How to Set Up a Company-Wide Email Signature for All Employees in Microsoft 365

TL;DR: You can apply a single signature or disclaimer to every employee’s outgoing email in Microsoft 365 today, at no extra cost, using an Exchange mail flow rule. This guide walks through exactly how to set that up — including the token-based personalisation system, the fallback behaviour that catches people out, and the limitations that mean most organisations eventually move to an Outlook add-in or a dedicated signature management platform.


Someone — your IT director, a new marketing hire, or your own manager — has asked you to “set up the email signature for everyone.” Maybe there’s a new logo. Maybe legal wants a disclaimer on every outgoing email. Maybe someone just noticed that half the company is still using a job title they had two roles ago.

Whatever the trigger, the request usually sounds like a five-minute job. For the simplest version of the problem, it can be. This guide covers the actual mechanics: how to apply one signature to every employee’s outgoing email using the tools already included in Microsoft 365, what that approach can and can’t do, and what your options are once you outgrow it.


Option 1: Exchange mail flow rules (free, built into Microsoft 365)

The fastest way to apply a signature to every employee’s outgoing email, with no third-party software, is an Exchange mail flow rule — what Microsoft calls a “disclaimer” rule, even when what you’re adding is a signature rather than a legal notice.

Setting it up in the Exchange admin centre

  1. Sign in to the Exchange admin centre — or from the Microsoft 365 admin centre, go to Show allAdmin centresExchange.
  2. In the left navigation, go to Mail flowRules.
  3. Select + Add a ruleApply disclaimers.
  4. Give the rule a name. Under Apply this rule if, choose the scope. Microsoft’s own guidance for a signature that applies to everyone is to select Apply to all messages. In practice, many organisations narrow this — for example, to messages where the sender is inside the organisation — so the signature appears on mail your employees send, not on mail that’s simply passing through the tenant.
  5. Under Do the following, confirm Apply a disclaimer to the messageappend a disclaimer, select Enter text, and paste in your HTML.
  6. Choose a fallback action for messages that can’t be modified — for example, because they’re encrypted. The default, Wrap, re-sends the original message as an attachment inside a new message, which can look strange to recipients. For a signature (as opposed to a legal disclaimer that must appear no matter what), Ignore — deliver the original message unchanged — is often the more sensible default.
  7. Add an exception so the signature isn’t appended to every reply in a thread: under Except if, choose The subject or bodySubject or body matches these text patterns, and enter a short, unique snippet of text from your signature (a phone number or company name works well).
  8. On the next screen, set Rule mode to Test without Policy Tips first so you can check the output before going live, then switch to Enforce once you’re satisfied.

Microsoft’s reference documentation covers the same process via PowerShell using the New-TransportRule cmdlet, which is useful if you’re scripting this as part of a wider tenant configuration.

What you can personalise — the token system

Mail flow rule disclaimers aren’t entirely static. Exchange supports a set of tokens — %%DisplayName%%, %%Title%%, %%Department%%, %%Phone%%, %%MobilePhone%%, %%Office%%, and others — that are substituted with values from the sender’s account at send time. Put %%DisplayName%% | %%Title%% in your disclaimer HTML, and every employee’s signature shows their own name and job title, pulled from whatever is set in Entra ID.

This is real personalisation, but it has two limits worth knowing about upfront. First, if a field is empty for a given user — no mobile number on file, say — Exchange doesn’t leave a blank: it skips the entire line containing that token. A signature with %%MobilePhone%% on its own line simply won’t show that line for anyone whose mobile number isn’t populated in the directory. Second, there’s no conditional logic beyond that — you can’t show a different layout for different departments within a single rule. For that, you’d create separate rules, each scoped to a different group.

The limitations you’ll hit

Microsoft’s own documentation is direct about what this approach doesn’t do:

  • No compose-time preview. The disclaimer is added after the message leaves the sender’s mailbox. Employees don’t see it while writing, and it won’t appear in their Sent Items.
  • Placement isn’t guaranteed. In a reply chain, the disclaimer is appended to the bottom of the whole thread — including quoted text — rather than neatly under the latest message.
  • No embedded images. You can reference a logo with <img src="https://..."> pointing at an externally hosted image — your website or a CDN — but you can’t embed an image file directly into the rule.
  • One global design. Beyond the token substitutions above, every recipient of a given rule gets the same HTML.

For a basic legal disclaimer, none of this matters much. For something that needs to look and feel like a proper signature — logo, brand colours, a banner, a photo — these limitations start to bite quickly.

Microsoft 365: Setting Up Email Flow Rules

Option 2: An Outlook add-in, deployed to everyone via Centralised Deployment

The alternative architecture is to inject the signature inside Outlook itself, at the moment an employee starts writing an email, via an Outlook add-in. Rather than configuring a rule in the Exchange admin centre, an admin deploys the add-in to all users (or specific groups) using Centralised Deployment in the Microsoft 365 admin centre — no per-device installation, and no action required from employees.

This solves the compose-time visibility and design-fidelity problems that mail flow rules can’t: employees see their actual signature, with logo and formatting, as they write. The tradeoff is that it only applies inside Outlook — desktop, web, and Outlook Mobile — not native mobile mail apps, and it requires either building an add-in or using a vendor that provides one.

For the full architectural comparison between this approach and server-side routing — including what each means for GDPR — see Email Signature Management for Microsoft 365: Server-Side vs Add-In — What’s the Difference?


Option 3: A dedicated signature management platform

Most organisations beyond a certain size end up here — not because mail flow rules are “wrong”, but because the requirements grow: different signatures for different teams, a marketing team that wants to update a campaign banner without filing an IT ticket, analytics on signature click-throughs, and proper handling of starters and leavers via directory sync.

Dedicated tools — whether server-side, add-in-based, or a hybrid of the two — handle all of this, at the cost of a per-user subscription. For a full breakdown of how the underlying architectures differ, including a comparison table across all three approaches, see Centralised Email Signatures in Microsoft 365: The Complete Guide.


Which option actually fits “set this up for all employees”?

If the requirement is genuinely simple — a legal disclaimer, or a basic signature with name and title — and you’re comfortable with the limitations above, a mail flow rule gets this done this afternoon, for free.

If employees need to see their signature while writing, or the design needs a logo and banner that render reliably, mail flow rules won’t get you there. You’re choosing between an add-in and a dedicated platform.

If different teams need different signatures, or marketing needs to own ongoing changes, a dedicated platform is almost always the right call — rules-based assignment and a non-technical editor are the point.

If “all employees” means hundreds or thousands of people across multiple device types, server-side coverage — via a mail flow rule or a server-side vendor — guarantees the signature applies regardless of client. Add-in-based approaches depend on Outlook being the client in use.

For the broader framework — what to ask before evaluating any vendor, and what separates a good implementation from a frustrating one — see How to Manage Email Signatures Across a Company: What IT Admins Actually Need to Know.


Before you switch it on: a quick pre-launch checklist

Whichever option you choose, these are worth checking before the signature goes live for everyone:

  • Is the data in Entra ID accurate? If you’re using tokens like %%Title%% or %%MobilePhone%%, every gap or error in your directory will show up — or silently disappear — in someone’s live signature.
  • Have you tested on a small group first? Use Test without Policy Tips mode, or deploy to a pilot security group, before enforcing tenant-wide.
  • Does an exception prevent duplicate disclaimers in reply threads? Without one, every reply in a long thread accumulates another copy of the signature.
  • What’s your fallback behaviour for encrypted or protected messages? Decide deliberately between Wrap, Ignore, and Reject — the default isn’t always the right choice for a signature.
  • Does it render correctly in the clients employees actually use? Test in Outlook desktop, Outlook on the web, and Outlook Mobile at minimum — and check classic vs new Outlook for Windows if your organisation still has both in circulation.

Summary

Applying a single email signature to every employee in Microsoft 365 is achievable today at no additional cost, using an Exchange mail flow rule and its token-based personalisation. It’s a genuinely useful starting point — but it comes with firm limits on design, placement, and compose-time visibility that most organisations eventually outgrow.

The next step up is an Outlook add-in deployed via Centralised Deployment, which solves the visibility and design problems but is scoped to Outlook itself. Beyond that, dedicated signature management platforms add directory-driven personalisation, team-based rules, and a non-technical editor — at the cost of a subscription.

Start with the mail flow rule if the requirement is genuinely simple. If it isn’t, you’ll know within a day of testing — and you’ll have a much clearer brief for what to look for next.


Frequently asked questions

Can I set up a different signature for different departments using mail flow rules?

Yes, but not within a single rule. Create a separate mail flow rule for each department, scoped using a condition such as “the sender is a member of” a specific group, with its own disclaimer text. Watch rule priority and exceptions carefully — if a user could match more than one rule, you need to make sure only the intended rule applies, or you’ll end up with duplicate or conflicting signatures.

Will a mail flow rule signature show up on mobile devices?

Yes. Because the disclaimer is appended at the server level as the message transits Exchange Online, it applies regardless of which device or app the employee used to send the message — including native mobile mail apps. This is one genuine advantage of the mail flow rule approach over an Outlook add-in, which only applies inside Outlook clients.

Why does an employee’s signature have a missing or blank line?

Mail flow rule disclaimers use tokens such as %%MobilePhone%% or %%Department%%, which are filled in from each user’s account details at send time. If that field is empty in Entra ID for a given user, Exchange doesn’t leave a blank line — it skips the entire line containing the token. The fix is to populate the missing directory field, not the signature itself.

Can I add my company logo to a mail flow rule disclaimer?

Yes, by referencing an externally hosted image with an <img src="https://..."> tag pointing at a URL on your website or a CDN. You can’t embed an image file directly into the rule. Make sure the image is hosted somewhere with a stable, long-term URL — if it moves or is deleted, every employee’s signature will show a broken image.

Do I need a third-party tool to set up a company-wide email signature?

No — a mail flow rule can apply a signature or disclaimer to every employee’s outgoing email at no additional cost. Whether you need a third-party tool depends on what “signature” means for your organisation: compose-time visibility, a visual template editor, per-team designs, directory-driven photos and banners, and analytics aren’t available in mail flow rules, and require either an Outlook add-in or a dedicated signature management platform.


SigHQ is building an add-in-first email signature management tool for Microsoft 365 organisations of 50–250 employees — signatures applied in Outlook at compose time, without email routing through third-party infrastructure. Join the waitlist to follow progress.

Email signatures in M365 are broken. We're fixing that.

We're not ready to share the details yet — but if you manage email, IT, or communications for a mid-sized Microsoft 365 organisation, this is for you.