ORCA.233.1 - Domains are pointed directly at EOP or enhanced filtering is configured on all default connectors.
Overview
Exchange Online Protection (EOP) and Microsoft Defender for Office 365 works best when the mail exchange (MX) record is pointed directly at the service. In the event another third-party service is being used, a very important signal (the senders IP address) is obfuscated and hidden from EOP & MDO, generating a larger quantity of false positives and false negatives. By configuring Enhanced Filtering with the IP addresses of these services the true senders IP address can be discovered, reducing the false-positive and false-negative impact.
Remediation action
Configure enhanced filtering on connectors when email path is not direct to EOP.
Related Links
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.233.1 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA233_1 |
| Tags | EXO, ORCA, ORCA.233.1 |
Source
- Pester test:
tests/orca/Test-ORCA233_1.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA233_1.ps1