You are a Microsoft 365 administrator for a company.
Several users report that they receive emails which have a PDF attachment. The PDF attachment launches malicious code.
You need to remove the message from inboxes and disable the PDF threat if an affected document is opened.
Which feature should you implement?
A. Microsoft Exchange Admin Center block lists
B. Sender Policy Framework
C. Advanced Threat Protection anti-phishing
D. zero-hour auto purge
E. DKIM signed messages with mail flow rules
Answer should be D – Zero-hour auto purge (ZAP) in Exchange Online
ZAP addresses this issue by continually monitoring updates to the spam and malware signatures in the service. ZAP can find and remove messages that are “already in a user’s mailbox”.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide