Boosting Your Defenses: The Multilayered Ransomware Protection Method of Microsoft 365

The two main reasons why businesses have embraced Microsoft 365 so rapidly are hybrid working and reduced capital costs.

However, due to its sizable user base and quick subscriber growth over the previous two years, the subscription-based suite, which includes Exchange Online and other Office 365 productivity programs, OneDrive for Business, SharePoint, and Teams, is an alluring target for hackers.

You should be monitoring more than just the number of users and collaboration minutes if your company uses Microsoft 365 (M365). There has been an increase in ransomware attacks over the last few years, and your M365 sensitive data will be targeted more frequently.

Malicious actors are already trying to encrypt your data and infect it with malware, then demand a payment to unlock it.

Beyond that, hackers will be hoping that your sensitive data in M365 is not fully protected so they can steal (called exfiltrate) it and then use it to demand ransom in order to keep it from being released to the public.

The adoption of the tactic in “double-extortion” ransomware operations is growing rapidly. Operators using ransomware may severely impact your company’s finances and reputation, regardless of their strategy, so your best bet is to continue to plan ahead as it is not a matter of ‘if’, it is a matter of ‘when’.

Microsoft’s advice for fending off ransomware that targets your M365 data is straightforward: Make frequent data and content backups, and use third-party apps and services to store it. This is good advice, but it’s likely not enough.

Comprehending the Concept of Shared Responsibility

Operating on a shared responsibility paradigm, Microsoft is a hyperscale cloud and application provider. In real terms, that means Microsoft pledges strong infrastructure security, high infrastructure dependability, and restricted data protection, which includes certain data retention guidelines and versioning, which we’ll talk about next.

It never promises that your material will always be accessible. That’s a general assessment of its portion of the responsibility.

Maintaining the trust of your customers and the reputation of your brand depends equally on you. Your business data is yours. It is therefore your duty to safeguard your cloud data both now and in the future to ensure compliance with legal and business standards.

If your data is compromised, it is also your organization’s responsibility to promptly restore it. The main justification for abiding to best practices and adding third-party apps and services that shield your data from ransomware assaults in addition to basic M365 protection is your internal share of responsibility for M365, a mission-critical environment.

Microsoft does include certain built-in features for storing data after it has been deleted or modified, but these aren’t reliable, unchangeable backups, more on that later.

Ransomware Around The Corner

Before launching a full-scale attack, malware or attackers might penetrate a system and hide for a few weeks or months in order for it to spread to other systems.

Furthermore, as you’ll see, versioning isn’t appropriate for ransomware recovery since, in order to guarantee that your restored data is free of ransomware infection, restores must occur from a specified point in time on the full data set rather than on individual files.

The threat of Ransomware-as-a-Service (RaaS) affiliate models facilitates threat actors’ ability to expand their operations and target businesses of any size or industry.

Can Ransomware Infect Files Stored in OneDrive?

Yes, files kept on OneDrive can become infected with ransomware. This is due to the fact that cloud data accessed through the OneDrive sync application that is installed on your machine is directly accessible from the endpoint, which facilitates the propagation of ransomware and its ability to corrupt all of your OneDrive files.

It’s crucial to remember that if you haven’t taken any precautions to secure your system or are using an out-of-date version of the program, your risk increases. To defend against online attacks, it is crucial to utilize additional tools like Microsoft Defender or a third party Endpoint Detection and Response (EDR) tool.

OneDrive offers built-in capabilities to restore from a previous version of your cloud data, even if you have been attacked with ransomware. This enables you to recover from a state that existed before the ransomware assault. Additionally, there are solutions for backing up your Microsoft 365 data to an independent cloud backup repository, giving you a backup copy in the event that OneDrive’s restore points become unavailable.

Backups VS Versioning

If you require additional proof that native M365 data protection isn’t reliable enough for your data, think about the way it stores data. M365, in contrast to actual backup systems, employs a method more akin to version control, which is the management of several revisions of the same data or files, Microsoft calls this in place retention.

Stated differently, versioning occurs at the file level, with each file having a unique file version history. This method has the drawback that ransomware attacks targets all files at once and occur at a specific time.

Backup shouldn’t be considered the primary method of retention in use. Rather than being your “officially retained record,” backup has always served as the “copy of last resort that always exists.”

Since this was the sole copy of the content available for the retention period, backed-up content search and retrieval sadly had to be integrated into the backup or archival system as this was the only copy of the content available for the retention period.

When versioning is enabled, you may track, store, and restore files in a library and items in a list as they change.

You have control over the material that is posted on your website when you use versioning in conjunction with other settings like checkout. Versioning can also be used to view or restore previous iterations of a library or list.

You can use versioning to:

  1. Track History of a version: You can see when and by whom an item or file was modified when versioning is enabled. Additionally, you may view the dates of changes to the file’s properties. For instance, the version history contains information on changes made to a list item’s due date. Additionally, comments made by users upon checking files into libraries are visible.
  2. Go back to an earlier version: You can replace the current version with a prior one if you made a mistake in the current version, if the current version is corrupt, or if you just prefer the earlier version. The version that has been restored is now the latest one.
  3. Examine an earlier version: Viewing an earlier version won’t cause your current version to be overwritten. You can compare the two versions to see the differences if you are viewing version history in a Microsoft Office document, such as a Word or Excel file.

Microsoft 365 Ransomware Protection

Microsoft offers a range of capabilities and services through the Office 365 platform to assist your company in defending against ransomware threats.

Start with ensuring that all accounts use Multi Factor Authentication, as identities is the main target for modern criminals – they don’t hack in, they sign in. Defender for Office 365 assists in thwarting the spread of ransomware through email.

Microsoft Defender for Endpoint, on the other hand, is a cutting-edge antivirus and EDR program made to identify and neutralize threats directly on Windows (and MacOS, Linux, iOS and Android) devices. Combining these capabilities with other Microsoft 365 solutions offers a comprehensive approach to strengthen your company’s cybersecurity posture and stop malware threats all around.

To properly protect your Microsoft 365 environment, use Hornetsecurity one-of-a-kind services:

To keep up with the latest Microsoft 365 articles and practices, visit our Hornetsecurity blog now.


Although the possibility of a ransomware attack on Microsoft 365 is increasing, you are taking precautions to make sure your data is safe by adhering to best practices for data security and learning how ransomware attacks arise and may be avoided.

It is important to put more sophisticated techniques like network segmentation and fundamental procedures like multi-factor authentication into practice.

Your best line of defense against a ransomware assault on your Microsoft 365 data is knowledge.

You can greatly lessen your vulnerability to these kinds of attacks by being aware of the dangers, training your users regularly, typical attack vectors, and countermeasures. Furthermore, being aware of what to do right away in the event that you become a victim can significantly reduce harm and possibly even help you retrieve any lost data.


Does Office 365 have ransomware protection?

Yes, Microsoft 365 has built-in safeguards against ransomware. It uses cutting-edge threat prevention techniques to identify and eliminate ransomware attacks in all of its apps.

Should I set up OneDrive for ransomware protection?

In addition to providing basic backup and recovery features, OneDrive has the capability to protect your files from ransomware attacks by using file versioning and sophisticated threat detection.

Does Microsoft Defender protect against ransomware?

Microsoft Defender provides ransomware protection. It uses cutting-edge threat prevention techniques to identify, stop, and handle ransomware threats.