Microsoft 365 Defender ZAP for Exchange Online

Copper Contributor

I am planning on doing a gmail to EXO migration using an EWS 3rd party tool (Quest ODME)


If while my mailbox was in gmail I was sent so a phishing email and it passed gmail's scans and I migrated that email to EXO.


Lets say the email is 10 days old, and I have been on holiday so have not opened it in gmail.


If a url in the phishing email is weaponized post the migration of the email to EXO with ZAP pick it up?




2 Replies
@flaphead - Yes it should as the job of ZAP is to continually monitoring updates to the spam and malware signatures and find and remove such emails that are already present in user's mailbox.
It can take action on both read and unread emails.
I do not know for certain but would be inclined to disagree. Depending on what the migration process does, MDO may not be aware of them until they are opened. Do migrated items gain a Safe Links wrapper? If not, none of your Safe Links cover works for them.

A lot of malicious payloads these days are two-stage affairs, where the web link in the delivered message body is to a relatively benign site hosting a convincing link to a second more malevolent site. There is no real substitute for having a decent proxy or end-point protection system in place for when an item is opened. Unless you block encrypted attachments, you need that anyway.