Microsoft are introducing added security measures in Outlook for Windows by blocking external content in S/MIME encrypted and signed messages by default and preventing overrides on a per-message basis.
External content in this case refers to images that have been inserted as HTML URL to an external site often found in newsletters and advertisements and does not refer to inline rich content and inline images. Inline images, attachments, and other Outlook-supported content will continue to work in signed and encrypted messages.
This change will be implemented as part of the October 10 security patch for Outlook 2010, Outlook 2013, Outlook 2016 for Office 365, and Exchange Online and on-premises organizations.
No action is required if you prefer to block your users from downloading external content by default for S/MIME messages. If you do not want users’ default settings to be updated, you can use a registry key to remove this added security capability.
The registry key needs to be stored here:
Create a new key as follows;
This key can also be used to prevent users from changing the Automatic Download settings by enforcing it as part of your preferred configuration.