Office 365 ATP Recommended Configuration Analyzer – ORCA

Written by: Jason Meilleur
Published: August 27, 2020



    [rt_reading_time label=”Reading Time:” postfix=”minutes” postfix_singular=”minute”]


    Business Email Compromise (BEC) is one of the top vectors used by malicious actors to compromise identities/computers. Email protection solutions provide protection against BEC. If you have one such solution, how do you know if it is configured right to provide the optimal protection or worse, misconfigured. There are best practices and how to documents that show you how to configure the solution right but that means perusing long knowledge bases and checking each security control. What if there’s a tool that can check your current configuration and provide a report so that you can address the specific security control that is not optimal or misconfigured?

    Microsoft has the perfect tool – Office 365 ATP Recommended Configuration Analyzer or ORCA for short.

    ORCA provides guidance on the basic Exchange Online Protection (EOP) and Microsoft’s own Office 365 ATP email protection solution if you have it deployed in your Office 365 tenant.

    Even if you have a third-party email protection solution, most of them are configured only for protection against external emails but if there’s a scenario wherein an internal user is compromised, and this mailbox is used to launch attacks on other internal users? With ORCA, you can gain insight to security controls that you can implement for securing internal email communications also.

    For example, below is a screenshot of Microsoft’s Office 365 ATP policies. By running the ORCA tool we can get a report of how well these policies have been configured:

    MicrosoftTeams image 2


    When you run the report you will see this screen. It is simply the ORCA tool checking the policies:


    MicrosoftTeams image


    Lastly you are presented with your ORCA report with a list of actionable recommendations:


    MicrosoftTeams image 1



    As you can see, the tool provides an easy way to understand your current configuration. One thing I do want to point out is that Microsoft’s Office 365 ATP solution not only provides protection for email communications but also for communications in Teams and collaboration in SharePoint and OneDrive too. For example, a web link/url that is shared in Teams is checked to see if it is malicious. Likewise, any document that is shared in Teams or SharePoint is also checked to see if they are malicious.

    Cloud Security Assessment

    360 Visibility regularly conducts Cloud Security assessments with organizations to identify a business’s security posture baseline and implementing security best practices using Microsoft tools. Contact us today to schedule a Cloud Security Assessment and Workshop tailored to your unique environment and begin implementing the security tools to ensure your business continuity.

    Related Posts