The Office365 Onedrive 'Threat Protection' policy now includes a new workflow: 'Suspected Malware '.
The new workflow allows deciding how to behave when a file is scanned and the malware engine generates a detection with lower confidence (suspected malware). The options are:
-
Quarantine. User is alerted and allowed to restore
-
Quarantine. User is alerted, allowed to request a restore (admin must approve)
-
Quarantine. User is not alerted (admin can restore)
-
Do nothing