Zero-Hour Auto Purge for Malware SHOULD Be Enabled

Description

This setting determines whether emails can be quarantined automatically after delivery to a user’s mailbox (e.g., in the case of a match with an updated malware classification rule).

Policy

  • Zero-hour auto purge (ZAP) for malware SHOULD be enabled in the default antimalware policy and in all existing custom policies.

Licensing Considerations

This setting requires Defender for Office 365 Plan 1 or Plan 2 which can be purchased standalone or as part of the following bundles:

  • Microsoft 365 Business Premium

  • Microsoft 365 E3

  • Microsoft 365 E5

Set Up Instructions

Configure anti-malware policies - Office 365 | Microsoft Learn

To enable ZAP:

  1. Sign in to Microsoft 365 Defender.

  2. Under Email & collaboration, select Policies & rules.

  3. Select Threat policies.

  4. Under Policies, select Anti-malware.

  5. Select the Default (Default) policy.

  6. Click Edit protection settings.

  7. Check Enable zero-hour auto purge for malware (Recommended).

  8. Click Save.

End-User Impact

Level: Low

With this setting in place, users will have certain email messages removed from their mailbox if they are detected as malware.

Tips

None Currently

PowerShell Scripts

https://learn.microsoft.com/en-us/powershell/module/exchange/set-malwarefilterpolicy?view=exchange-ps

Videos

PreviousEmails SHALL Be Filtered by Attachment File TypeNextPhishing Protections SHOULD Be Enabled

Last updated