Antimalware scan of mailboxes

Antimalware scan of Microsoft 365 mailboxes checks backed-up emails for malicious files and suspicious URLs, and notifies you if threats are detected.

This feature requires the Advanced Security + XDR pack, in which the Microsoft 365 seats quota must be enabled. Antimalware scan of Microsoft 365 mailboxes is provided as part of the advanced pack, without additional cost.

In the 24.11 release, the Microsoft 365 seats quota in the Advanced Security + XDR pack is automatically enabled for existing customers that use the Advanced Security + XDR pack with the Workloads quota within it, and that have the Microsoft 365 seats quota within Standard protection.

For these customers, antimalware scan is automatically enabled in the existing backup plans for Microsoft 365 mailboxes.

You can enable antimalware scans when you configure a backup plan for Microsoft 365 mailboxes. For more information, see Selecting mailboxes.

The scans run automatically after each new backup. You cannot schedule or run a scan manually.

After the scan completes, the backup (recovery point) within the backup archive is marked as follows:

  • If malware is not found, the backup is marked with a green dot and a green icon.

  • If malware is found, the backup is marked with a red dot and one or two red icons, depending on the type of detected threat (malicious file or suspicious URL).

    For more information on how to check details about these threats, see Checking the details about a detected threat.

    Be careful when recovering backups: antimalware scan of mailboxes notifies you about the detected threat, but it does not prevent you from recovering an infected backup.

    To clean an infected backup, go to the Microsoft 365 mailbox, and then delete the malicious attachment or the whole email message. Thus, the next backup will be clean.

    You can enhance your protection by enabling Advanced Email Security. With this advanced pack, suspicious emails are detected before reaching the inbox. For more information, see Advanced Email Security.

If a backup is not yet scanned, it is marked with a gray dot and no additional icons.

A backup for which antimalware scanning is not available, such as a OneDrive backup, is marked with a green dot and no additional icons.

Limitations

  • Antimalware scan is not supported for the following file types:

    • RAR
    • 7z
    • ISO
  • If a scanning task fails, it will be retried in one day.

  • Antimalware scan is not supported for Loop components in emails. Any possible threats in a Loop component will not be detected.

  • Antimalware scan is supported only on the default cloud storage. Local storages, partner-hosted storages, and public cloud storages are not supported.

  • Antimalware scan is not supported for tenants in Compliance mode.