URL Detonation Reputation - How do you like it?

Well, I just couldn't hold off on further comment.  Things keep developing and my blown-away-ness keeps growing.

URL detonation reputation seems to be less popular now, in favor of the now super popular "URL Malicious Reputation", not sure if this was a rename or is actually just new categorization trends by EOP/MDO.  In any case, here's the latest beef, and note I'm broadening the target for these pessimistic castings to cover EOP/MDO as a whole:

1.) I see a lot of URL Malicious Reputation emails being caught upon receipt.  But then I also see a lot of these being caught by ZAP.  What is most incredibly annoying about this, when the emails are truly bad, somehow EOP / MDO ALWAYS have to miss a small percentage and those messages slip though like they're perfectly fine, into Inbox.  Exact same email sent to 100 users, ~5 will very-often get through as "No threats".

2.) When domain 123EXAMPLE321.COM makes the bad reputation list, and then remains on there, but about 15 days into this state, messages STILL SLIP THROUGH THE CRACKS as described in #1 - I call this completely inexplicable.  The AI has but zero intelligence.

3.) As of late, when ZAP "fails to move message", Defender now is confused (or is now enlightened, really not sure which) and will not let us perform a manual remediation to move the item from Junk to Quarantine.  Nor can we do that by using the Report as Phish/Junk remediate type, because if it's already in Junk, there's nothing to report, I guess?  So what this results in is - message comes in, lands in Junk, and just as described in #2, seconds later ZAP wants to move it to Quarantine, but fails.  Remediation options for admins = manually go an delete that message or ask the user to.  There's nothing in Defender Portal nor EXO Admin Center that is going to let the admin do that.  This is steps backwards.

The automation is nice, but when it repeatedly works like a (GIANT) raging bull in a china shop, hard to really appreciate it.