Zero-Hour Auto Purge for Malware SHOULD Be Enabled

Description

This setting determines whether emails can be quarantined automatically after delivery to a user’s mailbox (e.g., in the case of a match with an updated malware classification rule).

Policy

Zero-hour auto purge (ZAP) for malware SHOULD be enabled in the default antimalware policy and in all existing custom policies.

Licensing Considerations

This setting requires Defender for Office 365 Plan 1 or Plan 2 which can be purchased standalone or as part of the following bundles:

Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5

Set Up Instructions

Configure anti-malware policies - Office 365 | Microsoft Learn

To enable ZAP:

Sign in to Microsoft 365 Defender.
Under Email & collaboration, select Policies & rules.
Select Threat policies.
Under Policies, select Anti-malware.
Select the Default (Default) policy.
Click Edit protection settings.
Check Enable zero-hour auto purge for malware (Recommended).
Click Save.

End-User Impact

Level: Low

With this setting in place, users will have certain email messages removed from their mailbox if they are detected as malware.

Tips

None Currently

PowerShell Scripts

https://learn.microsoft.com/en-us/powershell/module/exchange/set-malwarefilterpolicy?view=exchange-ps

Videos

https://www.youtube.com/watch?v=R-0YVW6pNt4www.youtube.com

PreviousEmails SHALL Be Filtered by Attachment File Type NextPhishing Protections SHOULD Be Enabled

Last updated 2 years ago

hashtagDescription

hashtagPolicy

hashtagLicensing Considerations

hashtagSet Up Instructions

hashtagEnd-User Impact

hashtagPowerShell Scripts

hashtagVideos