Phishing attacks are a growing threat to individuals and organizations, and can result in the theft of personal information or the installation of malware on a computer system. To help combat this threat, a security banner on incoming emails about phishing is essential. The banner provides a warning to users that an email may be a phishing attempt, increases user awareness of phishing tactics, and provides guidance on how to respond.

By enhancing security measures, such as blocking certain types of emails, a security banner can help to prevent phishing attacks from succeeding and protect sensitive information from being compromised.

Setting up the banner can be done from the Exchange Admin Center in Microsoft 365 Portal

Go to M365 Admin Center -> Exchange -> Mail Flow -> Rules

Press “+ Add a rule” -> Create a rule

1.Name the rule.
2.Apply this rule if:
     -The Sender is External/internal and choose Outside the organization
3.Do the following:
     -Apply a disclaimer to the message -> append a disclaimer -> Enter the text below and select “Wrap” as      fall back action if the disclaimer can’t be inserted
<p>
<div style="background-color:#FF0000; width:100%; border-style: solid; 
border-color:#0000FF; border-width:1pt; padding:1pt; font-size:11pt; 
line-height:12pt; font-family:'Calibri'; color:White; text-align: left;">
<span style="color:#9C6500"; font-weight:bold;>
CAUTION:</span> This email originated from outside of the organization. 
Do not click links or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
</p>

How the disclaimer shows in Outlook.