Zero-Hour Auto-Purge Emails in Microsoft Defender for Office 365
Microsoft 365 Defender now includes Microsoft ZAP (Zero-Hour Auto-Purge), which scans email for phishing content to protect email systems from potential attacks.
This prevents legitimate, simulated phishing attacks used for training by Security Awareness Security Training and other providers. In addition, Microsoft 365 Defender no longer honors opt-outs for the Outlook Safe Senders list or the IP Allow List (connection filtering).
Until now, email traveled from somewhere on the Internet, outside the service, through various layers of protection, which I’ve discussed before. He finally calmed down in the data in the service (Microsoft 365). However, data is still protected even at rest, thanks to Microsoft 365.
Remember that there is no user interaction with the data yet. The email has been delivered to the user’s inbox, waiting for them to log in and view it.
While email resides in the data container in Microsoft 365, protection is provided by Zero-Hour Auto-Purge (ZAP). As Microsoft says:
In Microsoft 365 organizations with mailboxes in Exchange Online, zero-hour auto-purge (ZAP) is an email protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes.
How ZAP works in Office 365
Office 365 updates daily the antispam engine and the antimalware firm in real-time. It is still possible to receive equally damaging messages decapitated all inside the users’ mailboxes for various reasons, including when the content has already been used as a weapon a moment after the first delivery to the users.
Zero-Hour Auto-Purge solves this type of problem by continuously monitoring updates to all spam and malware potential threats in Office 365 and being able to find and remove previously delivered messages in incoming mail.
For mail already identified as spam, ZAP moves non-read messages to the user’s undesired mail folder. Moreover, ZAP can remove the attachments from the email message, although the message has been received or not delivered at all.
How to Enable ZAP for Spam and Phishing
ZAP is enabled by default and can only be disabled through Exchange Online PowerShell. The Feature will only work when the following conditions are met:
- The user’s spam filter is enabled. This setting is also the default, but users may disable it via options in OWA;
- The spam filter policy is configured to move messages to the spam folder. Also, in this case, the functionality is the default, but an administrator can override the behavior and configure the messages to be quarantined instead.
Conclusion
Microsoft 365 Defender is a remarkable and advanced enterprise defense suite that enables you to detect, prevent, investigate and respond to endpoints, applications, email, and identities.
It consists of four defense services: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Defender for Office 365 enables you to secure your business with a predefined set of prevention, detection, investigation, and hunting features to safeguard your information.
Microsoft provides different security capabilities with every Office 365 subscription. Therefore, it is crucial to be aware of the Zero-Hur Auto-Purge feature, as it can assist you in keeping your business clean and safe since it covers your apps, services, email, and other critical data.
