Exchange Online – You can now get a recommended configuration for Advanced Threat Protection

As you may already know, Office 365 Advanced Threat Protection (ATP) helps protecting Exchange Online against any security threats.

That said, configuring a correct ATP protection for Exchange Online can be a little bit challenging.

To help you in this process, Microsoft has released a new PowerShell module to generate an Office 365 Recommended Configuration Analyzer (aka ORCA) for ATP.

This requires to have the Exchange Online PowerShell module installed – available using the Click-Once technology at

Once you have the Exchange Online PowerShell module install, you can then install the PowerShell module for ORCA ATP using the below command

Install-Module –Name ORCA

Once done, launch Exchange Online PowerShell command prompt and login to your tenant using

image_thumb  image_thumb[2]


Once done, run the command to get the ORCA report for your ATP implementation



This will then connect to your tenant and check best practices implementation for Advanced Threat Protection.

The report will then be saved within your user profile in AppData\Local\Microsoft\ORCA\ folder.

Finally you just have to open this HTML report and review the recommendations.


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies