You are a Microsoft 365 administrator for a company.
Several users report that they receive emails which have a PDF attachment. The PDF attachment launches malicious code.
You need to remove the message from inboxes and disable the PDF threat if an affected document is opened.
Which feature should you implement?
A. Microsoft Exchange Admin Center block lists
B. Sender Policy Framework
C. Advanced Threat Protection anti-phishing
D. zero-hour auto purge
E. DKIM signed messages with mail flow rules
I would go for D as ZHAP removes infected emails already delevered from user’s inboxes when malware/phishing email is detected
ZHAP does not disable the threat if the document is opened, so C is the correct answer