Merge pull request #354 from mariammorgan/patch-3

chrisda · web-flow · commit a80946487531 · 2025-09-12T08:31:24.000-07:00
Update how-policies-and-protections-are-combined.md
diff --git a/defender-office-365/how-policies-and-protections-are-combined.md b/defender-office-365/how-policies-and-protections-are-combined.md
@@ -17,7 +17,7 @@ ms.custom:
 description: Admins can learn how the order of protection settings and the priority order of threat policies affect the application of protection in Microsoft 365.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 07/08/2025
+ms.date: 09/12/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -153,10 +153,10 @@ Organization allows and blocks are able to override some filtering stack verdict
   |---|---|---|
   |Malware|**Filter wins**: Email quarantined|**Filter wins**: Email quarantined|
   |High confidence phishing|**Filter wins**: Email quarantined except in complex routing|**Filter wins**: Email quarantined|
-  |Phishing|**Organization wins**: Email delivered to mailbox|**Organization wins**: Phishing action in the applicable anti-spam policy|
-  |High confidence spam|**Organization wins**: Email delivered to mailbox|**Organization wins**: Email delivered to user's Junk Email folder|
-  |Spam|**Organization wins**: Email delivered to mailbox|**Organization wins**: Email delivered to user's Junk Email folder|
-  |Bulk|**Organization wins**: Email delivered to mailbox|**Organization wins**: Email delivered to user's Junk Email folder|
+  |Phishing|**Organization wins**: Email delivered to mailbox|**Filter wins**: Phishing action in the applicable anti-spam policy|
+  |High confidence spam|**Organization wins**: Email delivered to mailbox|**Filter wins**: Email delivered to user's Junk Email folder|
+  |Spam|**Organization wins**: Email delivered to mailbox|**Filter wins**: Email delivered to user's Junk Email folder|
+  |Bulk|**Organization wins**: Email delivered to mailbox|**Filter wins**: Email delivered to user's Junk Email folder|
   |Not spam|**Organization wins**: Email delivered to mailbox|**Organization wins**: Email delivered to user's Junk Email folder|
 
   <sup>\*</sup> Organizations that use a non-Microsoft security service or device in front of Microsoft 365 should consider using [Authenticated Received Chain (ARC)](email-authentication-arc-configure.md) (contact the service for availability) and [Enhanced Filtering for Connectors (also known as skip listing)](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) instead of an SCL=-1 mail flow rule. These improved methods reduce email authentication issues and encourage [defense-in-depth](step-by-step-guides/defense-in-depth-guide.md) email security.
