Microsoft are updating their phishing and spam filtering protection layers to better protect Office 365 email users. This comes after a lengthy period of email interception through rule comprise, the lack of 2FA being rolled out to end-users meaning Office 365 email platforms have been breached, and also where businesses have still have not added on external email cyber security layers (such as MX filtering) to protect their company email from phishing, spam and ransomware.
Microsoft are updating something called the “Zero-hour auto purge (ZAP)” to move post-delivery identified phishing and spam messages to Quarantine (this is a separate manageable view within the Office 365 Admin Portal) to better align the ZAP action to the mail flow action defined in the company anti-spam policy.
Microsoft will be gradually rolling this out to Office 365 end users starting in early October with the roll out complete worldwide by the end of November.
After this update, ZAP will move post-delivery detected phishing or spam mails to Quarantine if the respective phishing/spam action rules in the Spam policy is set to Redirect, Delete, or Quarantine.
If the policy action is set to Move to Junk, then ZAP will continue to move the message to Outlook Junk folders. If the policy action is Add X-header, Modify Subject, or No Action, then ZAP will do nothing.
If you are an Office 365 admin, you can manage messages that were sent to quarantine by using the Security & Compliance Center in the Office 365 Admin Portal. Simply login to Office 365 Admin and visit the Security and Compliance Center. On the left, expand Threat Management, choose Review, and then choose Quarantine.
Within this view you can view all messages that were sent to quarantine and then action them, for example release if it’s a false positive.
For more information on managing messages sent to quarantine visit https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user