Exchange Online Protection – Zero-hour Auto Purge (ZAP), Safety Tips and more
Articles Blog

Exchange Online Protection – Zero-hour Auto Purge (ZAP), Safety Tips and more

January 6, 2020

Microsoft processes over 200 billion
emails each month for spam and malware signatures through Exchange Online and to harden the service for everyone This is made possible largely
through our ever-evolving email filtering services that proactively
identify and block external threats In the next few minutes I’ll provide an
overview for updates made to prevent external threats without disrupting your
user productivity including: dynamic delivery for safe attachments, zero hour
auto purge and safety tips in Outlook on the web A few months ago we introduced Exchange
Online Advanced Threat Protection a brand new email filtering service that blocks
external threats and also gives visibility around who is getting targeted in
your organization With the safe attachment feature from Exchange Online
Advanced Threat Protection you can block the unknown malware and also get
notification as an administrator But with most email filtering services there’s always
a delay associated in recieving such emails while the service is processing the attachment This delay is now completely eliminated with dynamic delivery for safe attachments Let me show you how So here in my safe attachment policy there are options for admins today for blocking the attachment and also notifying the
administration or any incident management team But going forward they’ll
have yet another option by which they can use dynamic delivery to send the message without the attachment and the recipient can then
respond to the message or continue to edit it going forward From a recipient perspective they can go ahead
and get this message and when they recieve such a message they’ll notice that the
messages come with a different attachment when they try to open this
particular attachment they’ll notice that their original attachment is getting
scanned right now and this notifies them that it will get replaced when the scan is complete But in the meanwhile they can continue to work on their message itself they can read it and respond to it and their productivity is not hampered at all And beyond dynamic delivery if you want to block specific file extensions as an admin you now have an option within the Malware filtering policy So here in my
Malware filtering policy I can see that there are different options that
are available as part of common attachment types filter and different
file types are provided to the admins that they can use to block them based on
their file extension These are capabilities that are part of Advanced
Threat Protection but if you only have Exchange online protection in the event
that a Malware or SPAM gets through another new feature we have
added is called Zero Hour Auto Purge or ZAP ZAP provides us the ability to change the categorization on a message after it has been delivered This is especially important if an initial email filter does not pickup a message
found malicious or junk because it is zero hour so here on my screen I have received
an email that is actually a spam message I’ve not read it and it’s sitting there but ZAP will actually go behind the scene and automatically move this message from my
inbox it to my junk mail folder As you can see the message was quickly moved
into my junk mail folder and if I try and go over to junk mail folder I’ll see that same message over here Equally if a message has been misclassified it will be moved back from junk mail folder to my inbox Now beyond ZAP you as a user are an important factor in message classification For example you
can report a particular message as a spam and going forward using the report phish
feature you can also report a particular message as a phishing attempt let me show you
that as well So here on my screen I’ve received a message from Contoso Corp and it looks like a phishing attempt So going forward you can report this message as a
phishing scenario and this would in that case report a message back to Microsoft
so that our engineers can go back and create additional rules so that we can block
such phishing attempts from going forward Also improved the system is able to
better block spoofing attempts when someone might try to impersonate a
specific sender insider their company Imagine a fake CEO trying to send an email
to a CFO this is something that we have had but with strong authentication checks big
data and reputation filter we’ve have hardened the service and made sure that
this counterfeit detection can be minimized The last thing that I want to
show you is safety tips in Outlook on the web which proactively gives you information
to help you decide whether or not to open up a particular message So for example
here I have a couple of emails in my inbox the first email is coming from a trusted sender and I see a safety tip that displays that this message is coming
from a trusted sender so I can see that message On the other hand I have another
email that’s telling me that this attachment or this particular email might actually
be suspicious so I should be careful when I open this particular message with Office 365 we’re continually advancing our security precautions to make sure we’re
protecting you against external threats and giving you the best user experience You can get started with the dynamic delivery for safe attachment as part of your Advanced
Threat Protection subscription and ask for safety tips for Outlook on the web and Zero Hour Auto Purge you can get that as part of your Exchange Online protection subscription Thank you for watching Microsoft Mechanics

Only registered users can comment.

  1. First off, Thanks for the video, it provides great insight into the upcoming feature set. Good Job!However, can we please, please get the ability to bypass ATP by sender? IP address or IP address range would be best.Does ATP kick in before transport rules? If not then perhaps it could be similar to the Clutter bypass method.

Leave a Reply

Your email address will not be published. Required fields are marked *