ORCA.110 - Internal Sender notifications are disabled.
Overview
Notifying internal senders about malware detected in email messages could have negative impact. An adversary with access to an already compromised mailbox may use this information to verify effectiveness of malware detection.
Remediation action
Disable notifying internal senders of malware detection.
Related Links
- Microsoft 365 Defender Portal - Anti-malware
- Recommended settings for EOP and Office 365 Microsoft Defender for Office 365 security
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.110 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA110 |
| Tags | EXO, ORCA, ORCA.110 |
Source
- Pester test:
tests/orca/Test-ORCA110.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA110.ps1