mcas - malware detection policy

%3CLINGO-SUB%20id%3D%22lingo-sub-2777762%22%20slang%3D%22en-US%22%3Emcas%20-%20malware%20detection%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2777762%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3Ejust%20wondering%20whether%20or%20not%20the%20malware%20detection%20policy%20is%20just%20a%20%22detection%22%20policy%20%3A)%3C%2Fimg%3E%20with%20no%20remediation%20or%20mitigation%20impact%20on%20the%20related%20findings.%20In%20other%20words%2C%20once%20the%20policy%20found%20suspicious%20files%20containing%20malware%20within%20SpO%20or%20OfB%2C%20it%20only%20alerts%20within%20mcas%2C%20but%20does%20nothing%20more%20on%20that%20file%20like%20moving%20to%20quarantine%20or%20similar.%3C%2FP%3E%3CP%3EAm%20I%20right%3F%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EThomas%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2777762%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2794098%22%20slang%3D%22en-US%22%3ERe%3A%20mcas%20-%20malware%20detection%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2794098%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1164373%22%20target%3D%22_blank%22%3E%40ThomasHoehner%3C%2FA%3E%3CBR%20%2F%3EYes%20you%20are%20right%2C%20it%20is%20a%20detection%20policy%20where%20you%20can%20identify%20malicious%20files%20in%20your%20cloud%20storage%20with%20no%20remediation%20being%20performed.%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%20you%20can%20use%20this%20detection%20in%20real%20time%20using%20session%20policies%20to%20control%20file%20uploads%20and%20downloads.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2794825%22%20slang%3D%22en-US%22%3ERe%3A%20mcas%20-%20malware%20detection%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2794825%22%20slang%3D%22en-US%22%3E%3CP%3Ethank%20you%20Anurag.%3CBR%20%2F%3EHowever%2C%20for%20customers%20utilizing%20Defender%20for%20Office365%2C%20where%20mcas%20malware%20detection%20policy%20alerts%20on%20malware%2C%20but%20Defender%20for%20Office365%20does%20not%2C%20a%20communication%20between%20those%20two%20solutions%20could%20be%20reasonable%20in%20order%20to%20quarantine%20related%20finding%20(malicious%20file)%20out%20of%20mcas%20malware%20detection%20policy%20with%20the%20power%20of%20Defender%20for%20Office365%2C%20couldn't%20it%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ThomasHoehner_0-1632911615699.png%22%20style%3D%22width%3A%20743px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F313579i5E0B55275874BB1E%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22ThomasHoehner_0-1632911615699.png%22%20alt%3D%22ThomasHoehner_0-1632911615699.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi all,

just wondering whether or not the malware detection policy is just a "detection" policy :) with no remediation or mitigation impact on the related findings. In other words, once the policy found suspicious files containing malware within SpO or OfB, it only alerts within mcas, but does nothing more on that file like moving to quarantine or similar.

Am I right?

Thank you

Thomas 

2 Replies
@ThomasHoehner
Yes you are right, it is a detection policy where you can identify malicious files in your cloud storage with no remediation being performed.

However you can use this detection in real time using session policies to control file uploads and downloads.

thank you Anurag.
However, for customers utilizing Defender for Office365, where mcas malware detection policy alerts on malware, but Defender for Office365 does not, a communication between those two solutions could be reasonable in order to quarantine related finding (malicious file) out of mcas malware detection policy with the power of Defender for Office365, couldn't it?

ThomasHoehner_0-1632911615699.png

 

www.000webhost.com