check before: 2026-01-06
Product:
Defender, Defender for Office 365, Defender XDR, Teams
Platform:
Android, iOS, Linux, Mac, Online, Web, Windows Desktop, World tenant
Status:
Launched
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Starting January 6, 2026, Zero-hour auto-purge (ZAP) will be enabled by default in Microsoft Defender for Office 365 Plan 1, automatically moving malicious Teams messages to admin quarantine. Tenants can opt out before January 6, 2026, and admins manage quarantined content via the Security portal.
Details:
[Introduction]
Starting January 6, 2026, Zero-hour auto-purge (ZAP)-a feature that moves malicious messages from internal Microsoft Teams chats and channels to admin quarantine-will be turned on by default for Microsoft Defender for Office 365 Plan 1. This enhancement helps protect your organization by removing phishing or malware URLs from Teams conversations and placing them in the admin quarantine within the Microsoft 365 Security portal. For details on managing quarantined Teams messages, refer to Use the Microsoft Defender portal to manage Microsoft Teams quarantined messages.
Screenshot: Example of Admin quarantine showcasing all quarantined Teams messages
This message is associated with Microsoft 365 Roadmap ID 529816.
[When this will happen:]
General Availability (Worldwide): Rollout begins early January 2026 and will complete by mid-January 2026.
Default ON setting effective January 6, 2026, unless your tenant opts out before that.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2025-11-19
updated:
2025-11-19
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Starting January 6, 2026, Microsoft will enable Zero-hour auto-purge (ZAP) by default for Microsoft Defender for Office 365 Plan 1 users, automatically identifying and quarantining suspicious Microsoft Teams messages, with an option for organizations to opt out before this date.
Direct effects for Operations**
User Experience Disruption
End users will not see quarantined messages in Teams, potentially leading to confusion or frustration if they are unaware of the ZAP feature and its implications on their communications.
- roles: End Users, Helpdesk Staff
- references: https://learn.microsoft.com/defender-office-365/mdo-support-teams-about#configure-zap-for-teams-protection-in-defender-for-office-365, https://learn.microsoft.com/defender-office-365/quarantine-admin-manage-messages-files#use-the-microsoft-defender-portal-to-manage-microsoft-teams-quarantined-messages
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/quarantine-admin-manage-messages-files#use-the-microsoft-defender-portal-to-manage-microsoft-teams-quarantined-messages
Increased Admin Workload
Admins will need to manage quarantined content in the Security portal, which may increase their workload and require additional training on the new processes.
- roles: Security Admins, IT Support Staff
- references: https://learn.microsoft.com/defender-office-365/quarantine-admin-manage-messages-files#use-the-microsoft-defender-portal-to-manage-microsoft-teams-quarantined-messages, https://security.microsoft.com/quarantine?viewid=Teams
Potential Communication Gaps
If the change is not communicated effectively, users may be unaware of the new ZAP feature, leading to misunderstandings about message availability and security measures.
- roles: End Users, Communications Team
- references: https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=529816
Risk of Phishing Exposure
Without proper preparation and communication, users may inadvertently click on malicious links in Teams messages that are not yet quarantined, increasing the risk of phishing attacks.
- roles: End Users, Security Admins
- references: https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams, https://learn.microsoft.com/defender-office-365/mdo-support-teams-about#configure-zap-for-teams-protection-in-defender-for-office-365
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/mdo-support-teams-about#configure-zap-for-teams-protection-in-defender-for-office-365
Policy Compliance Issues
Organizations may face compliance issues if they do not review and adjust their policies regarding the handling of quarantined messages, potentially leading to data governance risks.
- roles: Compliance Officers, Security Admins
- references: https://learn.microsoft.com/defender-office-365/quarantine-admin-manage-messages-files#use-the-microsoft-defender-portal-to-manage-microsoft-teams-quarantined-messages, https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge#zero-hour-auto-purge-zap-in-microsoft-teams
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago ago
