Protecting customer data from malware
In the context of malware, we can refer to viruses, spyware, and other malicious software. Protective mechanisms are built into Microsoft 365 to prevent malware from being introduced into the system by a client or a server running on the Microsoft 365 network. Using anti-malware software to protect Microsoft 365 assets from malicious software is one of the most important mechanisms for protecting these assets. Malware is detected and prevented from infiltrating any service systems by using anti-malware software. Malware includes computer viruses, malware, rootkits, worms, and other malicious software. Using anti-malware software, you can keep malicious software under control both preventively and deductively.
Each anti-malware solution in place keeps track of the software version being used as well as the signatures that are being used. It is the responsibility of the appropriate anti-malware tool for each service team to centrally manage the automatic download and application of signature updates at least once per day from the vendor’s virus definition site. The following functions are centrally managed by the anti-malware tool installed on each endpoint for each service team, and they are as follows:
Scanning of the environment on an automatic basis
Scans of the file system regularly (at least weekly)
Scans of files in real-time as they are being downloaded, opened, or executed
Automatic download and application of signature updates from the vendor’s virus definition site, which occurs at least once per day.
Malware detection, cleaning, and mitigation are all carried out.
When anti-malware tools detect malware, they block the malware and generate an alert that is sent to the Microsoft 365 service team, Microsoft 365 Security, and/or the security and compliance team of the Microsoft organization that operates our datacenters, depending on the circumstances. The incident response process is started by the people who are on the receiving end of the call. A post-mortem investigation is carried out after each incident is tracked and resolved.
Exchange Online Protection against malware
To send emails through Exchange Online, they must pass through Exchange Online Protection (EOP). EOP quarantines and scans all email and email attachments both entering and leaving the system in real-time for viruses and other malware, and it does so in real-time. Administrators don’t need to set up or maintain the filtering technologies, as they are already enabled by default. Administrators, on the other hand, can customize filtering for their organizations through the Exchange administration center.
EOP provides multilayered protection against malware by utilizing multiple anti-malware engines that are designed to catch all known malware. Malware is detected and removed from messages transmitted through the Service (including viruses and spyware). If malware is detected, the message is removed from the system. Additionally, when an infected message is deleted and not delivered, notifications may be sent to the sender or the system administrator. If infected attachments are sent, you can choose to replace them with either default or custom messages that notify the recipients that malware has been detected and removed.
Microsoft Defender for Office 365
Defenses Against Malware that are Layered – In EOP, multiple anti-malware scan engines are used to protect the system from threats that are both known and unknown. They are equipped with powerful heuristic detection, which allows them to provide protection even during the early stages of a malware infestation. It has been demonstrated that using a multi-engine approach provides significantly greater protection than using a single anti-malware engine.
Rapid Threat Response – In some outbreaks, the anti-malware team may have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat even before a definition is available from any of the engines used by the service. This is referred to as real-time threat response. Every two hours, these rules are published to the global network to provide your organization with an additional layer of protection against cyberattacks.
Anti-Malware Definition Deployment in Record Time – The anti-malware team maintains close ties with partners who are involved in the development of anti-malware engines. This allows the service to receive and integrate malware definitions and patches before they are made available to the public at large. Our collaboration with these partners frequently leads to the development of new treatments for our patients. Every hour, the service checks for new definitions for all anti-malware engines, which are then downloaded.
Microsoft Defender for Office 365 is a software program that protects your computer from viruses and other malware.
Microsoft Defender for Office 365 is an email filtering service that provides additional protection against specific types of advanced threats, such as malware and viruses. Microsoft Defender for Office 365 is available as a free download. Current anti-virus protection for Exchange Online Protection is robust and multilayered, with multiple engines working together to protect against known malware and viruses. A feature called Safe Attachments in Microsoft Defender for Office 365 further enhances this protection by protecting against unknown malware and viruses and providing better zero-day protection to safeguard your messaging system. All messages and attachments that do not contain a known virus/malware signature are routed to a special hypervisor environment, where a behavior analysis is performed using a variety of machine learning and analysis techniques to detect malicious intent, before being forwarded to the appropriate department. If there is no evidence of suspicious activity, the message is released for delivery to the designated mailbox.
As part of Microsoft 365, Exchange Online Protection scans each message in transit and provides a time of delivery protection, preventing any malicious hyperlinks from being included in a message. Attackers may attempt to conceal malicious URLs by using seemingly safe links that are redirected to unsafe sites after the message has been received by a forwarding service after it has been received. If a user clicks on one of these links, Safe Links takes proactive steps to protect them. When they click on the link, the protection remains in place, and malicious links are dynamically blocked while good links are still accessible.
Microsoft Defender for Office 365 also includes comprehensive reporting and tracking capabilities, allowing you to gain valuable insight into who is being targeted in your organization and what types of attacks you are encountering regularly. It is possible to investigate messages that have been blocked due to an unknown virus or malware, and the URL trace capability allows you to track individual malicious links in the messages that have been clicked using the reporting and message tracking capabilities.
Visit the Exchange Online Protection and Microsoft Defender for Office 365 pages for more information on the Microsoft Defender for Office 365 security solution.
SharePoint Online and OneDrive for Business Protection Against Ransomware
Even though there are numerous types of ransomware attacks, one of the most common is one in which a malicious individual encrypts a user’s important files and then demands something from the user (such as money or personal information) in exchange for the key that allows them to decrypt the files. Increasingly, ransomware attacks are being carried out, particularly those that encrypt files that are stored in a user’s cloud storage. Please visit the Microsoft Defender Security Intelligence website for additional information on ransomware.
Many of these types of ransomware attacks can be thwarted by using versioning in SharePoint Online lists and SharePoint Online and OneDrive for Business libraries, but not all of them can be thwarted. When using OneDrive for Business or SharePoint Online, versioning is automatically enabled by default. Because versioning is enabled in SharePoint Online site lists, you will be able to look back in time and recover previous versions if necessary. This allows you to recover versions of items that were previously encrypted by the ransomware and are no longer encrypted. Additionally, some organizations maintain multiple versions of items on their lists for legal reasons or auditing purposes.
Bins for SharePoint Online and OneDrive for Business Recyclable Content
Administrators of SharePoint Online can restore a deleted site collection by logging into the SharePoint Online administration center. Users of SharePoint Online have access to a Recycle Bin, which stores previously deleted content. They can use the Recycle Bin to recover any documents or lists that have been deleted if they so desire. Items placed in the Recycle Bin are kept for a total of 93 days. When you use the Recycle Bin, it will save the following types of data:
he customizations made to a site through the use of SharePoint Designer. For more information, see Restore deleted items from the site collection recycle bin. See also Restore a deleted site collection for more information.
Versioning does not protect against ransomware attacks, which copy files, encrypt them, and then delete the original files after the ransom has been collected. End users, on the other hand, can use the Recycle Bin to recover OneDrive for Business files if they have been affected by a ransomware attack.
Detailed information about the defenses and controls that Microsoft employs to reduce the risk of a cyberattack against your organization and its assets is provided in the following section.