Authenticated Receive Chain is set up for domains not pointing to EOP/MDO, or all domains point to EOP/MDO.

Why This Matters

Misconfigured Authenticated Receive Chain (ARC) settings can leave your email infrastructure vulnerable to spoofing and phishing attacks. If domains not routing through Exchange Online Protection (EOP) or Microsoft Defender for Office 365 (MDO) have ARC enabled, attackers can manipulate email authentication headers. Ensuring ARC is properly configured helps preserve email integrity and prevents bypassing of your security filters.

What Aether365 Checks

This check verifies that the Authenticated Receive Chain (ARC) configuration is correctly applied only to domains that point to EOP or MDO, or that all domains properly point to these services. It appears in the Aether365 dashboard under the microsoft-365 service as a medium-severity check.