Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

ZAP Failed to move the messages

Copper Contributor

Hi Community,


we are getting for two weeks a lot of "Messages containing malicious entity not removed after delivery" Alerts, which i could not understand the reason. In Email Entity it says "ZAP failed to move the message". 

As one sample Email from Alert;



Email was classified as Spam and into the Junk Folder sent. But after 12 Minutes it was as Phish / Normal classified but it could not be moved to quarantine (it should be so because we set the anti-spam Policy with this action). 


Is there anything related to our Policies? or is it a a problem at microsoft backend? How can i find the reason and solution for that ? Thanks


7 Replies
Your recipient may have been faster. ZAP cannot remove what is already deleted.

@ExMSW4319 thank you for your response. Actuallay all the emails were in junk folder. It is indicated in documentation that the emails can be zapped even if they are in junk folder.

@mhmmdrn We're seeing an increase in these alerts as well. In all instances, the email was still in the user's junk mail folder. Seems like ZAP is failing to do its job, but we don't know why. 

We have seen many of these lately. Not sure if it is a coincidence or not but the domain of the senders have been email address removed for privacy reasons

I've found that when searching for just the domain, it has produced many of the emails that the alerts have been triggered off of.



Same issue for us, lots of failures with the ZAP messages in the last few months.  Please post here if you find more information.  Probably need to open a Microsoft support ticket, but I simply don't have the patience for that right now.  





Could be due to a safe list, ExO rule, etc that takes precedence over ZAP.

@theclaz77  don't think so in this case.  No other ExO rules show as applied.  In some cases, the same email that went to multiple people could fail a ZAP for just one user.  Seems to have gone away in the last few weeks so I think it was Microsoft server issues.