Guide to Protection from Ransomware

Written by Gene Horlander | May 21, 2025 9:08:34 PM

 
There’s the Microsoft Compromise Recovery Security Practice (CRSP) - a collaborative effort between Microsoft and its customers to investigate an attack and incorporate key findings into the recovery process.
 
Below, we’ll break down Microsoft’s overall approach to fighting ransomware — then we’ll get more specific and explain how those efforts show up throughout its expansive product ecosystem.
 
How Microsoft Protects Against Ransomware
 
Per this interactive cloudsecurity piece, Microsoft detects, on average, 1.5M attempted attacks on its system every single day. Each recorded attempt, plus billions of data points related to phishing scams, cyber crime rings, ransomware attacks, and threat actor tactics are compiled and studied as part of an ongoing learning process – helping Microsoft get ahead of emerging threats and better protect its customers.
All data is fed into Microsoft’s intelligent security graph— where it can be analyzed in context with high-profile attacks, emerging threats, and the evolving global threat landscape. Key findings are then applied to Microsoft products like Dynamics 365, Azure, Microsoft 365, and the rest – and as a result, the whole ecosystem benefits from this sort of “group immunity.”
Additionally, Microsoft’s fight against ransomware extends beyond the product ecosystem – with experts working to disruptthe growing ransomware economy on four main fronts:
 
  • Holistic ransomware prevention. Microsoft uses AI/ML and automation to analyze ransomware signals across all clouds, apps, and endpoints. Solutions include Microsoft 365 Defender, Sentinel, and Defender for Cloud – which now comes with adaptive AI protection to defend against human-operated ransomware attacks.
  • Detection & response. Microsoft offers unified Security Information and Event Management (SIEM) and extended detection response (XDR) solutions that provide integrated threat protection across apps, devices, identities, and data and cloud workloads.
  • Disrupting the ransomware economy. Microsoft’s Digital Crimes Unit (DCU) is a team of experts that works with law enforcement to disrupt cybercrime, support ransomware victims, and advise on legislative matters.
  • Threat intelligence & ongoing research. Finally, Microsoft’s team of dedicated experts study ransomware tactics and develop threat intelligence solutions that, eventually, become embedded into its core product offerings.
It’s important to note that while Microsoft’s products are loaded with strong security protections, tech alone won’t safeguard your data from ransomware. It’s on you to develop a strong security culture (think – ZeroTrust), put together a recovery plan, and continuously monitor and improveyour security posture.
The Ransomware Protections Embedded Across the Microsoft Ecosystem
So, we’ve gone over how Microsoft protects the overall ecosystem against ransomware attacks and other security threats.
Now, let’s quickly run through some of the ways that Microsoft’s cybersecurity efforts show up in individual product offerings.
  • Azure. Azure spans roughly 200 products across a wide range of use cases – data analytics, IoT, compute, cloud storage, AI & machine learning, and more. Some solutions are explicitly designed to support cybersecurity initiatives – DDoS protection, data governance, anomaly detection, a key vault for cloud apps. Other solutions focus on other areas like building chatbots or ML models, cloud storage, or DevOps. Either way, all Azure products are embedded with security protections – as well as reporting tools that make it easy to monitor, detect, and act on potential threats.
  • Dynamics 365. Dynamics 365 includes several built-in capabilities that protect your data from ransomware attacks, fraud, and regulatory non-compliance. Users can automate core processes, define rules and controls, and access and act on real-time insights when the system detects a threat.
  • Microsoft 365. Microsoft 365 apps include several baked-in protections against ransomware attacks, data corruption, and other threats. This includes tenant-level controls (Exchange Online) – as well as a service infrastructure designed to prevent, detect, and act on incoming threats.
  • OneDrive. OneDrive makes it easy for users to access files from anywhere, add files from Teams or SharePoint, and collaborate on shared files in real-time. OneDrive also includes security controls that make it easy to recover from ransomware attacks, grant access permissions for shareable links, and enforce pre-configured policies. It even includes reporting tools for monitoring user activity and special protections for sensitive information.
  • Microsoft Entra. Microsoft Entra is a new product family that includes all identity and access management capabilities – Azure AD, plus new CIEM and decentralized identity protections. Together, Entra apps help businesses build a comprehensive environment for managing credentials, verifying user identities, and making access decisions based on real-time threa assessments.
  • SharePoint. SharePoint simplifies collaboration and knowledge sharing among internal and external stakeholders – offering a secure environment for building custom websites, apps, portals, even your own “modern intranet.” Built-in security protections make it easy for users to manage access permissions and devices, secure sensitive customer data, and block incoming ransomware attacks.
  • Power Platform. The Power Platform is Microsoft’s suite of low-code/no-code tools, designed to make it easy for anyone to work with big data and build custom solutions. That means, you can create dashboards, apps, and automations that actively protect against ransomware – whether that means data streams that surface anomalies and threats in real-time, workflow automations that enforce compliance, or extra security features for custom builds.
Final Thoughts
All of the products and services in the Microsoft ecosystemare embedded with cutting edge ransomware protections. At the same time, it’s important to remember that you can’t rely on built-in protections alone.
You also need to make cybersecurity part of your culture —and prioritize training and development initiatives outside of the IT department. Beyond that, cybersecurity hinges on good data and end-to-end visibility. After all, you can’t control what you can’t measure.
ACOMDev, LLC offers a range of services from consulting and managed security services to ERP implementations and proprietary solutions that build on Microsoft’s out-of-the-box products and services. Whatever you’re looking for, our experts will ensure that security is baked into all products and processes from the very beginning.
Contact ghorlander@acomdev.com to find outmore about how we can help your company protect against ransomware attacks, data breaches, and other cyberthreats.
 
View full post