Information
Zero-hour auto purge (ZAP) is a protection feature that retroactively detects and neutralizes malware and high confidence phishing. When ZAP for Teams protection blocks a message, the message is blocked for everyone in the chat. The initial block happens right after delivery, but ZAP occurs up to 48 hours after delivery.
Rationale:
ZAP is intended to protect users that have received zero-day malware messages or content that is weaponized after being delivered to users. It does this by continually monitoring spam and malware signatures taking automated retroactive action on messages that have already been delivered.
Impact:
As with any anti-malware or anti-phishing product false positives may occur.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To remediate using the UI:
Navigate to Microsoft Defender https://security.microsoft.com/
Click Settings > Email & collaboration > Microsoft Teams protection.
Set Zero-hour auto purge (ZAP) to On (Default)
To remediate using PowerShell:
Connect to Exchange Online using Connect-ExchangeOnline.
Run the following cmdlet:
Set-TeamsProtectionPolicy -Identity 'Teams Protection Policy' -ZapEnabled $true
Default Value:
On (Default)