OneDrive Policy Now Offers ‘Suspected Malware’ Workflow

Posted by jacobe on September, 1, 2021

The Office365 Onedrive ‘Threat Protection’ policy now includes a new workflow: ‘Suspected Malware ‘.

The new workflow allows deciding how to behave when a file is scanned and the malware engine generates a  detection with lower confidence (suspected malware). The options are:

  • Quarantine. User is alerted and allowed to restore
  • Quarantine. User is alerted, allowed to request a restore (admin must approve)
  • Quarantine. User is not alerted (admin can restore)
  • Do nothing