ORCA.111 - Anti-phishing policy exists and EnableUnauthenticatedSender is true.
Overview
When the sender email address is spoofed, the message appears to originate from someone or somewhere other than the actual source. It is recommended to enable unauthenticated sender tagging in Office 365 Anti-phishing policies. The feature apply a '?' symbol in Outlook's sender card if the sender fails authentication checks.
Remediation action
Enable unauthenticated sender tagging in Anti-phishing policy.
Related Links
- Microsoft 365 Defender Portal - Anti-phishing
- Recommended settings for EOP and Office 365 Microsoft Defender for Office 365 security
- Unverified Sender
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.111 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA111 |
| Tags | EXO, ORCA, ORCA.111 |
Source
- Pester test:
tests/orca/Test-ORCA111.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA111.ps1