ORCA.234 - Click through is disabled for Safe Documents.
Overviewā
Safe Documents can assist protecting files opened in Office appplications. Before a user is allowed to trust a file opened in Office 365 ProPlus using Protected View, the file will be verified by Microsoft Defender for Office 365. It is possible to allow users click through Protected View even if Safe Documents identified the file as malicious. It is recommended to configure Safe Documents to not let users click through Pretected View.
Remediation actionā
Do not let usres click through Protected View if Safe Documents identified the file as malicious.
Related Linksā
- Microsoft 365 Defender Portal - Safe attachments
- Recommended settings for EOP and Microsoft Defender for Office 365
- Safe Documents in Microsoft 365 E5
Test Metadataā
| Field | Value |
|---|---|
| Test ID | ORCA.234 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA234 |
| Tags | EXO, ORCA, ORCA.234 |
Sourceā
- Pester test:
tests/orca/Test-ORCA234.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA234.ps1