Zero-hour auto purge (ZAP) in Microsoft Defender for Office 365

Implementation Effort: Low: Customer IT and Security Operations teams need to drive projects to configure and manage ZAP and quarantine policies.

User Impact: Medium: A subset of non-privileged users may need to take action or be notified of changes, particularly if they receive quarantine notifications.

Overview

Zero-hour auto purge (ZAP) in Microsoft Defender for Office 365 is a feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes. ZAP can also detect existing malicious chat messages in Microsoft Teams, moving them to the Junk Email folder or quarantine if found to be harmful, thus enhancing the security posture within the Zero Trust framework.

Reference

Zero-hour auto purge (ZAP) in Microsoft Defender for Office 365