Dear kodi@hotmail
Thanks for reaching out to Microsoft Q&A Forum.
I understand you're reporting that a malicious URL was delivered via Microsoft Teams, detected by Microsoft Defender for Office 365, and yet the message remained visible after detection. Based on my research, here are some possible double checks:
1. License Requirement
ZAP support for Microsoft Teams is available only for customers with Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2. If you do not have this license package, please purchase it to use the related features.
2. Policies checking
Could you provide me screen shot of this screen below. This action can help me check the different
3. Message Type – Internal vs. External
At this time, I'm unsure whether the message you received originated internally or externally. But these are 2 possible case: Internal messages: ZAP can remove Teams messages flagged as malware or high confidence phishing. External messages (e.g., from guest users or federated domains): Currently not supported by ZAP in Microsoft Teams.
Note: Can you please specify the type of message you received so that I can assist you better? Reference: Zero-hour auto purge in Microsoft Defender for Office 365 - Microsoft Defender for Office 365 | Microsoft Learn
4. The messages still display because the cache (temporary memory) in Microsoft Teams(desktop) has not been cleared.
Reference: Clear the Teams client cache - Microsoft Teams | Microsoft Learn
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.