Merge pull request #5208 from MicrosoftDocs/main

[AutoPublish] main to live - 10/06 10:29 PDT | 10/06 22:59 IST

Author: m365-skilling-repo-management[bot]

defender-office-365/air-about.md

@@ -45,7 +45,7 @@ AIR in Defender for Office 365 Plan 2 requires that [audit logging is turned on]
 
 An alert is triggered, and a security playbook starts an automated investigation, which results in findings and recommended actions. Here's the overall flow of AIR, step by step:
 
-1. An automated investigation is started initiated in one of the following ways:
+1. An automated investigation is initiated in one of the following ways:
    - Specific alerts that are designed to initiate AIR. These alerts include:
      - Something suspicious is identified in email (for example, the message itself, an attachment, a URL, or a compromised user account).
      - [Zero-hour auto purge (ZAP)](zero-hour-auto-purge.md).

defender-office-365/create-block-sender-lists-in-office-365.md

@@ -15,7 +15,7 @@ search.appverid:
   - MET150s
 description: Admins can learn about the available and preferred options to block inbound messages to Microsoft 365.
 ms.service: defender-office-365
-ms.date: 07/03/2025
+ms.date: 10/06/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -87,3 +87,6 @@ Regardless of the conditions or exceptions that you use to identify the messages
 When it's not possible to use one of the other options to block a sender, _only then_ should you use the IP Block List in the default connection filter policy. For more information, see [Configure connection filtering](connection-filter-policies-configure.md). It's important to keep the number of blocked IPs to a minimum, so we don't recommend blocking entire IP address ranges.
 
 You should _especially_ avoid adding IP address ranges that belong to consumer services (for example, outlook.com) or shared infrastructures. You also need to review the list of blocked IP addresses as part of regular maintenance.
+
+> [!TIP]
+> The IP Block List accepts Classless Inter-Domain Routing (CIDR) IP address ranges from /24 through /32.

defender-office-365/media/m365-cc-sc-expand-table-icon.png

@@ -19,7 +19,7 @@ ms.collection:
   - tier1
 description: What are best practices for email and collaboration security settings in Microsoft 365? What are the current recommendations for standard protection? What should you use to be more strict? And what extras do you get if you also use Microsoft Defender for Office 365?
 ms.service: defender-office-365
-ms.date: 08/09/2025
+ms.date: 10/06/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -51,6 +51,9 @@ This article describes the default threat policy settings, and also the recommen
 > - [Create sender allowlists](create-safe-sender-lists-in-office-365.md)
 > - [Create sender blocklists](create-block-sender-lists-in-office-365.md)
 
+> [!TIP]
+> To see all information in the following tables in this article, use the :::image type="icon" source="media/m365-cc-sc-expand-table-icon.png" border="false"::: **Expand table** control at the top of each table.
+
 <a name='eop-anti-malware-policy-settings'></a>
 
 ## Default email protections for cloud mailboxes