Application Permissions - Ensure Office 365 SharePoint Infected Files are Disallowed for Download

 








Summary

SharePoint online allows the download of the files detected by Defender for Office 365 as infected, by default.

Reason

As the name suggests, Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files and whenever an infected file is detected, it is automatically blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team.

What If?

The only potential impact associated with implementation of this setting is potential inconvenience related with the small percentage of false positive detections that may occur.

How to?

To set O365 SharePoint to Disallow download of infected files, use PowerShell:
  1. Connect using Connect-SPOService, you will need to enter the URL for your Sharepoint Online admin page https://*-admin.sharepoint.com as well as a Global Admin account.
  2. Run the following PowerShell command to set the value to True.
Set-SPOTenant -DisallowInfectedFileDownload $true

      3. After several minutes run the following to verify the value for DisallowInfectedFileDownload                has been set to True.

Get-SPOTenant | Select-Object DisallowInfectedFileDownload

Monitor:

To check that O365 SharePoint is set to not allow infected files to be downloaded, use PowerShell:
  1. Connect using Connect-SPOService, you will need to enter the URL for your Sharepoint Online admin page https://*-admin.sharepoint.com as well as a Global Admin account.
  2. Run the following PowerShell command.
  3. Get-SPOTenant | Select-Object DisallowInfectedFileDownload


      3. Verify the value for DisallowInfectedFileDownload is set to True.











Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)