ORCA.230 - Each domain has a Anti-phishing policy applied to it, or the default policy is being used.
Overview
Microsoft Defender for Office 365 Anti-phishing policies are applied using rules. The default anti-phishing policy applies in the absence of a custom policy. When creating custom policies, there may be duplication of settings and depending on the rules and priority, some policies or settings may not even apply. It's important in this circumstance to check that the desired settings are applied to the right users.
Remediation action
Check your anti-phishing policies for duplicate rules. Some policies and settings may not be applying.
Related Links
- Microsoft 365 Defender Portal - Antiphishing policies
- Order and precedence of email protection
- Recommended settings for EOP and Microsoft Defender for Office 365
- Setting up antiphishing policies
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.230 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA230 |
| Tags | EXO, ORCA, ORCA.230 |
Source
- Pester test:
tests/orca/Test-ORCA230.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA230.ps1