Adding modules 5 and 6

Author: Maddy-Cloudflare

src/content/docs/learning-paths/secure-o365-email/email-security-configuration/index.mdx

@@ -1,5 +1,5 @@
 ---
-title: Initial Email Security Configuration
+title: Initial Email Security configuration
 pcx_content_type: overview
 sidebar:
   order: 1

src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx

@@ -0,0 +1,8 @@
+---
+title: Enable auto-moves
+pcx_content_type: overview
+sidebar:
+  order: 4
+---
+
+Now that you have configured Email Security, you can start taking action by enabling auto-moves to protect your users from spam and phishing attacks.

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx

@@ -0,0 +1,10 @@
+---
+title: Monitor your inbox
+pcx_content_type: overview
+sidebar:
+  order: 6
+---
+
+Once you have fully deployed Email Security, there is limited tuning and configuration work. 
+
+Monitor detections, submit any potential misses and leverage PhishGuard to ensure a seamless experience. 

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx

@@ -0,0 +1,17 @@
+---
+title: Monitor detections
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+Spam and Malicious emails are blocked outright by Email Security, but suspicious and spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message. 
+
+[PhishGuard](/cloudflare-one/email-security/phish-guard/), Cloudflare's managed email security service can review these messages for you and move them from the end user inbox if they are deemed malicious. 
+
+Messages that receive a Spoof disposition should be investigated as well because it signals that the traffic is either non-compliant with your email authentication process [SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/), or has a mismatching Envelope From and Header From value.  
+
+In most cases, this disposition is triggered by a legitimate third-party mail service. If you determine that the Spoofed email is a legitimate business use case, you can either:
+
+- Update your email authentication records.
+- Add an acceptable sender [allow policy](/cloudflare-one/email-security/detection-settings/allow-policies/) to exempt messages from the Spam, Spoof or Bulk disposition, but not Malicious or Suspicious, so the content of the message can still be monitored. 

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx

@@ -0,0 +1,17 @@
+---
+title: Phish submissions
+pcx_content_type: how-to
+sidebar:
+  order: 3
+---
+
+While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/ Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur. 
+
+There are two different ways to [submit a phish](/cloudflare-one/insights/email-monitoring/phish-submissions/) sample:
+
+- User submission:
+    - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-o365).
+    - User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
+- Admin submission: 
+    - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address. 
+    - Within the Email Security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx

@@ -0,0 +1,20 @@
+---
+title: PhishGuard
+pcx_content_type: how-to
+sidebar:
+  order: 5
+---
+
+[PhishGuard](/cloudflare-one/email-security/phish-guard/) serves as an extension of your Security Operations team with dedicated Email Security technical resources providing real-time monitoring of your email environment. The Active Defense Service provides:
+
+- Customized notification and responses for fraud and insider threats.
+- Reclassification of messages if the disposition is incorrect.
+- PhishGuard monitors and reviews Suspicious email traffic. 
+- Quarantine and auto-move of identified threats.
+- Tailored threat hunting for your email environment.
+- Custom detections.
+
+As a PhishGuard customer, the following service offerings should be enabled: 
+
+- Escalation contacts must be configured in the Email Security dashboard: This allows for email reports to be delivered regarding high risk items identified and responded to by the team.
+- Auto-moves should be enabled and configured for quarantine of identified items: `MALICIOUS` should be prioritized, but configuring Spam for a move to junk/trash or even soft delete may also be highly useful to the client.

src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/report-phish.mdx

@@ -0,0 +1,10 @@
+---
+title: Report phish
+pcx_content_type: how-to
+sidebar:
+  order: 4
+---
+
+Email Security gives you multiple ways to keep tabs on the systems to better understand phishing trends, how your organization is being targeted, who your top targets are and more. 
+
+Refer to the reporting section in Module 4 for additional details. 

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/enable-auto-move.mdx

@@ -5,6 +5,8 @@ sidebar:
   order: 2
 ---
 
-When you set up auto-moves in Section 5,  you can move messages manually or set up automatic moves to send messages matching certain dispositions to specific folders within a user’s mailbox. You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
+When you set up auto-moves in Section 5,  you can move messages manually or set up automatic moves to send messages matching certain dispositions to specific folders within a user’s mailbox. 
+
+You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
 
 Refer to the Office 365 guide in section 5 for detailed information. 

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/submit-a-phish.mdx

@@ -5,6 +5,8 @@ sidebar:
   order: 2
 ---
 
+import { GlossaryTooltip} from "~/components"
+
 PhishNet is an add-in button that helps users to submit directly to Email Security phish samples missed by Email Security detection. 
 
 PhishNet is an add-in button that helps users to submit directly to Email Security <GlossaryTooltip term="phishing">phish</GlossaryTooltip> samples missed by Email Security's detection.