The Office365 Onedrive 'Threat Protection' policy now includes a new workflow: 'Suspected Malware '.
The new workflow allows deciding how to behave when a file is scanned and the malware engine generates a detection with lower confidence (suspected malware). The options are:
Quarantine. User is alerted and allowed to restore
Quarantine. User is alerted, allowed to request a restore (admin must approve)
Quarantine. User is not alerted (admin can restore)