ORCA.110 - Internal Sender notifications are disabled.
Overviewβ
Notifying internal senders about malware detected in email messages could have negative impact. An adversary with access to an already compromised mailbox may use this information to verify effectiveness of malware detection.
Remediation actionβ
Disable notifying internal senders of malware detection.
Related Linksβ
- Microsoft 365 Defender Portal - Anti-malware
- Recommended settings for EOP and Office 365 Microsoft Defender for Office 365 security
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.110 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA110 |
| Tags | EXO, ORCA, ORCA.110 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA110.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA110.ps1