Modify page to make steps more actionable

Author: Maddy-Cloudflare

src/content/docs/cloudflare-one/email-security/setup/index.mdx

@@ -10,36 +10,40 @@ sidebar:
 
 import { Markdown } from "~/components";
 
-Before you start the onboarding process, you will have to choose a deployment path. Email Security provides two deployment modes: [post-delivery](/cloudflare-one/email-security/setup/) (for API and BCC/Journaling), and [pre-delivery](/cloudflare-one/email-security/setup/#pre-delivery-deployment) (for MX/Inline).
+## Before you begin
 
-## Post-delivery deployment
+Before you start the onboarding process, you will have to:
 
-### How it works
+1. Choose a deployment path: Email Security provides two deployment modes, [post-delivery](/cloudflare-one/email-security/setup/) for API and BCC/Journaling and [pre-delivery](/cloudflare-one/email-security/setup/#pre-delivery-deployment) for MX/Inline.
+2. Learn about dispositions, impersonation registry, and reclassifications.
+3. Know the steps to configure your email environment correctly.
+
+## 1. Choose a deployment
+
+### Post-delivery deployment
 
 When you choose post-delivery deployment, Cloudflare scans emails **after** they reach a users' inbox.
 
-If you are a Microsoft 365 user, this is done via Microsoft's Graph API or journaling.
+If you are a Microsoft 365 user, this is done via [Microsoft's Graph API](/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/) or [journaling](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/office365-journaling/).
 
-If you are a Google Workspace or Microsoft Exchange user, this is done via BCC.
+If you are a [Google Workspace](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup/) or [Microsoft Exchange](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/bcc-microsoft-exchange/) user, this is done via BCC.
 
-### Why you should consider post-delivery deployment
+#### Why you should consider post-delivery deployment
 
 Post-delivery deployment is time-efficient, because it does not involve MX changes. Post-delivery deployment does not disrupt mail flow. Post-delivery deployment allows you to enable [auto-move events](/cloudflare-one/email-security/auto-moves/) to hard or soft delete messages, and synchronize your [directory](/cloudflare-one/email-security/directories/) when you use Microsoft Graph API or Google Workspace.
 
 :::note
 When you choose post-delivery deployment:
 - The threat is removed **after** the message has been delivered to the inbox.
-- It requires API scopes, or BCC/journaling rule configuration.
+- It requires API scopes, or BCC/Journaling rule configuration.
 - Auto-move is only available in BCC/Journaling if you associate an integration.
 :::
 
-## Pre-delivery deployment
-
-### How it works
+### Pre-delivery deployment
 
 When you choose pre-delivery deployment, Cloudflare scans emails **before** they reach a users' inbox. The MX record points to Cloudflare.
 
-### Why you should consider pre-delivery deployment
+#### Why you should consider pre-delivery deployment
 
 Pre-delivery deployment provides you with the highest level of protection. It enforces [text add-ons](/cloudflare-one/email-security/detection-settings/configure-text-add-ons/) or link rewrite at delivery.
 
@@ -52,13 +56,13 @@ When you choose pre-delivery deployment:
 - Cloudflare [egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) are allowed on downstream mail servers.
 :::
 
-## Dispositions
-
-Email traffic that flows through Email Security is given a final disposition, which represents Email Security's evaluation of that specific message. Refer to [Dispositions and attributes](/cloudflare-one/email-security/reference/dispositions-and-attributes/) to learn more.
+## 2. Understand dispositions
 
 Dispositions allow you to configure policies and tune reporting. For example, you can configure a policy to move suspicious emails to your junk folder.
 
-## Impersonation registry
+Refer to [Dispositions](/cloudflare-one/email-security/reference/dispositions-and-attributes/#dispositions) to learn more about dispositions.
+
+## 3. Set up the impersonation registry
 
 Most [Business email compromise(BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/) targets executives or finance roles. You must add addresses of roles who are likely to be impersonated. Refer to [Impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) to learn how to add a user to the impersonation registry.
 
@@ -67,17 +71,18 @@ Roles you may want to include in the impersonation registry are:
 - C-suites
 - Finance roles
 - HR
-- IT help-desk.
+- IT help-desk
 
 You should review your impersonation registry on a quarterly basis as roles change.
 
-## Reclassifications
+## 4. Reclassify messages
+
+A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn how to reclassify a message.
 
-A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. 
 
 ### Who can reclassify messages
 
-[Security teams](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) and [end users](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) can submit a reclassification. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn how to reclassify a message.
+[Security teams](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) and [end users](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) can submit a reclassification. 
 
 ### Why you should reclassify messages
 
@@ -96,7 +101,9 @@ To make the most of reclassifications:
 
 A correct use of reclassifications ensures that Email Security delivers a stronger protection with less manual tuning.
 
-## Configuration checklist
+## 5. Configuration checklist
+
+Ensure you follow the below checklist to ensure your email environment is set up correctly:
 
 | Step                                                                                                    | Post-delivery | Pre-delivery |
 |---------------------------------------------------------------------------------------------------------|---------------|--------------|
@@ -111,4 +118,6 @@ A correct use of reclassifications ensures that Email Security delivers a strong
 | Send a test email and verify it appears in **Monitoring** > [**Email activity**](/cloudflare-one/email-security/email-monitoring/#email-activity) with expected disposition        | Required      | Required     |
 
 [^1]: Alternatively, you can create a service account and add BCC rules.
-[^2]: Still used for directory/auto‑move insight if desired as well as authorizing free API CASB.
+[^2]: Still used for directory/auto‑move insight if desired as well as authorizing free API CASB.
+
+Now that you know which deployment path to choose, you can begin your onboarding process.