Over the last month we've gotten into it on two of the four components of Collaboration Security for Microsoft Teams which were announced back at Secure in March - Attack Simulation and End User Reporting. Both seem really solid adds. I personally think that both are worth the price of the P2 in order to bring this XDR functionality into Teams. So let's push on and investigate the third component - one which has been part of Exchange Online for some time which is Zero-Hour Auto Purge. Typically known by its acronym ZAP, in the context of Teams it 'protects end-users by analyzing messages post-delivery and automatically quarantines messages that contain malicious content to stop the actor from compromising the account'. So it is a retroactive automated protection feature which goes after malware, spam and phishing messages. Furthermore 'once a malicious message is identified, the entire Teams environment will be scanned for that same indicator of compromise and quarantine relevant messages at scale for more effective protection'. Sounds good. Sounds like it's going to be a real big help to admins who cannot be on hand - or are expected to be on hand - to continuouly monitor their users chats in Teams 24/7. So let's see ZAP in action. It is currently in preview like the other components and on by default if a P2 licence is assigned and CSTM is lit up via the shell. Of all the components within CSMT this is the one I see changing the least by the time GA comes around since it just works. But having tested the past few days there appears to be some hefty limitations at the time of writing - and ones that as Microsoft 365 admins we need to know upfront even though we know it's only at the preview stage. One. ZAP only works on private chat and private group chat currently. Channel conversations aren't supported today. Given that channel messages are housed in shared mailboxes within the Microsoft 365 group construct that's surprising. But hey, that exactly what happened with loop components so I am pretty sure that will arrive at some point. Two. On the testing I did this weekend it only seems to work for messages within the organisation currently. In other words, no federated chat support for messages sent and received to/from others outside the organisation. That's probably the biggest limitation here in terms of day to day use or the likelihood of something malicious getting in. Three. During testing I noticed it doesn't seem to cover meeting chat which is also important, especially if the org allows anonymous users to join meetings. Now, these could be blockers for many organisations. Or they may not be given these orgs could be adding CSMT in preview primarily for the other components. It'll be important to support all three moving forward, but looking past this the preview does a good job showing you how ZAP works if you have something to test it with.