Merge branch 'main' into v-smandalika-9664381-B3

Author: Ruchika-mittal01

defender-office-365/message-headers-eop-mdo.md

@@ -33,7 +33,7 @@ In all Microsoft 365 organizations, Exchange Online Protection (EOP) scans all i
 
 - **X-Forefront-Antispam-Report**: Contains information about the message and about how it was processed.
 - **X-Microsoft-Antispam**: Contains additional information about bulk mail and phishing.
-- **Authentication-results**: Contains information about SPF, DKIM, and DMARC (email authentication) results.
+- **Authentication-results**: Contains information about email authentication results including Sender Policy Framework (SPF), Domainkeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC). 
 
 This article describes what's available in these header fields.
 
@@ -55,7 +55,7 @@ The individual fields and values are described in the following table.
 
 |Field|Description|
 |---|---|
-|`ARC`|The `ARC` protocol has the following fields: <ul><li>`AAR`: Records the content of the **Authentication-results** header from DMARC.</li><li>`AMS`: Includes cryptographic signatures of the message.</li><li>`AS`: Includes cryptographic signatures of the message headers. This field contains a tag of a chain validation called `"cv="`, which includes the outcome of the chain validation as **none**, **pass**, or **fail**.</li></ul>|
+|`ARC`|The `Authenticated Received Chain (ARC)` protocol has the following fields: <ul><li>`AAR`: Records the content of the **Authentication-results** header from DMARC.</li><li>`AMS`: Includes cryptographic signatures of the message.</li><li>`AS`: Includes cryptographic signatures of the message headers. This field contains a tag of a chain validation called `"cv="`, which includes the outcome of the chain validation as **none**, **pass**, or **fail**.</li></ul>|
 |`CAT:`|The category of protection policy that's applied to the message: <ul><li>`AMP`: Anti-malware</li><li>`BIMP`: Brand impersonation<sup>\*</sup></li><li>`BULK`: Bulk</li><li>`DIMP`: Domain impersonation<sup>\*</sup></li><li>`FTBP`: Anti-malware [common attachments filter](anti-malware-protection-about.md#common-attachments-filter-in-anti-malware-policies)</li><li>`GIMP`: [Mailbox intelligence](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365) impersonation<sup>\*</sup></li><li>`HPHSH` or `HPHISH`: High confidence phishing</li><li>`HSPM`: High confidence spam</li><li>`INTOS`: Intra-Organization phishing</li><li>`MALW`: Malware</li><li>`OSPM`: Outbound spam</li><li>`PHSH`: Phishing</li><li>`SAP`: Safe Attachments<sup>\*</sup></li><li>`SPM`: Spam</li><li>`SPOOF`: Spoofing</li><li>`UIMP`: User impersonation<sup>\*</sup></li></ul> <br/> <sup>\*</sup>Defender for Office 365 only. <br/><br/> An inbound message might be flagged by multiple forms of protection and multiple detection scans. Policies are applied in an order of precedence, and the policy with the highest priority is applied first. For more information, see [What policy applies when multiple protection methods and detection scans run on your email](how-policies-and-protections-are-combined.md).|
 |`CIP:[IP address]`|The connecting IP address. You can use this IP address in the IP Allow List or the IP Block List. For more information, see [Configure connection filtering](connection-filter-policies-configure.md).|
 |`CTRY`|The source country/region as determined by the connecting IP address, which might not be the same as the originating sending IP address.|