Contact Us Get Free Products
Search icon Contact Us Get Free Products
Configure Intune Outlook Safe Senders Win32 App and Settings Catalog

Introduction

Email remains one of the most critical communication tools in the workplace, yet it is also a common target for spam and phishing. While Exchange Online Protection (EOP) and Microsoft Defender for Office 365 provide strong filtering, users often encounter false positives—legitimate emails ending up in the Junk Email folder. This can disrupt workflows, cause delays, and impact business productivity.

One way to reduce these false positives is by configuring Outlook Safe Senders. Safe Senders allow administrators to define a list of trusted email addresses and domains that Outlook will always treat as safe, ensuring that messages from these sources never get marked as junk.

Traditionally, Safe Sender lists are managed per user, but at scale this becomes difficult to control. Using Microsoft Intune, we can automate the deployment of a centralized Safe Senders list across all managed endpoints. This approach ensures consistency, reduces administrative overhead, and helps maintain a secure yet user-friendly email experience.

In this guide, we’ll walk through:

  • Creating a Win32 app in Intune to deliver the SafeSenders.txt file to devices.
  • Using the Intune Settings Catalog to enforce Outlook Junk Email protection and Safe Senders policy.
  • Updating the registry with version control, so IT teams can track deployments.

Step 1: Prepare the SafeSenders.txt File

Create a plain-text file (safesenders.txt or something you name it) listing all trusted/safe sender email addresses or domains, each on a new line:

info@microsoft.com
donotreply@eskonr.com
info@edgeflow.com
billing@eskonr.com

Intune Outlook Safe Senders

Step 2: Package and Deploy with Win32 App in Intune

  • Prepare a PowerShell script to copy safesenders.txt to C:\ProgramData\eskonr\outlooksafesender.
  • Log actions to a designated logs folder and update deployment status to the registry.
  • Package the script and txt file into a .intunewin file using Microsoft Win32 Content Prep Tool.
  • Upload and configure deployment in Microsoft Intune Admin Center:
    • Go to Apps > Windows > Add > Win32 app.
    • Specify the install and uninstall commands.
    • Install:powershell.exe -ExecutionPolicy Bypass –File .\deploy-safesenders.ps1
    • Uninstall:cmd.exe /c
    • Detection:  HKEY_LOCAL_MACHINE\SOFTWARE\eskonr\outlooksafesender (keypath), Version (Valuename),String comparision (method), Equals (operator), 1 or script version (value).
    • Intune Outlook Safe Senders
    • Assign to required device or user groups groups (prefer device group)

I have uploaded a PowerShell script to Github repository that helps to copy the txt file to local drive and also create a registry key which can be used as as detection method.

If you wish to make any changes to the txt file at a later stage, you can repackage win32 with revision in the version and re-upload the win32 app and update detection method. otherwise you can look at alternatives where the file can be uploaded to secure location (blog storage or something for accessing it). Test it first.

The script contains the following variables if you would like to make changes.

# Define variables

$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition

$SourceFile = Join-Path -Path $ScriptDir -ChildPath 'safesenders.txt'

$TargetFolder = 'C:\ProgramData\eskonr\outlooksafesender'

$TargetFile = "$TargetFolder\safesenders.txt"

$LogFolder = 'C:\ProgramData\eskonr\logs'

$LogFile = "$LogFolder\outlooksafesender.log"

$RegPath = 'HKLM:\Software\eskonr\outlooksafesender'

$RegValueName = 'Version'

$RegValue = '1'

Intune Outlook Safe Senders

Step 3: Configure Outlook Safe Sender with Intune Settings Catalog

  • In Intune, create a new Settings Catalog policy for Windows devices.
  • Intune Outlook Safe Senders
  • Search for “Safe Senders” in the Outlook configuration options and choose the following.
  • Intune Outlook Safe Senders
  • Specify path to Safe Senders list (User)
  • Specify full path and filename to Safe Senders list (User)
  • Add e-mail recipients to users’ Safe Senders Lists (User)
  • Set the policy to Enabled and provide the path to your txt file (e.g. C:\ProgramData\eskonr\outlooksafesender\safesenders.txt).
  • Intune Outlook Safe Senders
  • Intune Outlook Safe Senders
  • Assign the policy to appropriate device or user groups ( prefer device groups).
  • Devices will receive the policy, and Outlook will use the specified txt file to identify safe/whitelisted senders automatically.

Step 4: Validate and Monitor Intune Outlook Safe Senders

  • After deployment, check the target directory to confirm delivery.
  • Open Outlook’s Junk Email settings to ensure safe sender addresses appear and emails are not delivered to Junk.
  • Review logs for deployment status and troubleshoot any issues.
  • You can validate the new outlook by going to settings –> mail—> junk email –>senders you will see safe senders and domains.
  • Intune Outlook Safe Senders

This method has been tested in classic and new outlook and works fine.

Hope you find this article useful

Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for subscribing to our newsletter or requesting a quote. You will receive our next month's newsletter. If you have requested a quote, we will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!