ORCA.227 - Each domain has a Safe Attachments policy applied to it.
Overview
Microsoft Defender for Office 365 Safe Attachments policies are applied using rules. The recipient domain condition is the most effective way of applying the Safe Attachments policy, ensuring no users are left without protection. If polices are applied using group membership make sure you cover all users through this method. Applying polices this way can be challenging, users may left unprotected if group memberships are not accurate and up to date. It is important not to rely on the 'built-in' Safe Links policy, as this policy only applies the minimum level of protections and should serve as a catch-all.
Remediation action
Apply a Safe Attachments policy to every domain.
Related Links
- Microsoft 365 Defender Portal - Safe attachments
- Order and precedence of email protection
- Recommended settings for EOP and Microsoft Defender for Office 365
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.227 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA227 |
| Tags | EXO, ORCA, ORCA.227 |
Source
- Pester test:
tests/orca/Test-ORCA227.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA227.ps1