Thanks for looking at this. It is a basic rule
RunspaceId : a88076fa-a73f-426a-b66d-b92dceb52ab6
Priority : 19
DlpPolicy :
DlpPolicyId : 00000000-0000-0000-0000-000000000000
Comments :
ManuallyModified : False
ActivationDate :
ExpiryDate :
Description : If the message:
Is received from 'Outside the organization'
Take the following actions:
Set audit severity level to 'Low'
and Prepend the message with the disclaimer '<div style='border:solid #9C6500 1.0pt;padding:4.0pt 4.0pt
4.0pt 4.0pt'><p
style='margin:0in;margin-bottom:.0001pt;line-height:14.4pt;background:#FFEB9C'><strong><span
style='font-family:"Calibri",sans-serif;color:black'>Caution:</span></strong><span style='color:black'>
This email originated from an external source. <strong><span style='font-family:"Calibri",sans-serif'>Be
Suspicious of Attachments, Links and Requests for Login Information. <br /><br />Utilize the Phishing
Button in Outlook to report suspected phishing emails.</span></strong></span><o:p></o:p></p></div>'. If
the disclaimer can't be applied, take no action.
RuleVersion : 15.0.1.0
Conditions : {Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate}
Exceptions :
Actions : {Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SetAuditSeverityAction,
Microsoft.Exchange.MessagingPolicies.Rules.Tasks.ApplyHtmlDisclaimerAction}
State : Enabled
Mode : Enforce
RuleErrorAction : Ignore
SenderAddressLocation : Header
RuleSubType : None
UseLegacyRegex : False
From :
FromMemberOf :
FromScope : NotInOrganization
SentTo :
SentToMemberOf :
SentToScope :
BetweenMemberOf1 :
BetweenMemberOf2 :
ManagerAddresses :
ManagerForEvaluatedUser :
SenderManagementRelationship :
ADComparisonAttribute :
ADComparisonOperator :
SenderADAttributeContainsWords :
SenderADAttributeMatchesPatterns :
RecipientADAttributeContainsWords :
RecipientADAttributeMatchesPatterns :
AnyOfToHeader :
AnyOfToHeaderMemberOf :
AnyOfCcHeader :
AnyOfCcHeaderMemberOf :
AnyOfToCcHeader :
AnyOfToCcHeaderMemberOf :
HasClassification :
HasNoClassification : False
SubjectContainsWords :
SubjectOrBodyContainsWords :
HeaderContainsMessageHeader :
HeaderContainsWords :
FromAddressContainsWords :
SenderDomainIs :
RecipientDomainIs :
SubjectMatchesPatterns :
SubjectOrBodyMatchesPatterns :
HeaderMatchesMessageHeader :
HeaderMatchesPatterns :
FromAddressMatchesPatterns :
AttachmentNameMatchesPatterns :
AttachmentExtensionMatchesWords :
AttachmentPropertyContainsWords :
ContentCharacterSetContainsWords :
HasSenderOverride : False
MessageContainsDataClassifications :
MessageContainsAllDataClassifications :
SenderIpRanges :
SCLOver :
AttachmentSizeOver :
MessageSizeOver :
WithImportance :
MessageTypeMatches :
RecipientAddressContainsWords :
RecipientAddressMatchesPatterns :
SenderInRecipientList :
RecipientInSenderList :
AttachmentContainsWords :
AttachmentMatchesPatterns :
AttachmentIsUnsupported : False
AttachmentProcessingLimitExceeded : False
AttachmentHasExecutableContent : False
AttachmentIsPasswordProtected : False
AnyOfRecipientAddressContainsWords :
AnyOfRecipientAddressMatchesPatterns :
ExceptIfFrom :
ExceptIfFromMemberOf :
ExceptIfFromScope :
ExceptIfSentTo :
ExceptIfSentToMemberOf :
ExceptIfSentToScope :
ExceptIfBetweenMemberOf1 :
ExceptIfBetweenMemberOf2 :
ExceptIfManagerAddresses :
ExceptIfManagerForEvaluatedUser :
ExceptIfSenderManagementRelationship :
ExceptIfADComparisonAttribute :
ExceptIfADComparisonOperator :
ExceptIfSenderADAttributeContainsWords :
ExceptIfSenderADAttributeMatchesPatterns :
ExceptIfRecipientADAttributeContainsWords :
ExceptIfRecipientADAttributeMatchesPatterns :
ExceptIfAnyOfToHeader :
ExceptIfAnyOfToHeaderMemberOf :
ExceptIfAnyOfCcHeader :
ExceptIfAnyOfCcHeaderMemberOf :
ExceptIfAnyOfToCcHeader :
ExceptIfAnyOfToCcHeaderMemberOf :
ExceptIfHasClassification :
ExceptIfHasNoClassification : False
ExceptIfSubjectContainsWords :
ExceptIfSubjectOrBodyContainsWords :
ExceptIfHeaderContainsMessageHeader :
ExceptIfHeaderContainsWords :
ExceptIfFromAddressContainsWords :
ExceptIfSenderDomainIs :
ExceptIfRecipientDomainIs :
ExceptIfSubjectMatchesPatterns :
ExceptIfSubjectOrBodyMatchesPatterns :
ExceptIfHeaderMatchesMessageHeader :
ExceptIfHeaderMatchesPatterns :
ExceptIfFromAddressMatchesPatterns :
ExceptIfAttachmentNameMatchesPatterns :
ExceptIfAttachmentExtensionMatchesWords :
ExceptIfAttachmentPropertyContainsWords :
ExceptIfContentCharacterSetContainsWords :
ExceptIfSCLOver :
ExceptIfAttachmentSizeOver :
ExceptIfMessageSizeOver :
ExceptIfWithImportance :
ExceptIfMessageTypeMatches :
ExceptIfRecipientAddressContainsWords :
ExceptIfRecipientAddressMatchesPatterns :
ExceptIfSenderInRecipientList :
ExceptIfRecipientInSenderList :
ExceptIfAttachmentContainsWords :
ExceptIfAttachmentMatchesPatterns :
ExceptIfAttachmentIsUnsupported : False
ExceptIfAttachmentProcessingLimitExceeded : False
ExceptIfAttachmentHasExecutableContent : False
ExceptIfAttachmentIsPasswordProtected : False
ExceptIfAnyOfRecipientAddressContainsWords :
ExceptIfAnyOfRecipientAddressMatchesPatterns :
ExceptIfHasSenderOverride : False
ExceptIfMessageContainsDataClassifications :
ExceptIfMessageContainsAllDataClassifications :
ExceptIfSenderIpRanges :
PrependSubject :
SetAuditSeverity : Low
ApplyClassification :
ApplyHtmlDisclaimerLocation : Prepend
ApplyHtmlDisclaimerText : <div style='border:solid #9C6500 1.0pt;padding:4.0pt 4.0pt 4.0pt 4.0pt'><p
style='margin:0in;margin-bottom:.0001pt;line-height:14.4pt;background:#FFEB9C'><strong><span
style='font-family:"Calibri",sans-serif;color:black'>Caution:</span></strong><span style='color:black'>
This email originated from an external source. <strong><span style='font-family:"Calibri",sans-serif'>Be
Suspicious of Attachments, Links and Requests for Login Information. <br /><br />Utilize the Phishing
Button in Outlook to report suspected phishing emails.</span></strong></span><o:p></o:p></p></div>
ApplyHtmlDisclaimerFallbackAction : Ignore
ApplyRightsProtectionTemplate :
SetSCL :
SetHeaderName :
SetHeaderValue :
RemoveHeader :
AddToRecipients :
CopyTo :
BlindCopyTo :
AddManagerAsRecipientType :
ModerateMessageByUser :
ModerateMessageByManager : False
RedirectMessageTo :
RejectMessageEnhancedStatusCode :
RejectMessageReasonText :
DeleteMessage : False
Disconnect : False
Quarantine : False
SmtpRejectMessageRejectText :
SmtpRejectMessageRejectStatusCode :
LogEventText :
StopRuleProcessing : False
SenderNotificationType :
GenerateIncidentReport :
IncidentReportContent :
RouteMessageOutboundConnector :
RouteMessageOutboundRequireTls : False
ApplyOME : False
RemoveOME : False
OMEExpiryDays : 0
GenerateNotification :
Identity : Caution Banner for Incoming Email from External Sources
DistinguishedName : CN=Caution Banner for Incoming Email from External Sources,CN=TransportVersioned,CN=Rules,CN=Transport
Settings,CN=domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain
Guid : b0c50cfe-4dc9-47fe-8f73-be404a6f2848
ImmutableId : b0c50cfe-4dc9-47fe-8f73-be404a6f2848
OrganizationId :
Name : Caution Banner for Incoming Email from External Sources
IsValid : True
WhenChanged : 4/6/2022 1:48:10 PM
ExchangeVersion : 0.1 (8.0.535.0)
ObjectState : Unchanged