ORCA is a report that you can run in your environment which can highlight known configuration issues and improvements for Office 365 Advanced Threat Protection (ATP).
ORCA looks at O365 ATP configuration and provides recommendations / guidelines on configuration that will cause issues with the deployment. Examples include highlighting whitelisting occurring within the tenant, not configuring the anti-phishing policy settings.
DOWNLOAD:
”Office 365 Advanced Threat Protection Recommended Configuration Analyzer (ORCA) (1.75)”
https://www.powershellgallery.com/packages/ORCA/1.7.5- INSTRUCTIONS:
”Office 365 ATP Recommended Configuration Analyzer – Best Practices!”
https://www.linkedin.com/pulse/office-365-atp-recommended-configuration-analyzer-best-bernaers/ - PRESENTATION:
”Your users are under attack! Strengthen your anti-phishing defense with these O365 ATP best practices”
https://myignite.techcommunity.microsoft.com/sessions/79719
kurtsh
Kurt Shintaku's Blog 
