I don’t how many of you ever used ORCA or Configuration analyzer? I have missed ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer) completely. I can see that it was introduced at Ignite 2019 but somehow I missed it.
So today I stumbled on it from a hint from my coworker and decided to dig a little bit deeper. There was couple of articles online, this one from Tony Redmond (@12Knocksinna)
What is ORCA?
ORCA is a PowerShell module that you can run thru Exchange Online V2 PowerShell module. ORCA will gather your tenants security policy information and compare it against 61 policies from Microsoft best practices.
Then it will write a report saying how compliant your tenant is and what to do to get more compliant.
You can install ORCA from PowerShell Gallery.
And you also need Exchange Online PowerShell module V2 as a pre-requisite.
More info from Github
Open PowerShell and run Get-ORCAReport
It will generate the HTML report in this destination:
$env:userprofile\AppData\Local\Microsoft\ORCA and absolute path C:\Users\UserProfileDirectory\AppData\Local\Microsoft\ORCA
Running ORCA against a tenant that doesn’t have Defender enabled.
And running against a tenant that has Defender enabled.
So comparing these two you will that Defender is preferred to be installed as it will cover the policies that this tool checks.
If you are not into PowerShell, you can make the same checks with Configuration Analyzer from Security Center.
But from here you cannot export the report. But on the other hand you can fix the security policies from the recommendations directly.
So in short, the PowerShell version is an assessment tool for remote auditors that don’t have eyes inside the machine (No Credentials) they could tell the customers admin to run the report and share the output.
And the Configuration Analyzer is a tool for admin who have access to the tenant and they can apply the policies directly from there. Always use common sense when applying changes as scout what happens in our environment.
Over and out,