Office 365 ATP & EOP Recommended settings

Exchange Online Protection (EOP) is used by lots of company’s who have their e-mail hosted in Exchange Online. Combined with Office 365 Advanced Threat Protection (ATP) you get more layers of security and control.

But how do you know if your configuration is secure? Are some of my settings still valid? Are they up-to-date with the current level of security recommendations?

Not every environment is the same, but it can help you gain insight. I recently came across a new PowerShell Module called the Office 365 Advanced Threat Protection Recommended Configuration Analyzer (ORCA). This module will help you generate an report of the current anti-spam, anti-phishing, ATP settings and more and will match your configuration with Microsoft-recommendations.

ORCA is hosted on GitHub

How to use ORCA

  1. Start Powershell (as admin)
  2. Run the following command to install the PowerShell Module:
    Install-Module -Name ORCA
  3. Generate the report by using the following command:
  4. The module will prompt you if have any missing modules. In my case the Exchange Online Module was missing. After confirming the report will be generated.
  1. The report will launch in your webbrowser after analyzing all the policies from your tenant.

As you can see I have 30 settings which are OK and don’t need additional attention, but there are 25 settings where I might need to take a look at.

One example is my Quarantine retention period. My setting are configured at 15 days, but the recommended retention period is 30 days.

Another example of a policy which is recommended will be visible as “OK” in the report.

That’s it for this post. I hope you will find the insights provided by this tool as useful as I do. Good luck testing! Till next time.

Leave a Reply

Your email address will not be published.