Office 365 ATP Recommended Configuration Analyzer – ORCA

4 min readReading Time: 4 minutes


Business Email Compromise (BEC) is one of the top vectors used by malicious actors to compromise identities/computers. Email protection solutions provide protection against BEC. If you have one such solution, how do you know if it is configured right to provide the optimal protection or worse, misconfigured. There are best practices and how to documents that show you how to configure the solution right but that means perusing long knowledge bases and checking each security control. What if there’s a tool that can check your current configuration and provide a report so that you can address the specific security control that is not optimal or misconfigured?

Microsoft has the perfect tool – Office 365 ATP Recommended Configuration Analyzer or ORCA for short.

ORCA provides guidance on the basic Exchange Online Protection (EOP) and Microsoft’s own Office 365 ATP email protection solution if you have it deployed in your Office 365 tenant.

Even if you have a third-party email protection solution, most of them are configured only for protection against external emails but if there’s a scenario wherein an internal user is compromised, and this mailbox is used to launch attacks on other internal users? With ORCA, you can gain insight to security controls that you can implement for securing internal email communications also.

For example, below is a screenshot of Microsoft’s Office 365 ATP policies. By running the ORCA tool we can get a report of how well these policies have been configured:


When you run the report you will see this screen. It is simply the ORCA tool checking the policies:



Lastly you are presented with your ORCA report with a list of actionable recommendations:




As you can see, the tool provides an easy way to understand your current configuration. One thing I do want to point out is that Microsoft’s Office 365 ATP solution not only provides protection for email communications but also for communications in Teams and collaboration in SharePoint and OneDrive too. For example, a web link/url that is shared in Teams is checked to see if it is malicious. Likewise, any document that is shared in Teams or SharePoint is also checked to see if they are malicious.

Cloud Security Assessment

360 Visibility regularly conducts Cloud Security assessments with organizations to identify a business’s security posture baseline and implementing security best practices using Microsoft tools. Contact us today to schedule a Cloud Security Assessment and Workshop tailored to your unique environment and begin implementing the security tools to ensure your business continuity.

Senthil Srinivasan
Senthil Srinivasan
With over 20 years’ experience in deploying, managing and securing information systems, Senthil has proven expertise and extensive history of problem solving, adapting and embracing new technologies. He has hands-on expertise in evaluating, planning and implementing technical solutions and jokingly calls himself "the fixer". At 360, Senthil implements Microsoft 365 solutions with a focus on security for organizations. He is passionate about delivering excellent customer service.
360 Visibility