Merge pull request #767 from MicrosoftDocs/GA-chrisda

GA updates

Author: chrisda

defender-office-365/anti-malware-protection-for-spo-odfb-teams-about.md

@@ -58,10 +58,13 @@ For instructions, see [Use SharePoint Online PowerShell to prevent users from do
 
 ## Can admins bypass *DisallowInfectedFileDownload* and extract infected files?
 
-SharePoint admins and global admins are allowed to do forensic file extractions of malware-infected files in SharePoint Online PowerShell with the [Get-SPOMalwareFileContent](/powershell/module/sharepoint-online/get-spomalwarefilecontent) cmdlet. Admins don't need access to the site that hosts the infected content. As long as the file is marked as malware, admins can use **Get-SPOMalwareFileContent** to extract the file.
+SharePoint admins and global admins<sup>\*</sup> are allowed to do forensic file extractions of malware-infected files in SharePoint Online PowerShell with the [Get-SPOMalwareFileContent](/powershell/module/sharepoint-online/get-spomalwarefilecontent) cmdlet. Admins don't need access to the site that hosts the infected content. As long as the file is marked as malware, admins can use **Get-SPOMalwareFileContent** to extract the file.
 
 For more information about the infected file, admins can use the **[Get-SPOMalwareFile](/powershell/module/sharepoint-online/get-spomalwarefile)** cmdlet to see the type of malware that was detected and the status of the infection.
 
+> [!IMPORTANT]
+> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ## What happens when the OneDrive sync client tries to sync an infected file?
 
 When a malicious file is uploaded to OneDrive, the file is synced to the local machine before being marked as malware. After the file is marked as malware, the user can't open the synced file from their local machine.

defender-office-365/mdo-usage-card-about.md

@@ -55,7 +55,7 @@ For members of **Billing Administrator** and **Global Administrator**<sup>\*</su
 These items aren't available for member of **Global Reader**, **Security Administrator**, **Security Operator**, or **Security Reader** roles.
 
 > [!IMPORTANT]
-> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## Understand usage details
 
@@ -80,7 +80,7 @@ The details flyout that opens contains the following information from the last 2
 **See licensing details** is available for members of the **Security Operator** and  **Global Administrators**<sup>\*</sup> roles in [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal).
 
 > [!IMPORTANT]
-> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## Frequently asked questions
 

defender-office-365/siem-integration-with-office-365-ti.md

@@ -60,7 +60,7 @@ The following table summarizes the values of **AuditLogRecordType** that are rel
 > [!IMPORTANT]
 > You must have either the Global Administrator<sup>\*</sup> or Security Administrator role assigned to set up SIEM integration with Microsoft Defender for Office 365. For more information, see [Permissions in the Microsoft Defender portal](mdo-portal-permissions.md).
 >
-> <sup>\*</sup>Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> <sup>\*</sup>Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 >
 > Audit logging must be turned on for your Microsoft 365 environment (it's on by default). To verify that audit logging is turned on or to turn it on, see [Turn auditing on or off](/purview/audit-log-enable-disable).
 

defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md

@@ -33,9 +33,12 @@ Depending on whether you're licensed for Defender for Office 365, you also get a
 ## What you need
 
 - Exchange Online Protection (some features require Defender for Office 365 Plan 2).
-- Sufficient permissions (Global admin for add-in deployment, security admin for customization).
+- Sufficient permissions (Global Administrator<sup>\*</sup> for add-in deployment, Security Administrator for customization).
 - 5-10 minutes to perform the steps in this article.
 
+> [!IMPORTANT]
+> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ## Deploy the add-in for users
 
 1. **Login** to the Microsoft 365 admin center at <https://admin.microsoft.com>.

defender-office-365/step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md

@@ -30,9 +30,12 @@ This guide is designed to help you configure DMARC for domains not covered by th
 ## What you need
 
 - Microsoft 365 admin center and access to your DNS provider hosting your domains.
-- Sufficient permissions as Global Admin to make the appropriate changes in the Microsoft 365 admin center.
+- Sufficient permissions as a Global Administrator<sup>\*</sup> to make the appropriate changes in the Microsoft 365 admin center.
 - 10 minutes to complete the steps in this article.
 
+> [!IMPORTANT]
+> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ## Activate DMARC for MOERA Domain
 
 1. Open the Microsoft 365 admin center at <https://admin.microsoft.com>.