Organizations relying on Microsoft 365 continue to face an evolving landscape of phishing attempts, malware links, and increasingly sophisticated social engineering threats. Microsoft is rolling out another important layer of protection, and if your organization uses Microsoft Defender for Office 365 Plan 1, this upgrade is coming your way automatically.
Beginning January 6, 2026, Microsoft will enable Zero-Hour Auto-Purge (ZAP) protection for Microsoft Teams by default for all tenants with Defender for Office 365 Plan 1. This updated functionality is designed to automatically remove malicious messages after they’ve been delivered, providing an essential safety net for content shared within Teams chats and channels.
Whether you already have Defender for Office 365 or are evaluating the right security stack for your organization, here’s what this means for you.
Zero-Hour Auto-Purge automatically detects and removes phishing and malware content—even after delivery. Until now, ZAP has mainly applied to email. With this new release, it will extend into Microsoft Teams, providing similar real-time remediation by moving unsafe messages into admin quarantine within the Microsoft 365 Security portal.
This allows security administrators to review, release, or delete malicious content without exposing end users to harmful links or files.
Starting early January 2026, the following updates will roll out globally:
All Defender for Office 365 Plan 1 customers will automatically gain ZAP protections for internal Teams chats and channels.
Any internal Teams message identified as phishing or carrying malware will be removed from users’ chats and placed into the Security Portal → Quarantine → Teams section.
Users won’t see quarantined messages or alerts. All review and release actions will occur on the admin side.
Your current ZAP configuration settings will carry over automatically. You only need to take action if you plan to opt out.
This enhancement is associated with Microsoft 365 Roadmap ID 529816.
Microsoft Teams has become a central hub for internal communication—and attackers have taken notice. The addition of ZAP to Teams:
If you already use Defender for Office 365 Plan 1, this is a significant security upgrade with no additional cost.
If you're not using Defender for Office 365 yet, this is another strong reason to consider adding it to your Microsoft 365 environment.
Verify your current configurations in the Microsoft 365 Security portal.
Helpdesk and IT support should understand how quarantined Teams messages will be handled.
Microsoft gives a short window (Dec 6, 2025 – Jan 5, 2026) to disable the auto-enable behavior. Most organizations will want to keep ZAP enabled.
Admins can manage Teams quarantined messages via the Microsoft Defender portal. Familiarizing yourself with these views now can help streamline incident response later.
Great news—this upgrade is included and will be activated automatically. No action is needed unless you prefer to opt out.
Now is a great time to consider it. Defender brings advanced protection layers—including Safe Links, Safe Attachments, threat investigation tools, and now expanded ZAP coverage—to help secure your Microsoft 365 environment.
If you're unsure what plan you have or want to understand whether Plan 1 or Plan 2 is right for you, we’re here to help.
Our team can help you:
If you’d like to discuss Defender for Office 365 or need support preparing for these upcoming changes, reach out to DMC Technology Group, Toledo’s IT Pros, anytime.
President, DMC Technology Group
