Microsoft 365 Defender: SharePoint, OneDrive, and Teams [CHK-1521]

Rationale

Microsoft Defender scans files within SharePoint, OneDrive, and Teams for malware. This is essential as not all computers connecting to your Microsoft Cloud may have up-to-date antivirus software, and some malware may not be recognized as malicious even by updated antivirus software.

Fix

An automated fix is available through Attic.

Manual steps:

1. Navigate to Microsoft 365 Defender portal at https://security.microsoft.com

2. Go to Settings > Microsoft 365 Defender

3. Click on "Turn on Microsoft Defender for Office 365"

4. Alternatively, go to Email & collaboration > Policies & rules

5. Click on "Threat policies"

6. Ensure Safe Attachments and Safe Links policies are configured

7. Click "Save"

Impact

Enabling Microsoft 365 Defender for SharePoint, OneDrive, and Teams ensures that files are scanned for malware. If malware is found, users will receive a notification when accessing the file that it is infected.

More Information

This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:

• CIS M365 2.4 - (L2) Ensure Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams is Enabled.