I'm working on the deployment of Amp for endpoint on my 10K+ computers.
I just notice a "bad behavior" when running a fullscan.
You may know or not that Onedrive introduce the "fileondemand" option which means that files not used are kept on the cloud and downloaded locally only when the user need/access it.
Running a fullscan with AMP force Onedrive to download all files. It do not only scan file locally present. That's a weird issue coz I don't want a 10Go (up to 1To) onedrive to be downloaded on my client if not needed.
Windows Defender scan works smoothly with Onedrive.
So far the only workaround is to set an exclusion for onedrive folder on AMP which in my opinion is not recommended.
AMP scans PE header to check, if file is supported. It does not need to download data, from the onedrive to local disk. This is a feature of onedrive, if you or e.g. photo editor, or other application is accessing the file stored in the onedrive, it downloads it to a temp folder. This file is subsequently uploaded once read,execute or modify finishes. Scans are redundant as AMP checks its sha against cloud intelligence, in the action specified per policy. This is typically copy/move and execute.