ORCA.234 - Click through is disabled for Safe Documents.
Overview
Safe Documents can assist protecting files opened in Office appplications. Before a user is allowed to trust a file opened in Office 365 ProPlus using Protected View, the file will be verified by Microsoft Defender for Office 365. It is possible to allow users click through Protected View even if Safe Documents identified the file as malicious. It is recommended to configure Safe Documents to not let users click through Pretected View.
Remediation action
Do not let usres click through Protected View if Safe Documents identified the file as malicious.
Related Links
- Microsoft 365 Defender Portal - Safe attachments
- Recommended settings for EOP and Microsoft Defender for Office 365
- Safe Documents in Microsoft 365 E5
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.234 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA234 |
| Tags | EXO, ORCA, ORCA.234 |
Source
- Pester test:
tests/orca/Test-ORCA234.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA234.ps1