Reorder pages, change content type, adding set up api page, add subheading, add links for seo

Author: Maddy-Cloudflare

src/content/docs/learning-paths/secure-o365-email/configure-email-security/audit-logs.mdx

@@ -2,7 +2,7 @@
 title: Enable audit logs
 pcx_content_type: how-to
 sidebar:
-  order: 4
+  order: 6
 ---
 
 With Email Security, you can enable logs to review actions performed on your account.

src/content/docs/learning-paths/secure-o365-email/configure-email-security/create-allow-policies.mdx

@@ -2,7 +2,7 @@
 title: Create allow policies
 pcx_content_type: how-to
 sidebar:
-  order: 4
+  order: 3
 ---
 
 Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning. 

src/content/docs/learning-paths/secure-o365-email/configure-email-security/index.mdx

@@ -5,4 +5,6 @@ sidebar:
   order: 3
 ---
 
-With Email Security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email Security. 
+With Email Security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email Security. 
+
+In this module, you will configure your email environment.

src/content/docs/learning-paths/secure-o365-email/configure-email-security/report-phish.mdx

@@ -2,7 +2,7 @@
 title: Report phish
 pcx_content_type: how-to
 sidebar:
-  order: 4
+  order: 5
 ---
 
 Before deploying Email Security to production, you will have to consider reporting any phishing attacks, evaluating which disposition to assign a specific message, and using different screen criteria to search through your inbox.

src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx

@@ -2,7 +2,7 @@
 title: Set additional detections
 pcx_content_type: how-to
 sidebar:
-  order: 5
+  order: 4
 ---
 
 Email Security allows you to configure the following additional detections:

src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/configure-auto-moves.mdx

@@ -1,6 +1,6 @@
 ---
 title: Configure auto-moves
-pcx_content_type: overview
+pcx_content_type: how-to
 sidebar:
   order: 3
 ---

src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx

@@ -5,6 +5,14 @@ sidebar:
   order: 4
 ---
 
+Now that you have set up your email environment, you can enable auto-move events.
+
+:::caution
+Ensure you have completed the previous modules before enabling auto-moves.
+:::
+
+Auto-move events are events where emails are automatically moved to different inboxes based on the disposition Email Security assigned to them.
+
 When you set up auto-moves, you can move messages manually or set up automatic moves to send messages matching certain [dispositions](/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions/) to specific folders within a user's mailbox. 
 
 You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.

src/content/docs/learning-paths/secure-o365-email/get-started/setup-ms-graph-api.mdx

@@ -0,0 +1,19 @@
+---
+title: Set up Microsoft Graph API
+pcx_content_type: overview
+sidebar:
+  order: 6
+---
+
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+2. Select **Email Security**.
+3. Select **Monitoring**.
+4. Enable **Microsoft Integration**:
+    1. **Name integration**: Add your integration name, then select **Continue**.
+    2. **Authorize integration**:
+        - Select **Authorize**. Selecting **Authorize** will take you to the Microsoft Sign in page where you will have to enter your email address.
+        - Once you enter your email address, select **Next**.
+        - After selecting **Next**, the system will show a dialog box with a list of requested permissions. Select **Accept** to authorize Email Security. Upon authorization, you will be redirected to a page where you can review details and enroll integration.
+    3. **Review details**: Review your integration details, then:
+        - Select **Complete Email Security set up** where you will be able to connect your domains and configure auto-moves.
+        - Select **Continue to Email Security**.

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx

@@ -30,4 +30,6 @@ There are three ways for searching emails:
 
 Additional information on search can be found on the [Screen criteria](/email-security/reporting/search/) documentation.
 
+### Export messages
+
 With Email Security, you can export messages to a CSV file. Via the dashboard, you can export up to 1,000 rows. If you want to export all messages, you can use the [API](https://developers.cloudflare.com/api/operations/email_security_get_message). 

src/content/partials/learning-paths/zero-trust/email-dispositions.mdx

@@ -7,6 +7,6 @@
 |-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|---|
 | MALICIOUS   |                                 Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.                                |                                    Block                                   |   |
 | SUSPICIOUS  |                                             Traffic associated with phishing campaigns (and is under further analysis by our automated systems).                                             |         Research these messages internally to evaluate legitimacy.         |   |
-| SPOOF       | Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or have mismatching Envelope From and Header From values. | Block after investigating (can be triggered by third-party mail services). |   |
+| SPOOF       | Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies ([SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/)) or have mismatching Envelope From and Header From values. | Block after investigating (can be triggered by third-party mail services). |   |
 | SPAM        |                                                                 Traffic associated with non-malicious, commercial campaigns.                                                                 |                  Route to existing Spam quarantine folder.                 |   |
-| BULK        |       Traffic associated with Graymail, that falls in between the definitions of SPAM and SUSPICIOUS. For example, a marketing email that intentionally obscures its unsubscribe link.       |                               Monitor or tag                               |   |
+| BULK        |       Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail), that falls in between the definitions of SPAM and SUSPICIOUS. For example, a marketing email that intentionally obscures its unsubscribe link.       |                               Monitor or tag                               |   |