Have you checked the video in the link?
It has some more detailed information about by default how ZAP works and how you can configure it.
You can configure ZAP in these two threat policies: Anti-spam policy and Anti-malware policy.
By default it has been turned on in the default Anti-spam inbound policy and it is recommended to leave it that way.
Anti-spam inbound policy:
If you would like to modify the action how it deals with phishing emails or High confidence phishing emails, you can modify this part:
Anti-malware policy:
By default it is also enabled and would quarantine emails that are considered to contain malware.
And you may only configure whether to enable it or not.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.