Merge pull request #5368 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit dedba77f1911 · 2025-10-24T17:32:21.000Z
[AutoPublish] main to live - 10/24 10:30 PDT | 10/24 23:00 IST
diff --git a/defender-office-365/outbound-spam-protection-about.md b/defender-office-365/outbound-spam-protection-about.md
@@ -40,6 +40,9 @@ This article describes the controls and notifications that are designed to help
 
 ## What admins can do to control outbound spam
 
+> [!NOTE]
+> If messages are blocked or marked as spam, admins can review the issue in the **Exchange admin center (EAC)** using **Message trace** or delivery reports. For investigation and resolution guidance, see [Troubleshoot outbound email issues in Exchange Online](/troubleshoot/exchange/email-delivery/ndr/non-delivery-reports-in-exchange-online)
+
 - **Use built-in notifications**: When a user exceeds [sending limits of the service](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#sending-limits-across-office-365-options) or [outbound spam policies](outbound-spam-policies-configure.md) and is restricted from sending email, the default alert policy named **User restricted from sending email** sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members). To configure who else receives these notifications, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users). Also, the default alert policies named **Email sending limit exceeded** and **Suspicious email sending patterns detected** send email notifications to members of the **TenantAdmins** group (**Global Administrator** members). For more information about alert policies, see [Alert policies in the Microsoft Defender portal](alert-policies-defender-portal.md).
 
 - **Review spam complaints from non-Microsoft email providers**: Many email services like Outlook.com, Yahoo, and AOL provide a feedback loop where we review our messages that are identified as spam by their users. To learn more about sender support for Outlook.com, go to the [Microsoft Sender Support and Blocklist Removal Tool](https://sendersupport.olc.protection.outlook.com/pm/services.aspx).
diff --git a/defender-office-365/safe-links-about.md b/defender-office-365/safe-links-about.md
@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 f1_keywords:
   - '197503'
-ms.date: 09/16/2025
+ms.date: 10/24/2025
 ms.localizationpriority: medium
 ms.collection:
   - Strat_O365_IP
@@ -79,7 +79,7 @@ The following table describes scenarios for Safe Links in Microsoft 365 and Offi
 |Chris's Microsoft 365 E5 organization has no Safe Links policies configured. Chris receives an email from an external sender that contains a URL to a malicious website that he ultimately clicks.|Chris is protected by Safe Links. <br><br> The **Built-in protection** preset security policy provides Safe Links protection to all recipients (users who aren't defined in the Standard or Strict preset security policies or in custom Safe Links policies). For more information, see [Preset security policies](preset-security-policies.md).|
 |In Pat's organization, admins have created a Safe Links policy that applies Pat, but Safe Links protection for Office apps is turned off. Pat opens a Word document and clicks a URL in the file.|Pat isn't protected by Safe Links. <br><br> Although Pat is included in an active Safe Links policy, Safe Links protection for Office apps is turned off in that policy, so the protection can't be applied.|
 |Jamie and Julia both work for contoso.com. A long time ago, admins configured Safe Links policies that apply to both of Jamie and Julia. Jamie sends an email to Julia, not knowing that the email contains a malicious URL.|Julia is protected by Safe Links **if** the Safe Links policy that applies to her is configured to apply to messages between internal recipients. For more information, see the [Safe Links settings for email messages](#safe-links-settings-for-email-messages) section later in this article.|
-|Jim's IT department configured SafeLinks to not rewrite URLs, and to check via API only. Jim receives an email about an urgent crypto opportunity within BroMail - an 'aternative' email client that doesn't use 'woke' APIs, and clicks the link. The link was legitimate on delivery, but was later weaponized.|Jim is phished. BroMail doesn't support the SafeLinks API. Because the link wasn't malicious on delivery, SafeLinks didn't detect it.|
+|Jim's IT department configured SafeLinks to not rewrite URLs, and to check via API only. Jim clicks a link in an alternative email client that doesn't support the SafeLinks API. The link was legitimate on delivery, but was later weaponized.|Jim is phished. Because the link wasn't malicious on delivery, SafeLinks didn't detect it.|
 
 ## Recipient filters in Safe Links policies
 
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -83,6 +83,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
 |**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
 |**Data Investigator**|Perform searches on mailboxes, SharePoint sites, and OneDrive locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
+|**Data Security AI Admins**|Use this group to assign editing capabilities for Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. Review the role description for access details.|Data Security AI Admin|
 |**Data Security AI Content Viewers**|Use this group to assign read-only permissions to users in Data Security Posture Management for AI to view prompts and responses of interactions in AI apps.|Data Security AI Content Viewer|
 |**Data Security AI Viewers**|Use this group to assign read-only permissions to users for Data Security Posture Management for AI.|Data Security AI Viewer|
 |**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
@@ -178,6 +179,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Data Security Investigations Admin**|Used to create and manage investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Administrators|
 |<sup>\*</sup>**Data Security Investigations Investigator**|Used to create and manage assigned investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Investigators|
 |<sup>\*</sup>**Data Security Investigations Reviewer**|Used to review assigned investigations in Data Security Investigations.|Data Security Investigations Reviewers|
+|**Data Security AI Admin**|Role for editing Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Admins|
 |**Data Security AI Content Viewer**|Role for read-only access to prompts and responses of AI interactions in Data Security Posture Management for AI.|Data Security AI Content Viewers|
 |**Data Security AI Viewer**|Role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Viewers|
 |**Data Security Viewer**|View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.|Data Security Management|
diff --git a/defender-office-365/submissions-admin-review-user-reported-messages.md b/defender-office-365/submissions-admin-review-user-reported-messages.md
@@ -57,9 +57,7 @@ Admins can mark messages and notify users of review results only if the user [re
     > [!IMPORTANT]
     > <sup>\*</sup> Microsoft strongly advocates for the principle of least privilege. Assigning accounts only the minimum permissions necessary to perform their tasks helps reduce security risks and strengthens your organization's overall protection. Global Administrator is a highly privileged role that you should limit to emergency scenarios or when you can't use a different role.
 
-- You need access to Exchange Online PowerShell. If your account doesn't have access to Exchange Online PowerShell, you get the following error: _Specify an email address in your domain_. For more information about enabling or disabling access to Exchange Online PowerShell, see the following articles:
-  - [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell)
-  - [Client Access Rules in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) ([until October 2023](https://techcommunity.microsoft.com/blog/exchange/deprecation-of-client-access-rules-in-exchange-online/3638563))
+- You need access to Exchange Online PowerShell. If your account doesn't have access to Exchange Online PowerShell, you get the following error: _Specify an email address in your domain_. For more information about enabling or disabling access to Exchange Online PowerShell, see [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell).
 
 ## Notify users from within the portal
 
diff --git a/defender-xdr/compare-rbac-roles.md b/defender-xdr/compare-rbac-roles.md
