Allow Microsoft to remove files and emails from your user's inboxes if they are found to be dangerous after delivery.


All email messages are evaluated for viruses and other threats before being delivered to your Inbox. Sometimes, a message that was judged to be ok will later be found to be a threat. Turning on the ZAP setting allows Microsoft 365 to go into your inbox and remove messages that were already delivered, but are now found to be a threat, hopefully, before your users interact with them. There is no good reason to leave this setting off. The user will not be notified if an email has been removed by ZAP.


You can find the setting in the Exchange Admin Center, in the Protection section/Malware Filter, but the setting has also been moved to the Security Center, in the Threat Management/Policy/Anti-Malware section.


The operation to look for in the Unified Audit Logs: Set-MalwareFilterPolicy


Microsoft’s documentation on Anti-Malware Policy: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-worldwide