MT.1043 - Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains
Overviewβ
Spam confidence level (SCL) SHOULD NOT be set to -1 in mail transport rules with specific domains
Rationale: Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain.
Remediation action:β
- Connect to Exchange Online:
Connect-ExchangeOnline
- View your current transport rules:
Get-TransportRule | Select-Object Name, SetScl
- For each transport rule that uses
SetScl -1, modify it to set SCL to 0 or higher:
Set-TransportRule -Identity "RuleName" -SetSCL 0
- Verify the changes:
Get-TransportRule | Where-Object { $_.SetScl -eq -1 }
The result should return no rules.
Related linksβ
- Exchange Transport Rules and SCL values
- Spam Confidence Levels (SCL) in Exchange Online
- Microsoft Secure Score - Set SCL to 0 or higher for domains
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1043 |
| Severity | Medium |
| Suite | Maester |
| Category | Exchange |
| PowerShell test | Test-MtExoSetScl |
| Tags | Exchange, Maester, MT.1043 |
Sourceβ
- Pester test:
tests/Maester/Exchange/Test-ExchangeSetting.Tests.ps1 - PowerShell source:
powershell/public/maester/exchange/Test-MtExoSetScl.ps1