ORCA.104 - High Confidence Phish action set to Quarantine message.
Overview
It is recommended to configure the High Confidence Phish detection action to Quarantine so that these emails are not visible to the end user from within Outlook. As Phishing emails are designed to look legitimate, users may mistakenly think that a phishing email in Junk is false-positive.
Remediation action
Change High Confidence Phish action to Quarantine message.
Related Links
- Microsoft 365 Defender Portal - Anti-spam settings
- Recommended settings for EOP and Microsoft Defender for Office 365 security
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.104 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA104 |
| Tags | EXO, ORCA, ORCA.104 |
Source
- Pester test:
tests/orca/Test-ORCA104.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA104.ps1