[Email Security] Clarify steps

Author: Maddy-Cloudflare

src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx

@@ -78,14 +78,15 @@ Reclassifying messages allows you to choose the disposition of your messages if
 
 To reclassify a message:
 
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** and select **Investigation**.
 1. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify.
 2. Select the three dots, then select **Reclassify**.
 3. Under **New disposition**, select among the following:
-   * **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.
-   * **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and `Header From` values.
-   * **Spam**: Traffic associated with non-malicious, commercial campaigns.
-   * **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of `SPAM` and `SUSPICIOUS`. For example, a marketing email that intentionally obscures its unsubscribe link.
-   * **Clean**: Traffic not associated with any phishing campaigns.
+   - **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.
+   - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and `Header From` values.
+   - **Spam**: Traffic associated with non-malicious, commercial campaigns.
+   - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of `SPAM` and `SUSPICIOUS`. For example, a marketing email that intentionally obscures its unsubscribe link.
+   - **Clean**: Traffic not associated with any phishing campaigns.
 4. Select **Save**.
 
 To reclassify messages in bulk, select the messages you want to reclassify > **Action** > **Reclassify**.
@@ -166,14 +167,15 @@ Moving messages allows you to move messages to a specific folder. You can move u
 
 To move messages:
 
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
 1. On the **Investigation** page, select all the messages you want to move.
 2. Select the **Action** dropdown, then select **Move**.
 3. Select among one of the following folders:
-   * **Inbox**: Move messages to the primary email folder.
-   * **Junk email**: Move messages to the junk or spam folder.
-   * **Trash**: Move messages to the trash or deleted items email folder.
-   * **Soft delete (user recoverable)**: Move messages to the user's Deleted Items folder. This option is for Microsoft 365 only.
-   * **Hard delete (admin recoverable)**: Delete messages from a user's inbox.
+   - **Inbox**: Move messages to the primary email folder.
+   - **Junk email**: Move messages to the junk or spam folder.
+   - **Trash**: Move messages to the trash or deleted items email folder.
+   - **Soft delete (user recoverable)**: Move messages to the user's Deleted Items folder. This option is for Microsoft 365 only.
+   - **Hard delete (admin recoverable)**: Delete messages from a user's inbox.
 4. Select **Save**.
 
 ## Find similar emails
@@ -182,7 +184,8 @@ Each detection has an Email Detection Fingerprint (EDF) hash that Email Security
 
 To find similar detection results:
 
-1. On the **Investigation** page, under **Your matching messages**, search for the **Similar emails** column.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the **Investigation** page, under **Your matching messages**, search for the **Similar emails** column.
 2. Select the number of similar emails. Selecting the number will show you a list of similar emails.
 
 ## Export messages
@@ -191,23 +194,25 @@ With Email Security, you can export messages to a CSV file.
 
 To export messages:
 
-1. On the **Investigation** page, under **Your matching messages**, select **Export to CSV**.
-2. Select **Export messages** on the pop-up message. You can export up to 500 messages from the dashboard. To export up to 1,000 matching messages, use the [API](/api/resources/email_security/subresources/investigate/methods/get/).
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the **Investigation** page, under **Your matching messages**, select **Export to CSV**.
+3. Select **Export messages** on the pop-up message. You can export up to 500 messages from the dashboard. To export up to 1,000 matching messages, use the [API](/api/resources/email_security/subresources/investigate/methods/get/).
 
 ## Email status
 
 Email Security allows you to review the status and actions of each email.
 
 To view status and actions for each email:
 
-1. On the **Investigation** page, select the three dots.
-2. Selecting the three dots will show you the following options:
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the **Investigation** page, select the three dots.
+3. Selecting the three dots will show you the following options:
    - If the email is quarantined:
       - **View details**: Refer to [Email details](/cloudflare-one/email-security/email-monitoring/search-email/#email-details) to learn more.
       - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash).
       - **Release**: Email Security will no longer quarantine your chosen messages.
       - **Reclassify**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn more.
-3. If the email is not quarantined:
+4. If the email is not quarantined:
    - **View details**.
    - **View similar emails**.
    - **View submission detail**.

src/content/docs/cloudflare-one/email-security/index.mdx

@@ -37,4 +37,4 @@ Email Security overview displays:
 - **Recommendations**: A series of recommendations. For example, you may be recommended to learn how to submit emails for reclassification, create policies, or protect users at risk of [impersonation](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
 - **Email Security metrics**: Activity from the last seven days.
 - **Recently modified policies** A list of modified policies.
-- **Education and resources**: Links to [implementation guides](/cloudflare-one/implementation-guides/), [Email Security changelogs](/cloudflare-one/changelog/email-security/), and [API documentation](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/)
+- **Education and resources**: Links to [implementation guides](/cloudflare-one/implementation-guides/), [Email Security changelogs](/cloudflare-one/changelog/email-security/), and [API documentation](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/)

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api.mdx

@@ -59,27 +59,33 @@ Your domains are now connected successfully.
 
 To connect new domains:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
-2. Select **Zero Trust**.
-3. Select **Email security**.
-4. Select **Settings**.
-5. On the **Domain management** page, select **Add a domain**.
-6. Select the domains you want Email Security to scan.
-7. Select **Save**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+2. Select **Settings** > **Domain management** > **Domains**, then select **View**.
+3. Select **Add a domain**.
+4. Select a method for connecting your mail environment to Email Security:
+   - If you select **MS Graph API**, refer to  [Enable Microsoft integration](cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration).
+   - If you select BCC/Journaling, choose how to connect your domains:
+      - If you select **Integrate with MS**, refer to  [Enable Microsoft integration](cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration).
+      - If you select **Integrate with Google**, refer to [Connect your domains](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/).
+      - If you select **Manual add**, refer to [Enter domain manually](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add/#enter-domain-manually).
 
 ## Prevent Cloudflare from scanning a domain
 
 If you want to prevent Cloudflare from scanning a domain:
 
-1. On the **Domain management** page, select the domain you do not want to be scanned.
-2. Select the three dots > **Stop scanning**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
+3. On the **Domain management** page, select the domain you do not want to be scanned.
+4. Select the three dots > **Stop scanning**.
 
 ## View an integration
 
 To view the integration for each connected domain:
 
-1. Select a domain.
-2. Select the three dots > **View integration**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
+3. Select a domain.
+4. Select the three dots > **View integration**.
 
 Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/) to learn more.
 

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx

@@ -7,6 +7,8 @@ sidebar:
 
 import { GlossaryTooltip } from "~/components"
 
+To connect your domains, you will need to [enable your Gmail BCC integration](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration/#enable-gmail-bcc-integration). Once you have enabled your Gmail BCC integration, the Cloudflare dashboard will redirect you to the **Set up Email Security** page.
+
 On the **Set up Email Security** page:
 
 1. **Connect domains**: Select at least one domain. Then, select **Continue**.
@@ -26,7 +28,7 @@ Under **Source**, the dashboard will display **Google integration**, along with
 
 To add additional domains:
 
-1. Go to **Settings**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Settings**.
 2. Select **Connect an integration** > **BCC/Journaling** > **Integrate with Google** > **Authorize**.
 3. **Connect domains**: Select the domains you want to add, then select **Next**.
 4. (Optional) Select **Add manual domains**: Enter additional domains manually, then select **Next**.

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration.mdx

@@ -87,15 +87,16 @@ Enter the email associated with the Google Workspace Administrator account. Your
 
 To verify that the integration has been successful:
 
-1. Go to **Settings** (the gear icon) > **SaaS integrations**.
-2. Go to your integration, and ensure that the integration displays **CASB+EMAIL** under **Type**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**.
+2. Go to **Settings** (the gear icon) > **SaaS integrations**.
+3. Go to your integration, and ensure that the integration displays **CASB+EMAIL** under **Type**.
 
 :::note
-If you do not reach the step to complete Email Security set up:
+If you do not reach the step to complete the Email Security set up:
 
 1. Go to **Settings** (the gear icon) > **SaaS Integrations**.
 2. Delete the integration, if present. Locate your integration, select **Configure**, then select **Delete**.
-3. Follow the steps from the beginning to enable Gmail BCC integration.
+3. Follow the steps from the beginning to [enable Gmail BCC integration](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration/#enable-gmail-bcc-integration).
 :::
 
 ## Next steps

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling.mdx

@@ -13,12 +13,10 @@ When you receive an email, the email lands on your Microsoft 365 inbox, and then
 
 To enable Microsoft 365 journaling deployment:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Zero Trust**.
-3. Select **Email Security**.
-4. Select **Overview**: If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up**.
-5. Select **BCC/Journaling**.
-6. Select **Integrate with MS** > **Authorize**.
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Select **Overview**. If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up** > **BCC/Journaling**.
+3. Select **Integrate with MS** > **Authorize**.
+4. Continue with [Integrate with Microsoft 365](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/#integrate-with-microsoft-365) to connect your Microsoft integration.
 
 ## Integrate with Microsoft 365
 

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manage-domains.mdx

@@ -8,28 +8,30 @@ sidebar:
 
 To filter your domains:
 
-1. Select **Settings**.
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 2. Select **Configured method** and/or **Status**:
-    * If you select **Configured method**, choose among the following:
-        * **All**: To view all the domains.
-        * **MS Graph API**: To view domains connected via MS Graph API.
-        * **BCC/Journaling**: To view domains connected via BCC/Journaling.
-    * If you select **Status**, choose among the following:
-        * **All**: To view Active and No mail flow domains.
-        * **Active**: To view active domains. A domain is active when the connection is running, and Email Security is able to scan email messages.
-        * **No mail flow**: To view no mail flow domains. A domain has a "No mail flow" status when no mail flow is detected. You may not have any email traffic or your BCC/Journaling configuration is incomplete.
+    - If you select **Configured method**, choose among the following:
+        - **All**: To view all the domains.
+        - **MS Graph API**: To view domains connected via MS Graph API.
+        - **BCC/Journaling**: To view domains connected via BCC/Journaling.
+        - **Retro Scan**: To view domains configured via Retro Scan.
 
 ## Edit domains
 
 To edit your domains:
 
-1. On the **Domains** page, locate your domain, select the three dots > **Edit**.
-2. If you did not manually add your domain, you will only be able to edit **Hops**. If you manually added your domain, you will be able to edit **Domain name** and **Hops**.
-3. Select **Save**.
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
+3. On the **Domains** page, locate your domain, select the three dots > **Edit**.
+4. If you did not manually add your domain, you will only be able to edit **Hops**. If you manually added your domain, you will be able to edit **Domain name** and **Hops**.
+5. Select **Save**.
 
 ## Prevent Cloudflare from scanning a domain
 
 To unscan domains:
 
-1. On the **Domains** page, locate your domain, select the three dots > **Unscan**.
-2. Select **Unscan** again to stop Cloudflare from scanning your domain.
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
+3. On the **Domains** page, locate your domain, select the three dots > **Unscan**.
+4. Select **Unscan** again to stop Cloudflare from scanning your domain.

src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add.mdx

@@ -14,12 +14,9 @@ To use Email Security, you will need to have:
 
 ## Manually add domains
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Zero Trust**.
-3. Select **Email Security**.
-4. Select **Overview**: If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up**.
-5. Select **BCC/Journaling**.
-6. Select **Manual add**.
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Select **Overview**. If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up** > **BCC/Journaling**.
+3. Select **Manual add**.
 
 ## Users with domains on Cloudflare
 
@@ -33,7 +30,7 @@ On the **Set up Email Security** page:
 
 ## Users who do not have domains with Cloudflare
 
-If you do not have domains with Cloudflare, the dashboard will display two options:
+If you do not have domains with Cloudflare, the Cloudflare dashboard will display two options:
 
 - Add a domain to Cloudflare.
 - Enter domain manually.
@@ -54,10 +51,14 @@ On the **Set up Email Security** page:
 
 ## Enable auto-moves
 
-To enable auto-move events, you will have to connect and associate an integration:
+To enable auto-move events, you will have to associate an integration.
 
-1. Go to **Settings** > **Domain management** > **Domains** > Select **View**.
-2. On the **Domain management** page, locate your domain, select the three dots, then select **Associate an integration**.
-3. Select **Connect an integration**. Follow the steps to [enable the Microsoft 365 integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration).
-4. Select the three dots, then select **Associate an integration**. Select the integration, then select **Associate**.
-5. Now that your domain has an associated integration, enable [auto-move events](/cloudflare-one/email-security/auto-moves/) on your domain.
+To associate an integration:
+
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+2. Go to **Settings** > **Domain management** > **Domains** > Select **View**.
+3. On the **Domain management** page, locate your domain, select the three dots, then select **Associate an integration**.
+4. Select **Connect an integration**. Follow the steps to [enable the Microsoft 365 integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration).
+5. Select the three dots, then select **Associate an integration**. Select the integration, then select **Associate**.
+
+Now that your domain has an associated integration, enable [auto-move events](/cloudflare-one/email-security/auto-moves/) on your domain.