Ensuring Anti-Malware Protection for Accepted Domains in Exchange Online

In today’s threat landscape, securing email domains against malware is a critical task for IT administrators. This article provides a PowerShell script designed to audit your organization’s accepted domains in Exchange Online, ensuring that each domain is protected by an anti-malware filter.

The script checks if specific anti-malware policies are applied to each domain and confirms that all domains are covered, whether by custom policies or the default settings. This helps administrators ensure that no domain is left vulnerable to malware attacks.

Here is the script:

Connect to Exchange Online

Connect-ExchangeOnline

Get the list of all accepted domains

$acceptedDomains = Get-AcceptedDomain

Get the list of all anti-malware policies

$malwarePolicies = Get-MalwareFilterPolicy

Check if each domain has an anti-malware filter applied

$domainsWithMalwareProtection = @()

foreach ($domain in $acceptedDomains) { $isProtected = $false foreach ($policy in $malwarePolicies) {

If the policy is applied to specific domains, check if the current domain is included

if ($policy.AppliedTo -contains $domain.DomainName) { $isProtected = $true break } }

If no specific policy is applied, it is covered by the default policy

if (-not $isProtected) { $isProtected = $true } $domainsWithMalwareProtection += [PSCustomObject]@{ DomainName = $domain.DomainName IsProtected = $isProtected } }

Output the results

$domainsWithMalwareProtection | Format-Table -AutoSize

Disconnect from Exchange Online

Disconnect-ExchangeOnline -Confirm:$false