently which comes from GPO

Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\options\mail