Use Microsoft Defender for Office 365 with SharePoint Online

Microsoft SharePoint Online is a widely used user collaboration and file storage tool. The following steps help reduce the attack surface area in SharePoint Online and that help keep this collaboration tool in your organization secure. However, it's important to note there's a balance to strike between security and productivity, and not all these steps might be relevant for your organizational risk profile. Take a look, test, and maintain that balance.

What you need

• Microsoft Defender for Office 365 Plan 1
• Sufficient permissions (SharePoint administrator/security administrator).
• Microsoft SharePoint Online (part of Microsoft 365).
• Five to 10 minutes to perform these steps.

Turn on Microsoft Defender for Office 365 in SharePoint Online

If you're licensed for Microsoft Defender for Office 365 (free 90-day evaluation available at aka.ms/trymdo), you can ensure seamless protection from zero day malware and time of click protection within Microsoft Teams.

To learn more, read Step 1: Use the Microsoft Defender portal to turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.

1. Sign in to the security center's safe attachments configuration page.
2. Select Global settings.
3. Ensure that Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams is set to on.
4. Select Save.

Stop infected file downloads from SharePoint Online

By default, users can't open, move, copy, or share malicious files that are detected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. However, the Download option is still available and should be disabled.

To learn more, read Step 2: (Recommended) Use SharePoint Online PowerShell to prevent users from downloading malicious files.

1. Open and connect to SharePoint Online PowerShell.
2. Run the following command: Set-SPOTenant -DisallowInfectedFileDownload $true.

Further reading

Policy recommendations for securing SharePoint sites and files