safe and secure photoThe more Teams grows, the more we need to keep its users safe. Fortunately, we keep gaining ways to do that.

Office 365 continues to gain security enhancements. We’ve just had one such enhancement released for MS Teams users. In light of the development (which I’ll clarify below), I thought I’d talk a little about how to protect Teams users from malware.

I’ll break this into three parts. Two parts on Office 365 configuration, one on user education (because that’s just as important!). The end result? Some extra background protections in your Teams channels, smarter users, and fewer malware risks.

Part 1: Enhance the Default O365 Anti-Malware Protection

O365 comes with anti-malware protection built in. It’s managed, like many other security tools, through the Office 365 Security & Compliance Center.
(You can also use the Exchange Admin Center. You’ll reach the same screen under Protection/Malware Filter.)

Now, you don’t HAVE to change the default anti-malware settings. But I personally think the default values are a little too lax. If you too find them insufficient, here’s how you bump them up.

  1. Log into Office 365 Security & Compliance Center. You must use a Global Administrator or Security Administrator account for this.
  2. Click Threat Management in the left nav.
  3. Click Policy. You’ll see the Policy sections.
  4. Click the “Anti-Malware” box. You’ll see the Anti-Malware Policy box.

    O365 Anti-Malware Policy Settings
    The default anti-malware policy. Observe the details on the right.
  5. Click Edit (the pencil in the toolbar) or double-click the Default policy. A new window will open.
  6. Click Settings on the left.

    O365 Anti-Malware Settings Options
    Default anti-malware policy settings.
  7. Read through these settings. Change what you feel will benefit your organization. For instance, activate the Common Attachment Types filter to block suspicious file types (e.g. NotaVirus.vbs, ImportantDocumentHonest.reg).
  8. Click Save when done. The window will close, and the Default policy’s details will update.


Part 2: Activate Advanced Threat Protection (ATP).

Advanced Threat Protection adds more to O365’s anti-malware protection. Essentially, it identifies malware-infected files and locks them. Preventing users from downloading or opening said files, and releasing the malware.

ATP was just released to General Availability for SharePoint, OneDrive, and Teams. Microsoft says it will deploy to all E5 Office 365 tenants over the next few weeks. (Other Enterprise subscriptions can buy ATP as an add-on.)

Helpful stuff. However, it’s not enabled by default. You must flip the proverbial switch once it’s ready. Here’s how to do it.

(Prerequisite: You must have Audit Logging enabled. Instructions for doing so: Turn Office 365 Audit Log Search On or Off – Office Support)

  1. Log into Office 365 Security & Compliance Center. You must use a Global Administrator or Security Administrator account for this.
  2. Click Threat Management in the left nav.
  3. Click Policy. You’ll see the Policy sections.
  4. Click the “Safe Attachments” box. (If you don’t see this yet, it hasn’t activated for your O365 tenant. Come back tomorrow.)

    Safe Attachments Box for ATP
    Advanced Threat Protection for Teams, right here.
  5. Check the box for “Turn on ATP for SharePoint, OneDrive, and Microsoft Teams.”
  6. Click Save.
  7. Get some coffee & wait. ATP will populate for all user accounts within 30 minutes.

Once ATP is active, you should see a new option for viewing detected malware files. It’s under Threat Management/Review…a box labeled “Protection Status.” From there you can view reports on any infected files grabbed & locked down by ATP.

More details about the Protection Status reports here: View Information about Detected Files – Office 365 ATP For SharePoint, OneDrive, and Microsoft Teams


Part 3: Train Users to Watch Out for Malware-Infected Files Anyway

These systems do a lot to keep us safe. That doesn’t mean they’re perfect. Malware will keep trying to find a way in.

Maybe on an infected USB drive someone brings into the office. Maybe a new ransomware app sneaks under O365’s radar. Whatever the entry vector, assume your users are cyberattack targets and act accordingly.

Teach them how to recognize the signs of a malware infection. What a phishing email looks like. How to verify suspicious files (without opening them). The more users know about malware, the less likely you are to have any trouble with it.


A Little More Security for Teams. A Little Easier Breathing for System Admins.

Obviously there’s more you can do outside the Office 365 tenant. Firewalls, desktop-level anti-malware, etc. So long as they don’t interfere with one another, you’re just improving overall security.

Since we don’t have full Guest Access for Teams yet, now is the right time to enhance your malware protections. Before someone from outside your nice safe network drops in for a chat!

Have you experienced any malware in Teams?

3 Ways to Protect Teams Users from Malware-Infected Files
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.