ORCA.109 - Senders are not being allow listed in an unsafe manner.
Overview
Emails coming from allow listed senders bypass several layers of protection within Exchange Online Protection. If senders are allow listed, they are open to being spoofed from malicious actors.
Remediation action
Remove allow listing on senders.
Related Links
- Microsoft 365 Defender Portal - Anti-spam settings
- Recommended settings for EOP and Office 365 Microsoft Defender for Office 365 security
- Use Anti-Spam Policy Sender/Domain Allow lists
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.109 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA109 |
| Tags | EXO, ORCA, ORCA.109 |
Source
- Pester test:
tests/orca/Test-ORCA109.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA109.ps1