Updating docs based on Todd's suggestion

Author: Maddy-Cloudflare

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/gsuite-email-security-mx.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 4
 ---
 
-import { Render } from "~/components"
+import { Render, GlossaryTooltip } from "~/components"
 
 ![A schematic showing where Email Security is in the life cycle of an email received](src/assets/email-security/Email_Security_Gmail_MX_Inline.png)
 
@@ -66,9 +66,15 @@ If desired, you can create a separate quarantine for each of the dispositions.
 
 <Render file="email-security/deployment/set-up-mx-inline-step"/>
 
-## 5. Secure your email flow
+## 5. (Recommended) Secure your email flow
 
-After 36 hours, the MX record DNS update will have sufficiently propagated across the Internet. It is now safe to secure your email flow. This will ensure that Google only accepts messages that are first received by Email Security. This step is highly recommended to prevent threat actors from using cached MX entries to bypass Email Security by injecting messages directly into Gmail.
+One method of DNS attacks is to search for old MX records and send <GlossaryTooltip term="phishing">phishing</GlossaryTooltip> emails directly to the mail server. To secure the email flow, you will want to enforce an email flow where inbound messages are accepted by Google Workspace only when they originate from Email Security. This can be done by adding a connector to only allow email from Email Security with TLS encryption. This step is optional but recommended.
+
+:::caution[Important]
+This step should not be performed until 72 hours after all domains in your Google Workspace have been onboarded to Email Security, and Email Security is their MX record. If a domain has not been onboarded or DNS is still propagating, you will impact production email flow for that domain.
+:::
+
+After 72 hours, the MX record DNS update will have sufficiently propagated across the Internet. It is now safe to secure your email flow. This will ensure that Google only accepts messages that are first received by Email Security. This step is highly recommended to prevent threat actors from using cached MX entries to bypass Email Security by injecting messages directly into Gmail.
 
 1. Access the [Google Administrative Console](https://admin.google.com/), then select **Apps** > **Google Workspace** > **Gmail**.
 

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/index.mdx

@@ -107,12 +107,12 @@ To create the transport rules that will send emails with certain [dispositions](
 
 <Render file="email-security/deployment/set-up-mx-inline-step"/>
 
-## 6. Secure Microsoft 365 from MX records bypass (recommended)
+## 6. (Recommended) Secure Microsoft 365 from MX records bypass
 
 One method of DNS attacks is to search for old MX records and send <GlossaryTooltip term="phishing">phishing</GlossaryTooltip> emails directly to the mail server. To secure the email flow, you will want to enforce an email flow where inbound messages are accepted by Microsoft 365 only when they originate from Email Security. This can be done by adding a connector to only allow email from Email Security with TLS encryption. This step is optional but recommended.
 
 :::caution[Important]
-This step should not be performed until 24 hours after all domains (excluding your `<on_microsoft.com>` domain) in your Microsoft 365 organization have been onboarded to Email Security, and Email Security is their MX record. If a domain has not been onboarded or DNS is still propagating, you will impact production email flow for that domain.
+This step should not be performed until 72 hours after all domains in your Microsoft 365 organization have been onboarded to Email Security, and Email Security is their MX record. If a domain has not been onboarded or DNS is still propagating, you will impact production email flow for that domain.
 :::
 
 #### Create Connector