Malware protection in Microsoft 365

  • Article

Malware refers to viruses, spyware, ransomware, and any other malicious software meant to steal data or harm computer systems. Microsoft 365 systems include anti-malware solutions, such as Microsoft Defender antivirus detection, to prevent malware introduction by a client or Microsoft 365 server. Anti-malware software is a principal mechanism used to protect Microsoft 365 assets from malicious software, providing both preventive and detective measures against malicious software.

At least daily, anti-malware solutions track software versions and known malware signatures to make detections. The following functions are centrally managed on each endpoint for each service team:

  • Automatic scans of the environment
  • Periodic scans of the file system (at least weekly)
  • Real-time scans of files upon download, opening, or execution
  • Automatic download and application of signature updates at least daily from the vendor's virus definition site
  • Alerting, cleaning, and mitigation of detected malware

Upon malware detection, anti-malware solutions track and alert the responsible Microsoft incident response team to initiate the incident response process.

Protection against malware is a shared responsibility. See Exchange Online Protection, Microsoft Defender for Office 365, and Shared ransomware protection for more information on how Microsoft 365 can help secure your data.