
- #Prevent download onedrive Offline#
- #Prevent download onedrive download#
Intelligent detection – Microsoft has a good write up here on using Advanced Threat Analytics and Cloud App Security to proactively detect abnormal behaviour such as file types that indicate a ransomware attack, in order to alert administrators and suspend the infected user to prevent further spread of the ransomware. One of the most important considerations with backups is ensuring they are not accessible by users (and therefore the ransomware itself), which would only result in your backups being ransomed as well. But if your primary concern is restoration of files in SharePoint Online and OneDrive libraries then that may be enough for you. Office 365 backups are typically limited to Exchange Online and SharePoint Online and don’t cover other applications like Teams and Planner. But if you’re unsatisfied with the speed of those restore scenarios then you can look into third party backup solutions. Backups – SharePoint Online has options for restoring files in the event of a ransomware outbreak. Device compliance – use Intune to manage user devices to ensure they meet your security standards. For bonus points, if you choose a firewall that integrates with Cloud App Security you can feed that to Microsoft for analysis so that abnormal and malicious behaviours can be detected and responded to. #Prevent download onedrive download#
You can also use “next generation” firewalls such as Palo Alto and Barracuda to perform similar behaviour-based analysis of file downloads to reduce the risk of a zero day attack from a drive-by download or malicious link.
Web protection – obviously using secure and up to date web browsers is important, as is running good anti-malware on your desktops and laptops. The Safe Links feature also extends to Office applications like Word, to protect users from clicking malicious links within documents. The Safe Attachments feature checks for malicious behaviours, allowing it to potentially block a zero day attack. ATP provides additional protection from email-borne attacks, both in attachments (Safe Attachments) and in links (Safe Links) within emails.
Email protection – Exchange Online Protection has basic mail flow rules for blocking executable content in file attachments, but a more effective option is to enable Advanced Threat Protection (ATP). So what can you do with Office 365 and other Microsoft services to reduce the likelihood of a ransomware attack? Yes, you will probably be able to restore your files after an attack, but you did nothing to reduce the likelihood of the attack in the first place and will still suffer the downtime while you go through the recovery process. Any file the user can access via network shares is also exposed to ransomware that infects the computer. And anyone who uses one of those third party tools to mount SharePoint libraries as a drive letter to emulate old school file shares runs into the same problem. The locally stored files on computers are exposed to ransomware attacks, and the encrypted files will sync to SharePoint Online. #Prevent download onedrive Offline#
OneDrive does allow users to sync document libraries to their computer for local and offline editing of files. It provides a good replacement for user home drives, but it’s SharePoint Online that is a more suitable replacement for file servers when using Office 365. For starters, OneDrive is not a good replacement for traditional file servers. So as I advise customers, simply deploying OneDrive isn’t the solution. You can also use the OneDrive restore feature to restore an entire OneDrive library to a previous point in time. Microsoft announced last month that version history has been extended to all file types. The version history feature of OneDrive only supported Office file types until recently. So OneDrive itself doesn’t prevent ransomware attacks, but in the event of an attack you can use OneDrive to restore previous versions of files.
If your organization utilizes OneDrive for Business, OneDrive will allow you to recover files stored in it. OneDrive for Business can be used as a protection mechanism against ransomware. As Microsoft themselves wrote in a blog post on dealing with ransomware: However, the capabilities of OneDrive for Business might help you in a recovery scenario. Mitigating the risk of ransomware is not as simple as just using OneDrive for Business to store files.
As consultants are fond of saying, “it depends”. One of the questions is whether cloud storage services like OneDrive for Business can prevent ransomware attacks.Īs with may security-related questions, the answer is not a simple one. This has lead to the same types of questions from customers that I got at the end of my talk last year. Since then, awareness of ransomware has grown due to a number of high profile outbreaks around the world.
I delivered a talk about ransomware risks for businesses at an industry event last year.