[Email Security (formerly Area 1)] Restructure Gmail BCC setup and retraction

Author: Maddy-Cloudflare

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/add-domain.mdx

@@ -0,0 +1,21 @@
+---
+title: Find BCC address and add domain
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+import { Render } from "~/components"
+
+:::caution[Area 1 has been renamed]
+<Render file="rename-area1-to-ces" />
+:::
+
+To set up Email Security (formerly Area 1) phishing risk assessment for Gmail:
+
+1. Log in to the [Email Security (formerly Area 1) dashboard](https://horizon.area1security.com/).
+2. Select the question mark, where you will be able to find your BCC address.
+3. Once you found your address, select **Settings** (the gear icon), then select **New Domain**.
+4. Fill in the information needed to add your domain, then select **Publish Domain**.
+
+

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/add-retraction.mdx

@@ -0,0 +1,17 @@
+---
+title: Add retraction
+pcx_content_type: how-to
+sidebar:
+  order: 5
+---
+
+import { Render } from "~/components"
+
+1. On the [Email Security (formerly Area 1) dashboard](https://horizon.area1security.com/), select **Domains** under **DOMAINS & ROUTING**, then select **NEW DOMAIN**. Fill in the information to add a new domain:
+    - On **FORWARDING TO**: Enter **Google.com**.
+    - Adjust **Hops** to 2.
+    - On **Outbound TLS**: Ensure you select **Forward all messages over TLS**.
+2. Select **Publish Domain**.
+3. Select **RETRACT SETTINGS** > **Authorize Gmail**.
+4. Upload the JSON file [previously generated](/email-security/deployment/api/setup/gsuite-bcc-setup/create-service-account/).
+5. Under **DOMAINS**, select the domain you added previously, then select **SAVE**.

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/bcc-rules-to-area1.mdx

@@ -0,0 +1,28 @@
+---
+title: Add BCC rules to Area 1
+pcx_content_type: how-to
+sidebar:
+  order: 3
+---
+
+import { Render } from "~/components"
+
+1. In the [Google Admin console](https://admin.google.com/), go to **Menu** > **Apps** > **Google Workspace** > **Gmail** > **Compliance**.
+2. Go to **Content Compliance** > Select **Edit**.
+3. Add a **Content Compliance** filter, and name it `Email Security (Area 1) - BCC`.
+4. In **Email messages to affect**, select **Inbound**.
+5. Select the recipients you want to send emails to Area 1 via BCC:
+    1. Select **Add** to configure the expression.
+    2. Select **Advanced content match**.
+    3. In **Location**, select **Headers + Body**.
+    4. In **Match type**, select **Matches regex**.
+    5. In **Regexp** input `.*`. You can customize the regex as needed and test within the admin page or on sites like [Regexr](https://regexr.com/).
+    6. Select **SAVE**.
+6. In **If the above expressions match, do the following**, select **Modify message**, select **Add more recipients** > Select **ADD** > Choose **Advanced**:
+    1. Under **Envelope recipient**, select **Change envelope recipient** > **Replace recipient** > Enter the email of the recipient.
+    2. Under **Spam and delivery options**, select **Suppress bounces from this recipient**.
+    3. Under **Headers**, select **Add X-Gm-Spam and X-Gm-Phishy headers**.
+    4. Select **SAVE**.
+7. In **Account types to affect**, select **Users** and **Groups**.
+8. Select **SAVE**.
+

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/create-project-gcp.mdx

@@ -0,0 +1,16 @@
+---
+title: Create a project on Google Cloud Console
+pcx_content_type: how-to
+updated: 2022-10-11
+sidebar:
+  order: 4
+---
+
+import { Render } from "~/components"
+
+1. Log in to the [Google Cloud Console](https://console.cloud.google.com/welcome/new). From the dashboard, select **CREATE OR SELECT PROJECT**.
+2. Provide the details for the new project, and select **CREATE** to start your new project.
+3. Once the new project has been created, the Google Cloud Platform console will automatically redirect you to the Project console. If not, you can use the Project selector to change to the project you created.
+4. In **Getting Started**, select **Explore and enable APIs** > Select **ENABLE APIs & SERVICES**.
+5. On search bar, search for "Admin SDK API". Select **Admin SDK API**, then select **ENABLE**.
+6. Go back to the sidebar, select **Library**, and search for Gmail API. Select **Gmail API**, then select **ENABLE**.

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/create-service-account.mdx

@@ -0,0 +1,32 @@
+---
+title: Create service account
+pcx_content_type: how-to
+updated: 2022-10-11
+sidebar:
+  order: 4
+---
+
+import { Render } from "~/components"
+
+1. On the [Google Cloud Console](https://console.cloud.google.com/welcome/new), select **Credentials**.
+2. Select **CREATE CREDENTIALS** > **Service account**.
+3. Fill in the details to create a service account:
+    - **Service account name**: Enter **Message Retraction Service Account**.
+    - **Service account ID**: Enter **message-retraction-service-acc**.
+    - **Service account description**: Enter **Email Security Message Retraction**.
+    - Select **CREATE AND CONTINUE**.
+4. In **Grant this service account access to project**, select **Select a role** > Choose **Owner**. Select **CONTINUE**, then **DONE**.
+5. Go back to **Credentials**, and select your service account under **Service Accounts**. In **Details**, take note of the **Unique ID**.
+6. Select **Advanced settings** > **VIEW GOOGLE WORKSPACE ADMIN CONSOLE**, then enter your password.
+7. On the sidebar, select **Security** > **Access and data control** > **API controls** > Select **MANAGE DOMAIN WIDE DELEGATION**.
+8. Select **Add new** > Add a new client ID:
+    - **Client ID**: Enter the **Unique ID** you took note of.
+    - **OAuth scopes**: Enter the following URL:
+
+      ```txt
+      https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.alias.readonly, https://www.googleapis.com/auth/gmail.labels, https://mail.google.com/
+      ```
+    - Select **AUTHORIZE**.
+
+9. Go back to the sidebar > **Service Accounts**.
+10. Select the three dots > **Manage keys** > **ADD KEY** > **Create new key** > Select **JSON** > Select **CREATE**. This downloads a `.json` file which you will use at a later stage.

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/geographic locations.mdx

@@ -0,0 +1,10 @@
+---
+title: Geographic locations
+pcx_content_type: reference
+sidebar:
+  order: 6
+---
+
+import { Render } from "~/components"
+
+<Render file="deployment/bcc-table-geographic-locations" />

src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup.mdx renamed to src/content/docs/email-security/deployment/api/setup/gsuite-bcc-setup/index.mdx

@@ -1,7 +1,6 @@
 ---
 title: Gmail BCC setup
 pcx_content_type: integration-guide
-updated: 2022-10-11
 sidebar:
   order: 1
 head:
@@ -11,24 +10,14 @@ head:
 
 ---
 
-import { Render } from "~/components"
+import { Render, Details } from "~/components"
 
 :::caution[Area 1 has been renamed]
 
-
 <Render file="rename-area1-to-ces" />
 
-
 :::
 
 For customers using Gmail, setting up Email Security via BCC is quick and easy. All you need to do is create a content compliance filter to send emails to Email Security through BCC. The following email flow shows how this works:
 
-![Email flow when setting up a phishing assessment risk for Gmail with Email Security.](~/assets/images/email-security/deployment/api-setup/gmail/gmail-bcc-flow.png)
-
-To setup Email Security (formerly Area 1) phishing risk assessment for Gmail:
-
-<Render file="deployment/gmail-bcc-setup" />
-
-## Geographic locations
-
-<Render file="deployment/bcc-table-geographic-locations" />
+![Email flow when setting up a phishing assessment risk for Gmail with Email Security.](~/assets/images/email-security/deployment/api-setup/gmail/gmail-bcc-flow.png)