Share via

Malware protection in Microsoft 365

Malware refers to viruses, spyware, and any other malicious software meant to steal data or harm computer systems. Microsoft 365 includes protection mechanisms to prevent malware from being introduced by a client or Microsoft 365 server. Anti-malware software is a principal mechanism used to protect Microsoft 365 assets from malicious software, providing both preventive and detective control over malicious software.

Each anti-malware solution tracks its software version and what known malware signatures are used to make detections. At least daily, each anti-malware solution will automatically verify they are using the latest software version and signatures. The following functions are centrally managed on each endpoint for each service team:

  • Automatic scans of the environment
  • Periodic scans of the file system (at least weekly)
  • Real-time scans of files as they're downloaded, opened, or executed
  • Automatic download and application of signature updates at least daily from the vendor's virus definition site
  • Alerting, cleaning, and mitigation of detected malware

When anti-malware tools detect malware, they contain it and alert the responsible service team personnel and Microsoft 365 Security, who initiate the incident response process.

Protection against malware is a shared responsibility, see Exchange Online Protection, Microsoft Defender for Office 365, and Shared ransomware protection for more information on how Microsoft 365 can help keep your data safe.