ORCA.228 - No trusted senders in Anti-phishing policy.
Overviewβ
Adding senders as trusted in Anti-phishing policy will result in the action for protected domains, Protected users or mailbox intelligence protection will be not applied to messages coming from these senders. If a trusted sender needs to be added based on organizational requirements it should be reviewed regularly and updated as needed.
Remediation actionβ
Remove allow listing on senders in Anti-phishing policy.
Related Linksβ
- Microsoft 365 Defender Portal - Anti-phishing
- Recommended settings for EOP and Microsoft Defender for Office 365
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.228 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA228 |
| Tags | EXO, ORCA, ORCA.228 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA228.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA228.ps1