Forum Discussion
O365 ATP Mail protection
Technically, ZAP isn't "scanning at rest" so the vendors didn't lie on that part (which is a first :P). The only reason why you might want it disabled is if it triggers too much false positives. There are some challenges with auditing, it's not that straightforward to get a list of items ZAP acted upon. And Microsoft never got through the various compliance-related complications arising from performing actions on behalf of the user, which is why to date ZAP only supports "move to Junk" action, instead of delete. So I guess you can extend an argument that in some scenarios where ZAP deleted an attachment, this can create a complication, but if you have that strict compliance requirements, you probably have the mailbox on hold anyway.
Technically, ZAP isn't "scanning at rest" so the vendors didn't lie on that part (which is a first :P). The only reason why you might want it disabled is if it triggers too much false positives. There are some challenges with auditing, it's not that straightforward to get a list of items ZAP acted upon. And Microsoft never got through the various compliance-related complications arising from performing actions on behalf of the user, which is why to date ZAP only supports "move to Junk" action, instead of delete. So I guess you can extend an argument that in some scenarios where ZAP deleted an attachment, this can create a complication, but if you have that strict compliance requirements, you probably have the mailbox on hold anyway.
Do you have any info on how Microsoft is "screening" the users mailbox against updated signatures etc..?