# Zero-Hour Auto Purge for Malware SHOULD Be Enabled

## Description

This setting determines whether emails can be quarantined automatically after delivery to a user’s mailbox (e.g., in the case of a match with an updated malware classification rule).

## Policy

* Zero-hour auto purge (ZAP) for malware SHOULD be enabled in the default antimalware policy and in all existing custom policies.

## Licensing Considerations

This setting requires Defender for Office 365 Plan 1 or Plan 2 which can be purchased standalone or as part of the following bundles:

* Microsoft 365 Business Premium
* Microsoft 365 E3
* Microsoft 365 E5

## Set Up Instructions

[Configure anti-malware policies - Office 365 | Microsoft Learn](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide)

To enable ZAP:

1. Sign in to Microsoft 365 Defender.
2. Under Email & collaboration, select Policies & rules.
3. Select Threat policies.
4. Under Policies, select Anti-malware.
5. Select the Default (Default) policy.
6. Click Edit protection settings.
7. Check Enable zero-hour auto purge for malware (Recommended).
8. Click Save.

## End-User Impact

{% hint style="info" %}
Level: <mark style="color:green;">Low</mark>
{% endhint %}

With this setting in place, users will have certain email messages removed from their mailbox if they are detected as malware.

{% hint style="info" %}
Tips

None Currently
{% endhint %}

## PowerShell Scripts

<https://learn.microsoft.com/en-us/powershell/module/exchange/set-malwarefilterpolicy?view=exchange-ps>

## Videos

{% embed url="<https://www.youtube.com/watch?v=R-0YVW6pNt4>" %}