Office 365 ATP Recommended Configuration Analyzer – Best Practices!

By Jasper Bernaers | January 10, 2020 | Comments 0 Comment

Office 365 Advanced Threat Protection is growing and evolving over time. Writing documentation takes time – automation doesn’t. Automatically export your O365 ATP settings in one HTML file to see the scores and recommendations.

Solution: ORCA! Orca is a report that you can run in your environment which can highlight known configuration issues and improvements which can impact your experience with Office 365 Advanced Threat Protection (ATP).

Start from Exchange Online Powershell

Start up your Exchange Online Powershell Module from:

Echange Control Panel: Https://outlook.office.com/ECP

Click on Online Powershell Module or directly connect to: http://aka.ms/exopsmodule

Installation of ORCA

Install-Module ORCA

Run ORCA

Get-ORCAReport

Results

The results are logged in a log in your userprofile. And will be populated in a really great HTML overview.

High-level overview of the Office 365 ATP ORCA Report

Recommendation example

What’s in scope?

Configuration in EOP which can impact ATP
Safe Links configuration
Safe Attachments configuration
Antiphish and antispoof policies.

Coming Soon!

At MS Ignite session’s Microsoft announced a new best-practice portal in Office 365’s admin console. This session can be found here: 79719(BRK2104)

Bring it all together

Export and compare multiple customer-scenario’s. This will help you determine the differences.
Modern Security mechanisms as Office 365 ATP are continues improving and need continues attention and recurrent validations. (each month!)
In 2018, the percentage of inbound emails that were Phishing messages grew 250%. That trend has continued to grow with increased level of targeting and sophistication! Still super important!
Focus on user education and training. In addition to advanced security tools for detection, investigation and response still 40% is user-related.
More and more control an reporting will come to the Office 365 portal!
AND NOW since you have the report in a easy way. ACT and enable best-practices!