The Office365 Onedrive 'Threat Protection' policy now includes a new workflow: 'Suspected Malware '.

The new workflow allows deciding how to behave when a file is scanned and the malware engine generates a  detection with lower confidence (suspected malware). The options are:

  • Quarantine. User is alerted and allowed to restore

  • Quarantine. User is alerted, allowed to request a restore (admin must approve)

  • Quarantine. User is not alerted (admin can restore)

  • Do nothing