People regularly share files and collaborate using SharePoint, OneDrive, and Microsoft Teams. With Office 365 Advanced Threat Protection (ATP), your organization can collaborate in a safer manner. ATP helps detect and block files that are identified as malicious in team sites and document libraries.

How Office 365 ATP operates

When a file in SharePoint Online, OneDrive for Business, and Microsoft Teams has been identified as malicious, ATP directly integrates with the file stores to lock that file. The following image shows an example of a malicious file detected in a library.

Files in OneDrive for Business with one detected as malicious

Although the blocked file is still listed in the document library and web, mobile, or desktop applications, the blocked file cannot be opened, copied, moved, or shared. People can, however, delete a blocked file. Here’s an example of what that looks like on a user’s mobile device:

Deleting a blocked file from OneDrive for Business from the OneDrive mobile app

Depending on how Microsoft 365 is configured, people might or might not have the ability to download a blocked file. Here’s what downloading a blocked file looks like on a user’s mobile device:

Downloading a blocked file in OneDrive for Business