ORCA.179 - Safe Links is enabled intra-organization.
Overview
Phishing attacks are not limited from external users. Commonly, when one user is compromised, that user can be used in a process of lateral movement between different accounts in your organization. Configuring Safe Links so that internal messages are also re-written can assist with lateral movement using phishing. The built-in policy is ignored in this check, as it only provides the minimum level of protection.
Remediation action
Enable Safe Links between internal users.
Related Links
- Microsoft 365 Defender Portal - Safe links
- Recommended settings for EOP and Microsoft Defender for Office 365
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.179 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA179 |
| Tags | EXO, ORCA, ORCA.179 |
Source
- Pester test:
tests/orca/Test-ORCA179.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA179.ps1