Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams - Microsoft Defender for Office 365 (2024)

Table of Contents
In this article What happens when a user tries to download an infected file by using the browser? Can admins bypass DisallowInfectedFileDownload and extract infected files? What happens when the OneDrive sync client tries to sync an infected file? Extended capabilities with Microsoft Defender for Office 365 Related articles

Tip

Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.

Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams.

See Also
OneDrive vs iCloud: Cloud Comparison | Internxt BlogOneDrive vs Google Drive | Internxt BlogCan Ransomware Infect OneDrive? How to Protect Your Files and Stay Safe | Halcyon.aiLaw Enforcement Request Report | Microsoft CSR

Important

The built-in anti-virus capabilities are a way to help contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure.

The Microsoft 365 virus detection engine scans files asynchronously (at some time after upload). If a user tries to download a file in a web browser or from Teams that hasn't been scanned, a scan is triggered before the download is allowed. All file types are not automatically scanned. Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged.

Here's what happens:

  1. A user uploads a file to SharePoint Online.
  2. SharePoint Online, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
  3. If the file meets the criteria for a scan, the virus detection engine scans the file.
  4. If a virus is found within the scanned file, the virus engine sets a property on the file that indicates the file is infected.

What happens when a user tries to download an infected file by using the browser?

By default, users can download infected files from SharePoint Online. Here's what happens:

See Also
How to Password Protect OneDrive Folder [2 Cases]

  1. In a web browser, a user tries to download a file from SharePoint Online that happens to be infected.
  2. The user is shown a warning that a virus was detected in the file. The user is given the option to proceed with the download and attempt to clean it using anti-virus software on their device.

To change this behavior so users can't download infected files, even from the anti-virus warning window, admins can use the DisallowInfectedFileDownload parameter on the Set-SPOTenant cmdlet in SharePoint Online PowerShell. The value $true for the DisallowInfectedFileDownload parameter completely blocks access to detected/blocked files for users.

For instructions, see Use SharePoint Online PowerShell to prevent users from downloading malicious files.

Can admins bypass DisallowInfectedFileDownload and extract infected files?

SharePoint admins and global admins* are allowed to do forensic file extractions of malware-infected files in SharePoint Online PowerShell with the Get-SPOMalwareFileContent cmdlet. Admins don't need access to the site that hosts the infected content. As long as the file is marked as malware, admins can use Get-SPOMalwareFileContent to extract the file.

For more information about the infected file, admins can use the Get-SPOMalwareFile cmdlet to see the type of malware that was detected and the status of the infection.

Important

* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

What happens when the OneDrive sync client tries to sync an infected file?

When a malicious file is uploaded to OneDrive, the file is synced to the local machine before being marked as malware. After the file is marked as malware, the user can't open the synced file from their local machine.

Extended capabilities with Microsoft Defender for Office 365

Microsoft 365 organizations that have Microsoft Defender for Office 365 included in their subscription or purchased as an add-on can enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams for enhanced reporting and protection. For more information, see Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.

Related articles

Malware and ransomware protection in Microsoft 365

Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.

Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams - Microsoft Defender for Office 365 (2024)
Top Articles
What Is a Good AP Score for Ivy League Admission? | Ivy Coach
The Impact of Multiculturalism on British Food
Is Sam's Club Plus worth it? What to know about the premium warehouse membership before you sign up
Cold Air Intake - High-flow, Roto-mold Tube - TOYOTA TACOMA V6-4.0
Craigslist Niles Ohio
Wizard Build Season 28
Readyset Ochsner.org
Apex Rank Leaderboard
Elden Ring Dex/Int Build
Atrium Shift Select
Skip The Games Norfolk Virginia
Oppenheimer & Co. Inc. Buys Shares of 798,472 AST SpaceMobile, Inc. (NASDAQ:ASTS)
Elizabethtown Mesothelioma Legal Question
Missing 2023 Showtimes Near Landmark Cinemas Peoria
Sony E 18-200mm F3.5-6.3 OSS LE Review
Gino Jennings Live Stream Today
Munich residents spend the most online for food
Tamilrockers Movies 2023 Download
Katherine Croan Ewald
Diamond Piers Menards
The Ultimate Style Guide To Casual Dress Code For Women
Site : Storagealamogordo.com Easy Call
Is Windbound Multiplayer
Filthy Rich Boys (Rich Boys Of Burberry Prep #1) - C.M. Stunich [PDF] | Online Book Share
Integer Division Matlab
Sandals Travel Agent Login
Horn Rank
Ltg Speech Copy Paste
Random Bibleizer
Craigslist Fort Smith Ar Personals
The Clapping Song Lyrics by Belle Stars
Poe T4 Aisling
R/Sandiego
Kempsville Recreation Center Pool Schedule
Rogold Extension
Beaver Saddle Ark
Log in or sign up to view
A Man Called Otto Showtimes Near Amc Muncie 12
Powerspec G512
Saybyebugs At Walmart
2007 Jaguar XK Low Miles for sale - Palm Desert, CA - craigslist
Miami Vice turns 40: A look back at the iconic series
Love Words Starting with P (With Definition)
Tlc Africa Deaths 2021
Youravon Com Mi Cuenta
Nope 123Movies Full
Kushfly Promo Code
Diario Las Americas Rentas Hialeah
Game Akin To Bingo Nyt
Marion City Wide Garage Sale 2023
Latest Posts
How do you find and fix cryptographic errors?
6 Ways The Fed's Interest Rate Decisions Impact Your Money | Bankrate
Article information

Author: Jonah Leffler

Last Updated:

Views: 5608

Rating: 4.4 / 5 (65 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Jonah Leffler

Birthday: 1997-10-27

Address: 8987 Kieth Ports, Luettgenland, CT 54657-9808

Phone: +2611128251586

Job: Mining Supervisor

Hobby: Worldbuilding, Electronics, Amateur radio, Skiing, Cycling, Jogging, Taxidermy

Introduction: My name is Jonah Leffler, I am a determined, faithful, outstanding, inexpensive, cheerful, determined, smiling person who loves writing and wants to share my knowledge and understanding with you.