Ensure notifications for internal users sending malware is Enabled
defender_malware_policy_notifications_internal_users_malware_enabled
Verify that Exchange Online Protection (EOP) is configured to notify admins of malicious activity from internal users.
Risk
If notifications for internal users sending malware are not enabled, administrators may not be aware of potential threats originating from within the organization, increasing the risk of undetected malicious activities.
prowler m365 --checks defender_malware_policy_notifications_internal_users_malware_enabled
Recommendation
Enable notifications for internal users sending malware in your Defender Malware Policy to ensure admins are alerted of potential threats.
Remediation
Set-MalwareFilterPolicy -Identity Default -EnableInternalSenderAdminNotifications $true -InternalSenderAdminAddress 'admin@example.com'
- Connect to Exchange Online using Connect-ExchangeOnline. 2. Execute the command: Get-MalwareFilterPolicy | fl Identity, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress. 3. Ensure 'Notify an admin about undelivered messages from internal senders' is set to On and that at least one email address is listed under Administrator email address.
Source Code
Resource Type
Defender Malware Policy