ORCA.229 - No trusted domains in Anti-phishing policy.
Overview
Adding domains as trusted in Anti-phishing policy will result in the action for protected domains, protected users or mailbox intelligence protection will be not applied to messages coming from these sender domains. If a trusted domain needs to be added based on organizational requirements it should be reviewed regularly and updated as needed. We also do not recommend adding domains from shared services.
Remediation action
Remove allow listing on domains in Anti-phishing policy.
Related Links
- Microsoft 365 Defender Portal - Anti-phishing
- Recommended settings for EOP and Microsoft Defender for Office 365
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.229 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA229 |
| Tags | EXO, ORCA, ORCA.229 |
Source
- Pester test:
tests/orca/Test-ORCA229.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA229.ps1