How to Enable the First Contact Safety Tip for Exchange Online Protection


Exchange Online Protection (EOP) and Microsoft Defender for Office 365 support anti-phishing policies which generate safety tips for users. The first contact safety tip warns users when they receive email from someone they don’t usually get messages from. It’s a way to put the recipient on their guard, just in case it’s someone trying to impersonate someone else whom the recipient actually knows.

4 Replies

@Tony Redmond  I ran into a quite odd situation where the feature works on a test Tenant/domain but not in the production.  The headers show that the rule hit for both domains which should mean that the transport rule works.  The mail flow is same for both tenants.  Any tips on troubleshooting that you could share ?

@Vaman-Kini Time to call Microsoft support. They can access your tenant to see what might be going on. It's impossible for me to debug issues like this... so I don't try,

@Tony Redmond Got it.  That was my thought too :)

Did you ever get a response of fix from MS support regarding this issue? I am seeing the same exact result in our organization. We have the transport rule enabled in a test tenant and it works like a champ. But in our production tenant we do not see the Safety Tips anywhere. Even though the X headers are indeed being injected as expected.