From 74548ef08824e63da5cfb63450425dd70df2e909 Mon Sep 17 00:00:00 2001
From: Ben Jenkins <140325164+Yebbenbe@users.noreply.github.com>
Date: Thu, 20 Mar 2025 09:28:56 -0300
Subject: [PATCH 1/2] Update remediate-malicious-email-delivered-office-365.md

minor change to line 34 for clarity/sentence structure
---
 .../remediate-malicious-email-delivered-office-365.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/defender-office-365/remediate-malicious-email-delivered-office-365.md b/defender-office-365/remediate-malicious-email-delivered-office-365.md
index 1f2579f0a1..bcca5791e7 100644
--- a/defender-office-365/remediate-malicious-email-delivered-office-365.md
+++ b/defender-office-365/remediate-malicious-email-delivered-office-365.md
@@ -31,7 +31,7 @@ Remediation means to take a prescribed action against a threat. Malicious email
   - **Organization limits**: The maximum number of active, concurrent email remediations is 50. Once the limit is reached, no new remediations are triggered until some actions are completed.
   - **Email message limits**: If an active remediation involves more than one million email messages, no new email remediations are allowed.
   - **Recipient requirements in remediations**:
-    - The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. For instance, if an email is sent to five recipients, Explorer (Threat Explorer) counts it as five email messages. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients.
+    - The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients. Note that Explorer (Threat Explorer) counts each recipient of a message as a unique email (a message sent to 5 addresses counts as 5 messages).
     - If the recipient count is less than 40% of the total email message count, the remediation can't be used to delete more than 1,000 messages that were sent to a single recipient.
 
 - You need to be assigned permissions before you can do the procedures in this article. Admins can take the required action on email messages, but the **Search and Purge** role is required to get those actions approved. To assign the **Search and Purge** role, you have the following options:

From 756386976a802bb79850f415f16601b6b9dfb942 Mon Sep 17 00:00:00 2001
From: Chris Davis <chris.davis@microsoft.com>
Date: Thu, 20 Mar 2025 13:07:38 -0700
Subject: [PATCH 2/2] Update date and clarify recipient count example

---
 .../remediate-malicious-email-delivered-office-365.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defender-office-365/remediate-malicious-email-delivered-office-365.md b/defender-office-365/remediate-malicious-email-delivered-office-365.md
index bcca5791e7..5636a2b9ff 100644
--- a/defender-office-365/remediate-malicious-email-delivered-office-365.md
+++ b/defender-office-365/remediate-malicious-email-delivered-office-365.md
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
 search.appverid: MET150
 description: Threat remediation
 ms.service: defender-office-365
-ms.date: 01/13/2025
+ms.date: 03/20/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -31,7 +31,7 @@ Remediation means to take a prescribed action against a threat. Malicious email
   - **Organization limits**: The maximum number of active, concurrent email remediations is 50. Once the limit is reached, no new remediations are triggered until some actions are completed.
   - **Email message limits**: If an active remediation involves more than one million email messages, no new email remediations are allowed.
   - **Recipient requirements in remediations**:
-    - The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients. Note that Explorer (Threat Explorer) counts each recipient of a message as a unique email (a message sent to 5 addresses counts as 5 messages).
+    - The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients. Explorer (Threat Explorer) counts each recipient as a unique email message. For example, Threat Exporer counts a message sent to 5 addresses as 5 messages.
     - If the recipient count is less than 40% of the total email message count, the remediation can't be used to delete more than 1,000 messages that were sent to a single recipient.
 
 - You need to be assigned permissions before you can do the procedures in this article. Admins can take the required action on email messages, but the **Search and Purge** role is required to get those actions approved. To assign the **Search and Purge** role, you have the following options: