Forum Discussion
New SPO Tenant Configuration
Trying to do additional research on a new configuration I noticed in SPO Tenant. I am not finding any Microsoft documentation on details of the configuration and what it does. Any additional information would be helpful.
RansomwareProtectionEnabled
JZMartinez You noticed a new configuration setting called "RansomwareProtectionEnabled" in your SharePoint Online tenant and are looking for more information on what it does.
While there's no detailed official documentation from Microsoft about this setting yet, I can provide some insights based on its name and potential functionality. Enabling the "RansomwareProtectionEnabled" setting likely activates SharePoint Online's built-in ransomware protection capabilities.
This would allow for the detection of potential ransomware activities or patterns within your tenant's sites and content by monitoring for suspicious file encryption, mass deletion, or other indicators of ransomware attacks. Upon detecting such threats, preventive measures may be automatically triggered to mitigate their impact. These could include blocking or reversing malicious file changes, limiting user access, quarantining affected content, or integrating with Microsoft Defender for Office 365 for advanced threat detection and response. Additionally, this setting may enable alerting mechanisms to promptly notify administrators or site owners about detected ransomware threats, allowing for timely investigation and remediation efforts.
While the exact implementation details are not officially documented, enabling this setting serves as a proactive measure to safeguard your SharePoint Online environment from the risks of ransomware attacks. Before enabling this configuration, I'll carefully review any potential implications or changes it may bring to your tenant based on your specific requirements and settings.
If needed, I'll reach out to Microsoft Support or your Microsoft representative for further guidance or clarification on its functionality and recommended best practices.
6 Replies
JZMartinez You noticed a new configuration setting called "RansomwareProtectionEnabled" in your SharePoint Online tenant and are looking for more information on what it does.
While there's no detailed official documentation from Microsoft about this setting yet, I can provide some insights based on its name and potential functionality. Enabling the "RansomwareProtectionEnabled" setting likely activates SharePoint Online's built-in ransomware protection capabilities.
This would allow for the detection of potential ransomware activities or patterns within your tenant's sites and content by monitoring for suspicious file encryption, mass deletion, or other indicators of ransomware attacks. Upon detecting such threats, preventive measures may be automatically triggered to mitigate their impact. These could include blocking or reversing malicious file changes, limiting user access, quarantining affected content, or integrating with Microsoft Defender for Office 365 for advanced threat detection and response. Additionally, this setting may enable alerting mechanisms to promptly notify administrators or site owners about detected ransomware threats, allowing for timely investigation and remediation efforts.
While the exact implementation details are not officially documented, enabling this setting serves as a proactive measure to safeguard your SharePoint Online environment from the risks of ransomware attacks. Before enabling this configuration, I'll carefully review any potential implications or changes it may bring to your tenant based on your specific requirements and settings.
If needed, I'll reach out to Microsoft Support or your Microsoft representative for further guidance or clarification on its functionality and recommended best practices.
BarryGoblon Hello, how are you? Since last message in April, do you find more informations about it please. Thank you very much for your help. Have a good day.
On my side, i'm asking to TAM and MS Support but nobody can explain in details this setting. I hope i'll receive more information on this week (perhaps 🙂 ) : I'll also try to ask to my premium ++ Mega big Support tech : Google 😉 . Have a good day.
BarryGoblon this is great information. I am tracking it in one of my demo tenants, but wouldn't be able to simulate large scale attack. A couple main things I would like to understand is sometimes these features need different level of licensing. That would be something good to know, just because I can see it, can I actually use it (what licensing level do I need.) Second is when it does the "protection" if I do not have Preservation Holds Libraries turned on in our environment, will it automatically create one to enact the protection. PHL's take up their own space, and have their own quirks. If they are created automatically as part of the protection, I will need to be sure I take that into account, and put some education around that as well. Love that Microsoft is giving us this new safe guard, just need to understand it in more detail.
Thanks again for your thorough response.
JZMartinez I am happy to be helpful
- It protects against ransomware, such has malicously encrypting data
- Thank you for the response, but not what I was looking for. I am looking for Microsoft documentation that goes into detail as to what the configuration technically does. Does it enable PHL where one does not exist? Does it send out alerts to someone (site owners, SPO admins...etc.)? When we enable it, what will it do?
