This alert triggers when Office 365 antivirus engine detects malware in a file hosted in Sharepoint or OneDrive.
MITRE ATT&CK Tactics
Command and Control
1. Remove malware from O365 repository
2. Use Azure Sentinel to identify the Office 365 user account(s) who downloaded the respective malicious file on their local computers
3. Perform on a full EDR scan on local computers
4. Disconnect computers from your corporate network until the scan is completed and malware removed