Microsoft is strengthening post-delivery email protection in Microsoft Defender for Office 365 by expanding Zero-hour Auto Purge (ZAP) capabilities.
Previously, malicious emails moved to the Deleted Items folder could become a blind spot during remediation. With this update, ZAP will now continue scanning Deleted Items and automatically remediate phishing, spam, and malware messages even after users delete or report them.
This means malicious emails can still be cleaned up if they were:
- Manually deleted by users
- Reported as phishing
- Moved indirectly through workflows or calendar actions
The enhancement works automatically using existing anti-spam, anti-phishing, and anti-malware policies. No new configuration or policies are required.
The rollout applies to:
- Exchange Online Protection tenants
- Microsoft Defender for Office 365 Plan 1
- Microsoft Defender for Office 365 Plan 2
(with ZAP enabled)
Admins will also gain better investigation visibility through:
- Additional ZAP-related activity in reports and alerts
- A new
SourceLocationfield in Advanced Hunting - Improved tracking of where malicious emails originated
Microsoft plans to begin rolling out the update in June 2026.
Message ID: MC1323263