Phishing attacks are a pervasive threat in the cybersecurity landscape, often causing significant damage to organizations through data breaches and financial loss. To combat these threats effectively, organizations must adopt proactive measures that can neutralize attacks before they cause harm. One such measure is the implementation of Zero-hour Auto Purge (ZAP) policies in Microsoft Defender. ZAP enhances your email security by automatically detecting and removing phishing messages that have already been delivered to users’ inboxes, often before users even notice them. This capability is crucial for maintaining a strong security posture and improving your Microsoft Defender Secure Score.  

In this blog post, we’ll explore how to set up ZAP policies for phishing messages, to bolster your defenses and ensure that your organization is protected against these ever-evolving threats. 

Note: “Recommended action” Remediations as identified by “Microsoft 365 admin center Portal ( \ Security \ Secure score \ Recommended actions” in a pristine baseline environment.

Rank Recommended action

160 Create zero-hour auto purge policies for phishing messages.

Microsoft Security Score

Secure Score Improvement: +0.29%



For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that’s configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

For additional information, see Zero-hour auto purge in Microsoft Defender for Office 365 | Microsoft Learn

Implementation status

100% of users are affected by policies that are configured securely.

  • Strict Preset Security Policy1705599886976 – 1 users (100%)



You have Microsoft Defender for Office 365 P1.

Next steps

Ensure that all users have an assigned Anti-phishing inbound policy with both ‘Enable zero-hour auto purge (ZAP)’ and ‘Enable for phishing messages’ options enabled, by either updating your existing policies or creating new ones.

For detailed implementation instructions, see Configure anti-phishing policies in EOP | Microsoft Learn

Learn more