Microsoft Defender for SharePoint Online, OneDrive for Business, and Microsoft Teams
Overview
Microsoft Defender for SharePoint Online, OneDrive for Business, and Microsoft Teams allows users to collaborate in a safe manner by detecting and blocking files that are identified as malicious in document libraries and sites.
How it works
When Microsoft Defender detects a malicious file in SharePoint Online, OneDrive for Business or Microsoft Teams, it locks the file and blocks users from opening, downloading or sharing it.
How to know if a file has been identified as malicious
A file that has been identified as malicious and blocked will have a visual indicator appear beside the file name (applies to modern experience only, visual indicators will not display in classic view), in-application notifications will appear, and/or users will be blocked from opening the file.
The following images show examples of the visual indicator and notifications for a malicious file detected in a library.
What to do when a malicious file is found
If a malicious file has been detected and blocked, the recommended action is to delete the file. If you think that a file has been incorrectly identified as malicious (false positive), please report to ITSC.
Learn more
To learn more about the user experience when a file has been detected as malicious, refer to Microsoft's article: What to do when a malicious file is found in SharePoint Online, OneDrive, or Microsoft Teams.