Version: 2.1.1-preview

ORCA.118.1 - Domains are not being allow listed in an unsafe manner in Anti-Spam Policies.

Overview

Emails coming from allow listed domains bypass several layers of protection within Exchange Online Protection. If domains are allow listed, they are open to being spoofed from malicious actors.

Remediation action

Remove allow listing on domains.

Microsoft 365 Defender Portal - Anti-spam settings
Use Anti-Spam Policy Sender/Domain Allow lists

Test Metadata

Field	Value
Test ID	ORCA.118.1
Severity	High
Suite	ORCA
Category	EXO
PowerShell test	Test-ORCA118_1
Tags	EXO, ORCA, ORCA.118.1

Source

Pester test: tests/orca/Test-ORCA118_1.Tests.ps1
PowerShell source: powershell/public/orca/Test-ORCA118_1.ps1

Overview​

Remediation action​

Related Links​

Test Metadata​

Source​

Overview

Remediation action

Related Links

Test Metadata

Source