ORCA.239 - No exclusions for the built-in protection policies.
Overview
Built-in protection policies provide catch-all protection against users not covered by higher order policies. Excluding users from the built-in protection policies may mean these users have reduced protections. It is important not to rely on the 'built-in' policies, as these policies only apply the minimum level of protections and should serve as a catch-all.
Remediation action
Remove exclusions from the built-in protection policies.
Related Links
- Microsoft 365 Defender Portal - Safe links
- Recommended settings for EOP and Microsoft Defender for Office 365
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.239 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA239 |
| Tags | EXO, ORCA, ORCA.239 |
Source
- Pester test:
tests/orca/Test-ORCA239.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA239.ps1