Update tenant-allow-block-list-files-configure.md

chrisda · web-flow · commit cb8ab594b3f5 · 2024-07-15T17:46:25.000-07:00
diff --git a/defender-office-365/tenant-allow-block-list-files-configure.md b/defender-office-365/tenant-allow-block-list-files-configure.md
@@ -82,7 +82,7 @@ Instead, you use the **Email attachments** tab on the **Submissions** page at <h
 >
 > When the entity in the allow entry is encountered again (during mail flow or at time of click), all filters associated with that entity are overridden.
 >
-> By default, allow entries for domains and email addresses, files, and URLs exist for 45 days after last used date. Whenever the entity is encountered during mailflow or time of click and the entity has not been learned to be clean by the filtering, the allow entry will kick in and in the real time the last used date will be updated. So the 45 day after last used date will keep the allow entry for 45 days after the filtering system has learned the entity to be clean and you will have full visibility into it. 
+> By default, allow entries for domains and email addresses, files, and URLs exist for 45 days after last used date. Whenever the entity that isn't determined to be clean by the filtering system is encountered during mail flow or time of click, the allow entry activates and updates the last used date. The allow entry is kept for 45 days after the filtering system determines that the entity is clean. By default, allow entries for spoofed senders never expire. 
 >
 > During mail flow, if messages containing the allowed entity pass other checks in the filtering stack, the messages are delivered. For example, if a message passes [email authentication checks](email-authentication-about.md), the message is delivered if it also contains an allowed file.
 >

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ Instead, you use the Email attachments tab on the Submissions page at <h`
`82`	`82`	`>`
`83`	`83`	`> When the entity in the allow entry is encountered again (during mail flow or at time of click), all filters associated with that entity are overridden.`
`84`	`84`	`>`
`85`		-> By default, allow entries for domains and email addresses, files, and URLs exist for 45 days after last used date. Whenever the entity is encountered during mailflow or time of click and the entity has not been learned to be clean by the filtering, the allow entry will kick in and in the real time the last used date will be updated. So the 45 day after last used date will keep the allow entry for 45 days after the filtering system has learned the entity to be clean and you will have full visibility into it.
	`85`	`+> By default, allow entries for domains and email addresses, files, and URLs exist for 45 days after last used date. Whenever the entity that isn't determined to be clean by the filtering system is encountered during mail flow or time of click, the allow entry activates and updates the last used date. The allow entry is kept for 45 days after the filtering system determines that the entity is clean. By default, allow entries for spoofed senders never expire.`
`86`	`86`	`>`
`87`	`87`	`> During mail flow, if messages containing the allowed entity pass other checks in the filtering stack, the messages are delivered. For example, if a message passes [email authentication checks](email-authentication-about.md), the message is delivered if it also contains an allowed file.`
`88`	`88`	`>`