ZAP for high confidence phishing is enabled by default. If the policy allows users to release their own quarantined messages, users are instead allowed to request the release of their quarantined high-confidence phishing messages. Users can't release their own messages that were quarantined as high confidence phishing, regardless of how the quarantine policy is configured. For more information, see Anatomy of a quarantine policy. But, admins can create and use quarantine policies to define what users are able to do to quarantined messages, and whether users receive quarantine notifications. By default, only admins can view and manage quarantined high confidence phishing messages.
Zero-hour auto purge (ZAP) for high confidence phishingįor read or unread messages that are identified as high confidence phishing after delivery, ZAP quarantines the message. This is the default action for a Phishing verdict in the Standard and Strict preset security policies, and in custom anti-spam policies that you create in the Defender portal.īy default, ZAP for phishing is enabled in anti-spam policies.įor more information about configuring spam filtering verdicts, see Configure anti-spam policies in Microsoft 365. Quarantine message: ZAP quarantines the message. This is the default action for a Phishing verdict in the default anti-spam policy and custom anti-spam policies that you create in PowerShell. Move message to Junk Email: ZAP moves the message to the Junk Email folder. The available actions and the possible ZAP outcomes are described in the following list:Īdd X-Header, Prepend subject line with text, Redirect message to email address, Delete message: ZAP takes no action on the message. Zero-hour auto purge (ZAP) for phishingįor read or unread messages that are identified as phishing (not high confidence phishing) after delivery, the ZAP outcome depends on the action that's configured for a Phishing verdict in the applicable anti-spam policy. For more information, see Configure anti-malware policies in EOP. ZAP for malware is enabled by default in anti-malware policies. If the policy allows users to release their own quarantined messages, users are instead allowed to request the release of their quarantined malware messages. Users can't release their own messages that were quarantined as malware, regardless of how the quarantine policy is configured.
0 kommentar(er)
