Skip to content
Griffin31 Help Center

Ensuring Anti-Malware Protection for Accepted Domains in Exchange Online

Ensuring Anti-Malware Protection for Accepted Domains in Exchange Online

Section titled “Ensuring Anti-Malware Protection for Accepted Domains in Exchange Online”

Overview

Section titled “Overview”

In today’s threat landscape, securing email domains against malware is a critical task for IT administrators. This article provides a PowerShell script designed to audit your organization’s accepted domains in Exchange Online, ensuring that each domain is protected by an anti-malware filter.

The script checks if specific anti-malware policies are applied to each domain and confirms that all domains are covered, whether by custom policies or the default settings. This helps administrators ensure that no domain is left vulnerable to malware attacks.

Protection Coverage Features

Section titled “Protection Coverage Features”
FeatureCapabilityBusiness Value
Domain Coverage AnalysisVerifies all accepted domains have malware protectionPrevents security gaps in email infrastructure
Policy Application CheckValidates custom and default policy assignmentsEnsures comprehensive protection across all domains
Automated DiscoverySystematically scans domain configurationsReduces manual verification effort and human error
Protection Status ReportingClear visibility into domain protection statusFacilitates security audits and compliance verification

Implementation Script

Section titled “Implementation Script”
Terminal window
# Connect to Exchange Online
Connect-ExchangeOnline


# Get the list of all accepted domains
$acceptedDomains = Get-AcceptedDomain


# Get the list of all anti-malware policies
$malwarePolicies = Get-MalwareFilterPolicy


# Check if each domain has an anti-malware filter applied
$domainsWithMalwareProtection = @()


foreach ($domain in $acceptedDomains) {
    $isProtected = $false
    foreach ($policy in $malwarePolicies) {
        # If the policy is applied to specific domains, check if the current domain is included
        if ($policy.AppliedTo -contains $domain.DomainName) {
            $isProtected = $true
            break
        }
    }
    # If no specific policy is applied, it is covered by the default policy
    if (-not $isProtected) {
        $isProtected = $true
    }
    $domainsWithMalwareProtection += [PSCustomObject]@{
        DomainName = $domain.DomainName
        IsProtected = $isProtected
    }
}


# Output the results
$domainsWithMalwareProtection | Format-Table -AutoSize


# Disconnect from Exchange Online
Disconnect-ExchangeOnline -Confirm:$false

Security Assurance

Section titled “Security Assurance”

Key Assurance: All domains are protected by either custom anti-malware policies or the default malware filter, ensuring comprehensive email security coverage.

Protection Strategy

Section titled “Protection Strategy”

Default Policy Coverage

Section titled “Default Policy Coverage”
  • Domains without specific policy assignments are automatically protected by the default malware filter
  • Provides baseline protection for all accepted domains

Custom Policy Benefits

Section titled “Custom Policy Benefits”
  • Targeted Protection: Specific rules for high-risk domains
  • Enhanced Filtering: Custom malware detection settings
  • Domain-Specific Actions: Tailored response to malware threats

Best Practices

Section titled “Best Practices”
  • Regular Auditing: Run this script monthly to verify protection coverage
  • Policy Review: Assess custom malware policies for effectiveness
  • New Domain Validation: Check protection status when adding new domains
  • Compliance Documentation: Maintain records of protection coverage for audits