ZAP Action - Does the ZAP action use the reporting account for accessing the email?

Bolden, Vincent 0 Reputation points
2023-11-10T13:34:57.83+00:00

ZAP Action - Does the ZAP action use the reporting account for accessing the email?

We are reviewing recent events and are seeing end users report emails as phishing and then the ZAP action takes over. Hours later as they have finished their shift we receive a secondary alert saying that the link was clicked.

Just need confirmation that we aren't going insane and that the ZAP feature is actively causing alerts by using the reporting user account to actively check links for malicious URLs.

Please provide evidence that it is not in your reply as well.

Microsoft Exchange Online
{count} votes

1 answer

Sort by: Most helpful
  1. Shaofan Lv-MSFT 6,915 Reputation points Microsoft Vendor
    2023-11-13T07:12:43.55+00:00

    Hello Bolden

    <<ZAP Action - Does the ZAP action use the reporting account for accessing the email?

    I checked the MS Doc about ZAP and there doesn't seem to be any clear instructions on this. So there seems to be no evidence. Personally, I don't think it uses the reporting user's account, based on the Doc description it seems to just scan and monitor emails and move them to junk or delete.

    If you received a secondary alert, perhaps someone clicked on the link after reporting the email as phishing.

    Could you provide a screenshot of the alert?

    Regards


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.