Merge branch 'main' into patch-5

Author: EdgarPMIA

ATPDocs/dashboard.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for Identity dashboard
 description: This article describes how to work with the identity threat detection and response (ITDR) dashboard in Microsoft 365 Defender.
-ms.date: 12/27/2023
+ms.date: 07/18/2025
 ms.topic: how-to
 ms.reviewer: LiorShapiraa
 ---
@@ -42,7 +42,7 @@ Select links in the cards to just to more details, such as documentation, relate
 
 |Name  |Description |
 |---------|---------|
-|**Identities overview (Sheild widget)** |Provides a quick overview of the number of users in hybrid, cloud, and on-premises environments (AD and Microsoft Entra ID). This feature includes direct links to the Advanced Hunting platform, offering detailed user information at your fingertips.|
+|**Identities overview (shield widget)** |Provides a quick overview of the number of users in hybrid, cloud, and on-premises environments (AD and Microsoft Entra ID). This feature includes direct links to the Advanced Hunting platform, offering detailed user information at your fingertips.|
 |**Top insights** /<br>**Users identified in a risky lateral movement path** | Indicates any sensitive accounts with risky lateral movement paths, which are windows of opportunity for attackers and can expose risks.  <br><br>We recommend that you take action on any sensitive accounts found with risky lateral movement paths to minimize your risk. <br><br>For more information, see [Understand and investigate Lateral Movement Paths (LMPs) with Microsoft Defender for Identity](understand-lateral-movement-paths.md).|
 |**Top insights** /<br>**Dormant Active Directory users who should be removed from sensitive groups** | Lists accounts that have been left unused for at least 180 days. <br><br>An easy and quiet path deep into your organization is through inactive accounts that are a part of sensitive groups, therefore we recommend removing those users from sensitive groups. <br><br>For more information, see [Security assessment: Riskiest lateral movement paths (LMP)](security-assessment-riskiest-lmp.md).|
 |**ITDR deployment health**     |  Lists any sensor deployment progress, any health alerts, and license availability.     |

defender-office-365/how-policies-and-protections-are-combined.md

@@ -105,6 +105,7 @@ It's important to understand how user allows and blocks, tenant allows and block
 - After the filtering stack determines a verdict, only then are tenant policies and their configured actions evaluated.
 - If the same email address or domain exists in a user's Safe Senders list and Blocked Senders list, the Safe Senders list takes precedence.
 - If the same entity (email address, domain, spoofed sending infrastructure, file, or URL) exists in an allow entry and a block entry in the Tenant Allow/Block List, the block entry takes precedence.
+- For malware and high confidence phishing verdicts, you can't create allow entries directly in the Tenant Allow/Block List. Instead, use the **Submissions** page at <https://security.microsoft.com/reportsubmission> to submit the **[email](submissions-admin.md#report-good-email-to-microsoft)**, **[email attachment](submissions-admin.md#report-good-email-attachments-to-microsoft)** or **[URL](submissions-admin.md#report-good-urls-to-microsoft)** to Microsoft. After you select **I've confirmed it's clean**, you can then select **Allow this message**, **Allow this file** or **Allow this URL** to create an allow entry for the domains and email addresses, files or URLs.
 - If you use a file type in the [Common attachments filter in anti-malware policies](anti-malware-protection-about.md#common-attachments-filter-in-anti-malware-policies), allowing the same file in the Tenant Allow/Block list or Exchange mail flow rules (also known as transport rules) doesn't override the verdict.
 
 ### User allows and blocks

defender-office-365/submissions-outlook-report-messages.md

@@ -74,7 +74,7 @@ In a supported version of Outlook, select one or more messages, select **Report*
 
 Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox:
 
-- **Reported as junk**: The messages are moved to the Junk Email folder.
+- **Reported as junk**: The messages are moved to the Junk Email folder, and the sender is automatically added to the user's Blocked Senders list. 
 - **Reported as phishing**: The messages are deleted.
 
 ### Use the built-in Report button in Outlook to report messages that aren't junk