Merge pull request #4944 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit c9119428f9a4 · 2025-09-05T17:31:14.000Z
[AutoPublish] main to live - 09/05 10:29 PDT | 09/05 22:59 IST
diff --git a/defender-endpoint/android-whatsnew.md b/defender-endpoint/android-whatsnew.md
@@ -80,7 +80,7 @@ April 2025
 **Setup a secure environment to test prerelease builds of Defender for Endpoint on Android**. Learn the steps on how to set up your environment for prerelease testing of Defender for Endpoint on Android. These steps are for Android devices that are onboarded to Microsoft Defender for Endpoint through the following methods:
 
 - Android Enterprise scenarios
-- Mobile Application Mangement (MAM) enrollment scenarios
+- Mobile Application Management (MAM) enrollment scenarios
 
 For more information, see [Deploy Defender for Endpoint prerelease builds on Android devices using Google Play preproduction tracks](mobile-pretest-android.md).
 
diff --git a/defender-office-365/connection-filter-policies-configure.md b/defender-office-365/connection-filter-policies-configure.md
@@ -18,7 +18,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn how to configure connection filtering in Microsoft 365 to allow or block emails from email servers.
 ms.service: defender-office-365
-ms.date: 07/03/2025
+ms.date: 09/05/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -193,6 +193,9 @@ For example, the source email server 192.168.1.25 sends email from the domains c
 
 ### Scenarios where messages from sources in the IP Allow List are still filtered
 
+> [!NOTE]  
+> These scenarios apply to all environments: standalone, hybrid, multi-geo, and cross-forest. Filtering behavior is based on security checks (for example, malware detection, phishing protection, or mail flow rules, not on the deployment model.
+
 Messages from an email server in your IP Allow List are still subject to spam filtering in the following scenarios:
 
 - An IP address in your IP Allow List is also configured in an on-premises, IP-based inbound connector in _any_ Microsoft 365 organization, **and** that Microsoft 365 organization and the first Microsoft 365 server that encounters the message both happen to be in _the same_ forest in the Microsoft datacenters. In this scenario, **IPV:CAL** _is_ added to the message's [anti-spam message headers](message-headers-eop-mdo.md) (indicating the message bypassed spam filtering), but the message is still subject to spam filtering.
