Forum Discussion
Solved
O365 ATP Mail protection
Hi everyone, I have a question regarding ZAP (zero-Hour auto purge), why would you not want all mailboxes to be screened by ZAP? I mean if you want to trap and remove a malicious mail that has al...
Technically, ZAP isn't "scanning at rest" so the vendors didn't lie on that part (which is a first :P). The only reason why you might want it disabled is if it triggers too much false positives. There are some challenges with auditing, it's not that straightforward to get a list of items ZAP acted upon. And Microsoft never got through the various compliance-related complications arising from performing actions on behalf of the user, which is why to date ZAP only supports "move to Junk" action, instead of delete. So I guess you can extend an argument that in some scenarios where ZAP deleted an attachment, this can create a complication, but if you have that strict compliance requirements, you probably have the mailbox on hold anyway.
Hi!
Would recommend reading this -
https://docs.microsoft.com/en-us/office365/securitycompliance/zero-hour-auto-purge
This should also help
https://blogs.technet.microsoft.com/eopfieldnotes/2018/12/13/did-i-get-zapped-by-zap/
ZAP is enabled by default on all mailboxes but you can disable it by Powershell and there are certain conditions to meet such as spam action being set to move to junk email folder.
Whilst I can’t see any real reasons for disabling it I guess one of the reasons for disabling it on subsets of users could be if it is responsible for false positives and moving legitimate mail to the junk. Vasil Michev highlights this in the article here
https://www.michev.info/Blog/Post/1063/zap-and-other-enhancements-in-exchange-online-protection
Hope that helps to answer your question!
Best, Chris
Would recommend reading this -
https://docs.microsoft.com/en-us/office365/securitycompliance/zero-hour-auto-purge
This should also help
https://blogs.technet.microsoft.com/eopfieldnotes/2018/12/13/did-i-get-zapped-by-zap/
ZAP is enabled by default on all mailboxes but you can disable it by Powershell and there are certain conditions to meet such as spam action being set to move to junk email folder.
Whilst I can’t see any real reasons for disabling it I guess one of the reasons for disabling it on subsets of users could be if it is responsible for false positives and moving legitimate mail to the junk. Vasil Michev highlights this in the article here
https://www.michev.info/Blog/Post/1063/zap-and-other-enhancements-in-exchange-online-protection
Hope that helps to answer your question!
Best, Chris