MicrosoftDocs
diff --git a/‎defender-office-365/anti-malware-policies-configure.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/anti-malware-policies-configure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/anti-malware-protection-about.md‎
Lines changed: 2 additions & 9 deletions b/‎defender-office-365/anti-malware-protection-about.md‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎defender-office-365/anti-phishing-policies-eop-configure.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/anti-phishing-policies-eop-configure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/anti-phishing-policies-mdo-configure.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/anti-phishing-policies-mdo-configure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md‎
Lines changed: 21 additions & 15 deletions b/‎defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md‎
Lines changed: 21 additions & 15 deletions
@@ -233,7 +233,7 @@ On the **Anti-malware** page, the **Status** value of the policy is now **On** o
 
 ### Use the Microsoft Defender portal to set the priority of custom anti-malware policies
 
-Anti-malware policies are processed in the order that they're displayed on the **Anti-malware** page:
+Anti-malware policies are processed in the order they're displayed on the **Anti-malware** page:
 
 - The anti-malware policy named **Strict Preset Security Policy** associated with the Strict preset security policy is always applied first (if the Strict preset security policy is [enabled](preset-security-policies.md#use-the-microsoft-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users)).
 - The anti-malware policy named **Standard Preset Security Policy** associated with the Standard preset security policy is always applied next (if the Standard preset security policy is enabled).
 
@@ -28,7 +28,7 @@ appliesto:
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-In Microsoft 365 organizations with cloud mailboxes, anti-malware protection for email is on by default. Some of the major categories of malware are:
+In all Microsoft 365 organizations with cloud mailboxes, anti-malware protection for email is on by default. Some of the major categories of malware are:
 
 - **Viruses** that infect other programs and data, and spread through your computer or network looking for programs to infect.
 - **Spyware** that gathers your personal information, such as sign-in information and personal data, and sends it back to its author.
@@ -129,14 +129,7 @@ These settings aren't configured in the default anti-malware policy by default,
 
 ### Priority of anti-malware policies
 
-If Preset security policies are [turned on](preset-security-policies.md#use-the-microsoft-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users), the Standard and Strict preset security policies are applied before any custom anti-malware policies or the default policy (Strict is always first). If you create multiple custom anti-malware policies, you can specify the order that they're applied. Policy processing stops after the first policy is applied (the highest priority policy for that recipient).
-
-In other words, when a recipient is defined in multiple anti-malware policies, the policies are applied in the following order:
-
-1. The Strict preset security policy.
-2. The Standard preset security policy.
-3. Custom policies based on the priority of the policy (a lower number indicates a higher priority).
-4. The default anti-malware policy.
+If preset security policies are [turned on](preset-security-policies.md#use-the-microsoft-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users), the Standard and Strict preset security policies are applied before any custom anti-malware policies or the default policy. If you create multiple custom anti-malware policies, you can specify the order of policy application. Policy processing stops for eligible recipients after the application of the first eligible policy (the highest priority policy for that recipient).
 
 For more information about the order of precedence and how multiple policies are evaluated, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md) and [Order of precedence for preset security policies and other policies](preset-security-policies.md#order-of-precedence-for-preset-security-policies-and-other-policies).
 
 
@@ -228,7 +228,7 @@ On the **Anti-phishing** page, the **Status** value of the policy is now **On**
 
 ### Use the Microsoft Defender portal to set the priority of custom anti-phishing policies
 
-Anti-phishing policies are processed in the order that they're displayed on the **Anti-phishing** page:
+Anti-phishing policies are processed in the order they're displayed on the **Anti-phishing** page:
 
 - The anti-phishing policy named **Strict Preset Security Policy** that's associated with the Strict preset security policy is always applied first (if the Strict preset security policy is [enabled](preset-security-policies.md#use-the-microsoft-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users)).
 - The anti-phishing policy named **Standard Preset Security Policy** that's associated with the Standard preset security policy is always applied next (if the Standard preset security policy is enabled).
 
@@ -415,7 +415,7 @@ On the **Anti-phishing** page, the **Status** value of the policy is now **On**
 
 ### Use the Microsoft Defender portal to set the priority of custom anti-phishing policies
 
-Anti-phishing policies are processed in the order that they're displayed on the **Anti-phishing** page:
+Anti-phishing policies are processed in the order they're displayed on the **Anti-phishing** page:
 
 - The anti-phishing policy named **Strict Preset Security Policy** associated with the Strict preset security policy is always applied first (if the Strict preset security policy is [enabled](preset-security-policies.md#use-the-microsoft-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users)).
 - The anti-phishing policy named **Standard Preset Security Policy** associated with the Standard preset security policy is always applied next (if the Standard preset security policy is enabled).
 
@@ -14,24 +14,24 @@ ms.assetid: a5b03b3c-37dd-429e-8e9b-2c1b25031794
 ms.collection: 
   - m365-security
   - tier2
-description: Admins can learn about bulk complaint level (BCL) values that are used in Exchange Online Protection (EOP).
+description: Admins can learn about bulk complaint level (BCL) values that are used in Microsoft 365.
 ms.service: defender-office-365
-ms.date: 10/17/2023
+ms.date: 07/02/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections in Microsoft 365</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
 
-# Bulk complaint level (BCL) in EOP
+# Bulk complaint level (BCL) in Microsoft 365
 
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP assigns a bulk complaint level (BCL) value to inbound messages from bulk senders. The BCL value is added to the message in an X-header and is similar to the [spam confidence level (SCL)](anti-spam-spam-confidence-level-scl-about.md) that's used to identify messages as spam. A higher BCL value indicates a bulk message is more likely to exhibit undesirable spam-like behavior. Microsoft uses both internal and third party sources to identify bulk mail and determine the appropriate BCL value.
+All Microsoft 365 organizations with cloud mailboxes assign a bulk complaint level (BCL) value to inbound messages from bulk senders. The BCL value is added to the message in an X-header and is similar to the [spam confidence level (SCL)](anti-spam-spam-confidence-level-scl-about.md) that identifies messages as spam. A higher BCL value indicates a bulk message is more likely to exhibit undesirable spam-like behavior. Microsoft uses both internal and non-Microsoft sources to identify bulk mail and determine the appropriate BCL value.
 
 Bulk senders vary in their sending patterns, content creation, and recipient acquisition practices. Good bulk senders send desired messages with relevant content to their subscribers. These messages generate few complaints from recipients. Other bulk senders send unsolicited messages that closely resemble spam and generate many complaints from recipients. Messages from a bulk sender are known as bulk mail or gray mail.
 
-Spam filtering marks messages as **Bulk email** based on the BCL threshold (the default value or a value you specify) and takes the specified action on the message. For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md) and [What's the difference between junk email and bulk email?](anti-spam-spam-vs-bulk-about.md)
+Spam filtering marks messages as **Bulk email** based on the BCL threshold in anti-spam polices and takes the specified action on the message. For more information, see [Configure anti-spam policies in Microsoft 365](anti-spam-policies-configure.md) and [What's the difference between junk email and bulk email?](anti-spam-spam-vs-bulk-about.md)
 
-The BCL thresholds are described in the following table.
+The BCL thresholds are described in the following table:
 
 |BCL|Description|
 |:---:|---|
@@ -51,21 +51,27 @@ Messages that meet or exceed the configured BCL threshold have the following def
 - **Default anti-spam policy, new anti-spam policies, and Standard preset security policy**: Deliver the message to recipient Junk Email folders.
 - **Strict preset security policy**: [Quarantine the message](quarantine-end-user.md).
 
-The [View data by Email \> Spam and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--spam-and-chart-breakdown-by-detection-technology) view in the Threat protection status report has a **Bulk complaint level** slider. This slider is available in :::image type="icon" source="media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** when you also select the **Detection** value **Bulk**. Using this slider shows you the results of increasing or decreasing the BCL value in the report.
+## BCL threshold in the Threat protection status report
 
+The filters in the [View data by Email \> Spam and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--spam-and-chart-breakdown-by-detection-technology) view of the **Threat protection status report** in the Microsoft Defender portal at <https://security.microsoft.com/reports/TPSEmailSpamReportATP> contain the **Bulk complaint level** slider.
 
-If you select **Edit spam threshold and properties** at the bottom of the **Bulk email threshold & spam properties** section in the details flyout of the default anti-spam policy or a custom anti-spam policy that you select from the **Anti-spam policies** page at <https://security.microsoft.com/antispam>, the **Bulk email threshold** section contains the bulk senders insight: information about the number of messages that were detected as bulk at all BCL levels by all anti-spam policies over the last 60 days.
+Select :::image type="icon" source="media/m365-cc-sc-filter-icon.png" border="false"::: **Filter**. In the **Filters** flyout that opens,  select only the **Detection** value **Bulk** in the **Filters** flyout that opens. Use the **Bulk complaint level** slider to increase or decrease the BCL threshold.
 
-- By default, the bulk senders insight shows the number of messages that were delivered and identified as bulk at the current BCL threshold of the anti-spam policy.
+After you apply the filters and return to the main report page, you see that hanging the BCL threshold changes the data in the report:
 
-  :::image type="content" source="media/anti-spam-policy-bulk-senders-insight-bcl-default.png" alt-text="The bulk senders insight in the Bulk email threshold section of an anti-spam policy showing the messages identified as bulk at the current BCL level." lightbox="media/anti-spam-policy-bulk-senders-insight-bcl-default.png":::
+- Increasing the BCL threshold identifies fewer messages as bulk.
+- Decreasing the BCL threshold value identifies more messages as bulk.
+- Set a minimum and maximum BCL threshold to see the effect on bulk detections.
 
-- If you decrease the bulk email threshold value, the bulk senders insight changes to show how many fewer messages would be delivered and how many more messages would be identified as bulk. The insight also shows how many bulk message identifications are likely to be false positives (good email identified as bad).
+:::image type="content" source="media/threat-protection-status-report-malware-detection-tech-view-bcl-slider.png" alt-text="Screenshot showing the Bulk complaint level slider in the filters of View data by Email \> Spam and Chart breakdown by Detection Technology in the Threat protection status report in the Microsoft Defender portal." lightbox="media/threat-protection-status-report-malware-detection-tech-view-bcl-slider.png":::
 
-  :::image type="content" source="media/anti-spam-policy-bulk-senders-insight-bcl-lower.png" alt-text="The bulk senders insight in the Bulk email threshold section of an anti-spam policy showing the messages identified as bulk after you decrease the current BCL level." lightbox="media/anti-spam-policy-bulk-senders-insight-bcl-lower.png":::
+## Bulk senders insight
 
-- If you increase the bulk email threshold value, the bulk senders insight changes to show how many more messages would be delivered and how many fewer messages would be identified as bulk. The insight also shows how many bulk message identifications are likely to be false negatives (bad email delivered).
+The bulk senders insight in the Defender portal allows you to see how much mail was identified as bulk at the current BCL threshold in anti-spam policies, and to simulate identified vs. allowed bulk email based on changes in the BCL threshold.
 
-  :::image type="content" source="media/anti-spam-policy-bulk-senders-insight-bcl-higher.png" alt-text="The bulk senders insight in the Bulk email threshold section of an anti-spam policy showing the messages identified as bulk after you increase the current BCL level." lightbox="media/anti-spam-policy-bulk-senders-insight-bcl-higher.png":::
+The bulk senders insight is available in the following locations in the Defender portal:
 
-Selecting **View bulk senders insight** takes you to the main **Bulk sender insights** page. For more information, see [Bulk senders insight in Exchange Online Protection](anti-spam-bulk-senders-insight.md).
+- In the properties of the default anti-spam policy or custom anti-spam policies.
+- On the **Email & collaboration reports and insights** page at <https://security.microsoft.com/emailandcollabreport>.
+
+For more information, see [Bulk senders insight in Microsoft 365](anti-spam-bulk-senders-insight.md).