Enable First Contact Safety Tip for Exchange Online

"Exchange Online Protectionn” (EOP extension) for "First Contact Safety TipEnabling the “ ” feature is an important step to increase email security. This feature ensures that users are warned about emails from people they have never communicated with before.

Earlier Microsoft 365 Security over Outbound Spam Policy We have reviewed the subject, you can access the relevant subject from the link below.

Why: Exchange Online Protection First Contact Safety Tip

"First Contact Safety Tip" Exchange Online ProtectionThis is a security feature offered as part of . When users receive emails from people they have never interacted with before, this feature warns them with a safety tip. This tip encourages users to be careful of potentially suspicious or harmful content.

Your message X-Forefront-Antispam-Report is controlled by the value of the field in the header, 9,25. This functionality adds value to messages X-MS-Exchange-EnableFirstContactSafetyTip Replaces the need to create mail flow rules (also known as transport rules) that add a header called

Its function is to notify and alert users about messages from email senders they have never communicated with before. This feature is especially important in the following cases:

  • New Communications: If a user receives an email from someone they have never communicated with before,First Contact Safety Tip” detects this situation and displays a warning message to the user.
You don't often get email from .
  • Identifying Potential Threats: It informs the user that the sender of a new email could be a potential threat. This is especially important for phishing and spam.
  • Senders who do not receive emails frequently: EOP will also show you a warning text for senders from whom you do not receive many emails.
  • Increasing User Awareness: These alerts increase users' awareness of email security and educate them to be more vigilant against potential threats.
Some people who received this message don't often get email from .

Exchange Online Protection: First Contact Security Type Example

Let's say that Anna, who works for a company, uses the company's email system that uses Exchange Online Protection (EOP). One day, Anna receives an email from a person she's never heard of before, "John Doe." EOP's "First Contact Safety Tip” feature is activated and a warning message like the one below appears in Ayşe’s e-mail interface:

“Attention: This email is from a sender you have never interacted with before. Please verify the identity of the sender and the authenticity of the message before opening the content.”

This alert causes Ayse to examine the email carefully. The email sent by John Doe contains an important job offer for the company. Ayse contacts the company's IT department to verify the sender's reliability, thus evaluating a potential job opportunity and not risking the company's security.

There are differences between EOP Anti-Phishing and 365 Defender Anti-Phishing rules.

FeatureAnti-phishing policies
in EOP
Anti-phishing policies
in Defender for Office 365
Automatically created default policy
Create custom policies
Common policy settings*
Spoof settings
First contact safety tip
Impersonation settings
Advanced phishing thresholds

How to Enable Exchange Online First Contact Safety Tip with 365 Defender? How to Enable First Safety Tip on 365 Security in Exchange Online?

To enable First Contact Safety Type in Exchange Online, first Microsoft 365 Security We need to perform the LOGIN operation on it.

Later Microsoft 365 Security – Email & Collaboration – Policies & Rules – Threat Policies – Anti-Phishing (Under 'Policies') we need to follow the steps.

Here we can edit the existing Rule, or we can create a new Rule with the "Create" step and assign our Exchange Online users or groups to the Rule we created.

When we want to make changes to the rule, we can do so through the menu that opens on the right side of the 365 Security portal.

In this section, you can prevent the impersonation of the domains or users you specify. You can perform tightening operations regarding the existing M365 tetanus with the steps Enable Domains Protect and Enable users to protect.

After saving your operations here with the Save button, you can come to the Action section.

It will be sufficient to enable the Show first contact safety tip (Recommended) option.

Activating First Contact Safety Tip using Transport Rule Steps – Activating First Contact Safety Tip using Transport Rule Steps

Transport Rule You can perform the activation process and provide user-based classification here. Transport Rule while creating First Contact Safety Tip X-MS-Exchange-EnableFirstContactSafetyTip x-header section is used.

We follow the steps Exchange Online Admin – Mail Flow – Rules.

The rule we will create should look like the one below. The value "True" can also be used instead of the value Enabled, but Microsoft engineers do not recommend using that value.

Header: X-MS-Exchange-EnableFirstContactSafetyTip

Value: Enabled

After saving the relevant Rule process, your users will start to see the hints in the first e-mail senders and in the External e-mails that do not send many e-mails.

“First Contact Safety Tip” significantly increases the email security of Exchange Online Protection users. With this feature, users can be more careful about emails from people they have never interacted with before. This is critical to preventing security breaches and ensuring information security, especially in corporate environments. Enabling the feature is a simple and directly accessible process for administrators. This allows organizations to easily strengthen their email security.

Comment