This video explains Zero-hour auto purge (ZAP) in Microsoft Defender for Office 365—how Defender can remediate threats after delivery when a verdict changes (for example, a link that’s weaponized post-delivery). It shows that ZAP can take automated action up to 48 hours after an email lands, and where you configure it: Anti-spam policy (on by default in the inbound policy—recommended to keep enabled) and Antimalware policy (a simple toggle). It also demonstrates how to find messages moved by ZAP using Explorer filters (select the ZAP action) and notes how ZAP activity appears inside incident investigations, including automated investigations like “Mail with malicious URLs is zapped.”
We produced this as a tight “here’s the feature, here’s where it lives, here’s how to spot it” walkthrough—designed to make a behind-the-scenes capability feel very concrete. The screen flow stays focused on the two policy locations and the exact Explorer filter, with narration that keeps the why-and-when clear so admins can tune actions confidently and analysts can recognize ZAP in incidents. Final delivery includes closed captions, audio description, and thumbnails.
The inevitable sequels
Hollywood keeps stretching good ideas into progressively worse sequels. We don’t. These are the related videos—spiritual siblings of the one you just watched—as good or better than this video. Expect callbacks, new plot twists, and maybe even a scene-stealing cameo from a lower third.
