Exchange Online Protection – It is now easier to enable the ‘First Contact Safety Tip’

As you may already know, Exchange Online Protection has been able to provide a ‘First Contact Safety Tip’ to display a notification to end-user when they receive an email from somebody for the first time to make them pay more attention in case of potential phishing.

image  image

Well, until then, this ‘First Contact Safety Tip’ had to be configured by an Exchange administrator using a Mail Flow Rule, using the Modify messages option by setting the X-MS-Exchange-EnableFirstContactSafetyTip header value to Enable,  like below

image  image

Good new, this ‘First Contact Safety Tip’ can now be configured directly and easily using the anti-phishing policy from the Office 365 Security Portal (; also available with the default anti-phishing rule by editing the Action options


If you already had set the mail flow rule, you will have to disable it.