cloudflare · pedrosousa · Feb 21, 2025 · Feb 20, 2025
@@ -12,5 +12,5 @@ Add your domain to Cloudflare to start receiving the benefits of the platform.
 By the end of this module, you will:
 
 - Add your domain as a new site to Cloudflare
-- Update your nameservers 
+- Update your nameservers
 - Minimize downtime for your site
@@ -24,7 +24,7 @@ If a specific application requires a more stringent reauthentication timeline, u
 
 :::note
 
-A global timeout does not necessarily fit all customer needs. With the increased interrogation of traffic offered by ZTNA compared to traditional remote access, many customers choose not to use a global reauthentication event and instead only use reauthentication for specific applications. 
+A global timeout does not necessarily fit all customer needs. With the increased interrogation of traffic offered by ZTNA compared to traditional remote access, many customers choose not to use a global reauthentication event and instead only use reauthentication for specific applications.
 :::
 
 ### Common mistake

@@ -71,7 +71,7 @@ Consider creating brand new tunnels when your network is dispersed across differ
 
 :::note
 
-If you add the `10.0.50.0/24` range to a new tunnel without removing it from your existing `10.0.0.0/8` tunnel, Cloudflare will automatically default to the most specific path for user traffic. In other words, all traffic to `10.0.50/0/24` will flow through the newly created tunnel even though both tunnels technically include that route. 
+If you add the `10.0.50.0/24` range to a new tunnel without removing it from your existing `10.0.0.0/8` tunnel, Cloudflare will automatically default to the most specific path for user traffic. In other words, all traffic to `10.0.50/0/24` will flow through the newly created tunnel even though both tunnels technically include that route.
 :::
 
 #### Servers in same location

@@ -12,5 +12,5 @@ Review the concepts behind Cloudflare's Email Security.
 By the end of this module, you will be able to:
 
 * Explain how Cloudflare works.
-* Describe what Email Security is. 
+* Describe what Email Security is.
 * Understand how Cloudflare prevents email-based phishing attacks.
@@ -11,10 +11,10 @@ These small pattern assessments are dynamic in nature. Cloudflare's automated sy
 
 Cloudflare's vast global network detects emergent campaign infrastructure and aggregates data for Cloudflare's proprietary analytics engine SPARSE.
 
-SPARSE uses AI and ML models to make effective detections for all types of malicious emails, including Business Email Compromise (BEC). 
+SPARSE uses AI and ML models to make effective detections for all types of malicious emails, including Business Email Compromise (BEC).
 
-In a BEC attack, the attacker falsifies an email message to trick the victim into performing some action - most often transferring money to an account or location the attacker controls. 
+In a BEC attack, the attacker falsifies an email message to trick the victim into performing some action - most often transferring money to an account or location the attacker controls.
 
-To detect these low volume, malicious emails that do not contain malware, malicious links or email attachments, Cloudflare analyzes the email thread, content, sentiment and context via message lexical analysis, subject analysis and sender analysis. Display names are also compared with known executive names for similarity using several matching models. 
+To detect these low volume, malicious emails that do not contain malware, malicious links or email attachments, Cloudflare analyzes the email thread, content, sentiment and context via message lexical analysis, subject analysis and sender analysis. Display names are also compared with known executive names for similarity using several matching models.
 
 Refer to [How we detect phish](/email-security/reference/how-we-detect-phish/#sample-attack-types-and-detections) to learn more about additional attack types and detections. 
@@ -5,12 +5,12 @@ sidebar:
   order: 6
 ---
 
-In the early 2000s, Secure Email Gateways (SEGs) were introduced to deal with a growing need around the routing and filtering of email. While SEGs were successful at their mission for many years, their fundamental design has made it impossible for them to keep pace as phishing threats rapidly grow in scope and sophistication. 
+In the early 2000s, Secure Email Gateways (SEGs) were introduced to deal with a growing need around the routing and filtering of email. While SEGs were successful at their mission for many years, their fundamental design has made it impossible for them to keep pace as phishing threats rapidly grow in scope and sophistication.
 
 Continuously updating manual rulesets and policies that were originally built for on-prem servers only inflates the amount of time and effort involved in maintaining a SEG. This has resulted in an increase in cost and complexity while still falling short of catching the most dangerous threats, such as business email compromise (BEC) attacks.
 
 As organizations continue to adopt Microsoft 365 to enhance communication and collaboration for their hybrid workforce, it is crucial to take advantage of Microsoft's native security features while integrating complementary, machine learning-based solutions to automatically block and isolate the most dangerous threats. This strategy not only significantly reduces phishing risk, but also simplifies workflows, minimizing the time and effort needed for ongoing security management.
 
-Analysts agree that consolidating capabilities to minimize overlapping functionality is helping organizations reduce cost and complexity. However, they also advise organizations to carefully assess native features to ensure they satisfy all use cases. As Microsoft continues to build out its essential email security features, the growing overlap with SEGs has given organizations an opportunity to streamline security operations by leveraging capabilities already included in their E3 or E5 license. 
+Analysts agree that consolidating capabilities to minimize overlapping functionality is helping organizations reduce cost and complexity. However, they also advise organizations to carefully assess native features to ensure they satisfy all use cases. As Microsoft continues to build out its essential email security features, the growing overlap with SEGs has given organizations an opportunity to streamline security operations by leveraging capabilities already included in their E3 or E5 license.
 
 This shift enables organizations to eliminate complex and costly SEG deployments, redirecting a fraction of that budget to integrate lightweight solutions that effectively address the most dangerous phishing threats. Cloudflare Email Security provides an integrated, low-touch solution that augments Microsoft 365 using machine learning threat analysis to automate the detection of BEC and multi-channel attacks.
@@ -5,6 +5,6 @@ sidebar:
   order: 4
 ---
 
-Despite email's importance as a communication method, security and privacy were not built into the [The Simple Mail Transfer Protocol (SMTP) protocol](https://www.cloudflare.com/learning/email-security/what-is-smtp/). As a result, email is a major attack vector. 
+Despite email's importance as a communication method, security and privacy were not built into the [The Simple Mail Transfer Protocol (SMTP) protocol](https://www.cloudflare.com/learning/email-security/what-is-smtp/). As a result, email is a major attack vector.
 
 Email security is the process of preventing [email-based](https://www.cloudflare.com/learning/email-security/what-is-email/) cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from [spoofing](https://www.cloudflare.com/learning/ssl/what-is-domain-spoofing/), stopping [phishing attacks](https://www.cloudflare.com/learning/access-management/phishing-attack/), preventing fraud, blocking [malware](https://www.cloudflare.com/learning/ddos/glossary/malware/) delivery, and filtering [spam](https://www.cloudflare.com/learning/email-security/how-to-stop-spam-emails/). 
@@ -15,7 +15,7 @@ To manage a Microsoft directory:
 4. Under **Directory name**, select **MS directory**.
 5. From here, you can manage **Groups** or **Users** directories.
 
-Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/). 
+Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/).
 When a group is added to the registry, all members are registered by default.
 
 To manage your group directory, on the **MS directory** page, select **Groups**.

@@ -5,11 +5,11 @@ sidebar:
   order: 3
 ---
 
-Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning. 
+Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning.
 
 You can choose how Email Security will handle messages that match your criteria:
 
-- **Trusted Sender**: Messages will bypass all [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) and link following. Typically, it only applies to phishing simulations from vendors such as KnowBe4. Many emails contain links in them. Some of these could be links to surveys, phishing simulations and other trackable links. By marking a message as a Trusted Sender, Email Security will not scan any attachments from the sender and will not attempt to open the links in the emails. 
+- **Trusted Sender**: Messages will bypass all [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) and link following. Typically, it only applies to phishing simulations from vendors such as KnowBe4. Many emails contain links in them. Some of these could be links to surveys, phishing simulations and other trackable links. By marking a message as a Trusted Sender, Email Security will not scan any attachments from the sender and will not attempt to open the links in the emails.
 - **Exempt Recipient**: Messages will be exempt from all Email Security [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) intended for recipients matching this pattern (email address or regular expression only). Typically, this only applies to submission mailboxes for user reporting to security.
 - **Accept Sender**: Messages will exempt messages from the `SPAM`, `SPOOF`, and `BULK` [dispositions](/cloudflare-one/email-security/reference/dispositions-and-attributes/) (but not `MALICIOUS` or `SUSPICIOUS`). Commonly used for external domains and sources that send mail on behalf of your organization, such as marketing emails or internal tools.
 

@@ -5,6 +5,6 @@ sidebar:
   order: 3
 ---
 
-With Email Security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email Security. 
+With Email Security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email Security.
 
 In this module, you will configure your email environment.
@@ -7,7 +7,7 @@ sidebar:
 
 Before deploying Email Security to production, you will have to consider reporting any phishing attacks, evaluating which disposition to assign a specific message, and using different screen criteria to search through your inbox.
 
-PhishNet is an add-in button that helps users to submit phish samples missed by Email Security detection. 
+PhishNet is an add-in button that helps users to submit phish samples missed by Email Security detection.
 
 To set up PhishNet O365:
 

@@ -13,6 +13,6 @@ Ensure you have completed the previous modules before enabling auto-moves.
 
 Auto-move events are events where emails are automatically moved to different inboxes based on the disposition assigned to them by Email Security.
 
-When you set up auto-moves, you can move messages manually or set up automatic moves to send messages matching certain [dispositions](/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions/) to specific folders within a user's mailbox. 
+When you set up auto-moves, you can move messages manually or set up automatic moves to send messages matching certain [dispositions](/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions/) to specific folders within a user's mailbox.
 
 You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
@@ -9,7 +9,7 @@ To create your Email Security account, you will need the alphanumeric string on
 
 If you do not have a Cloudflare account, you can create one for free by referring to the [Cloudflare sign-up page](https://dash.cloudflare.com/sign-up).
 
-Once you have created your account, your account team will create an Email Security account for you. 
+Once you have created your account, your account team will create an Email Security account for you.
 
 To establish your tenant, you will need the following information:
 

@@ -7,6 +7,6 @@ sidebar:
 
 While there are multiple deployment methods, the easiest way to get started with Email Security is via the API deployment method.
 
-When you choose the [API deployment](/cloudflare-one/email-security/setup/post-delivery-deployment/api/), Email Security can both scan and take actions on emails after they have reached a user's inbox. 
+When you choose the [API deployment](/cloudflare-one/email-security/setup/post-delivery-deployment/api/), Email Security can both scan and take actions on emails after they have reached a user's inbox.
 
 With a [Journaling setup](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/office365-journaling/) alone without API integration, Email Security can only scan emails after it has reached a user's inbox.
@@ -5,10 +5,10 @@ sidebar:
   order: 1
 ---
 
-In this learning path, you will learn how to protect your organization from phishing attacks with Email Security. 
+In this learning path, you will learn how to protect your organization from phishing attacks with Email Security.
 
-Your users will experience a reduction in spam and phishing emails, and have simple ways to report any suspicious activity. 
+Your users will experience a reduction in spam and phishing emails, and have simple ways to report any suspicious activity.
 
-Administrators will be able to review detections and phishing trends that target their organization without having to tune Email Security. 
+Administrators will be able to review detections and phishing trends that target their organization without having to tune Email Security.
 
 This module will kickstart your email flow.
@@ -5,6 +5,6 @@ sidebar:
   order: 3
 ---
 
-Once your tenant is created by your account team, you will receive an email that grants you access to the Email Security platform. 
+Once your tenant is created by your account team, you will receive an email that grants you access to the Email Security platform.
 
 Multi-factor authentication is required, so you will need an authenticator tool to set up your second factor prior to gaining access. Scan the QR code, set up your second factor, create a new password, and enter the Email Security portal. 
@@ -5,9 +5,9 @@ sidebar:
   order: 5
 ---
 
-An API deployment model with Email Security has multiple benefits for Microsoft 365 Customers. 
+An API deployment model with Email Security has multiple benefits for Microsoft 365 Customers.
 
-The API deployment with Email Security offers: 
+The API deployment with Email Security offers:
 
 - Easy protection for complex email architectures, without requiring any change to mail flow operations.
 - Agentless deployment for Microsoft 365.

@@ -5,16 +5,16 @@ sidebar:
   order: 2
 ---
 
-Spam and Malicious emails are blocked outright by Email Security, but Suspicious and Spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message. 
+Spam and Malicious emails are blocked outright by Email Security, but Suspicious and Spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message.
 
-[PhishGuard](/cloudflare-one/email-security/phish-guard/) (Cloudflare's managed email security service) can review these messages for you and move them from the end user inbox if they are deemed malicious. 
+[PhishGuard](/cloudflare-one/email-security/phish-guard/) (Cloudflare's managed email security service) can review these messages for you and move them from the end user inbox if they are deemed malicious.
 
-Messages that receive a Spoof disposition should be investigated because it signals that the traffic is either non-compliant with your email authentication process [SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/), or has a mismatching Envelope From and Header From value.  
+Messages that receive a Spoof disposition should be investigated because it signals that the traffic is either non-compliant with your email authentication process [SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/), or has a mismatching Envelope From and Header From value.
 
 In most cases, a Spoof disposition is triggered by a legitimate third-party mail service. If you determine that the Spoofed email is a legitimate business use case, you can either:
 
 - Update your email authentication records.
-- Add an acceptable sender [allow policy](/cloudflare-one/email-security/detection-settings/allow-policies/) to exempt messages from the Spam, Spoof, or Bulk disposition, but not Malicious or Suspicious, so the content of the message can still be monitored. 
+- Add an acceptable sender [allow policy](/cloudflare-one/email-security/detection-settings/allow-policies/) to exempt messages from the Spam, Spoof, or Bulk disposition, but not Malicious or Suspicious, so the content of the message can still be monitored.
 
 ## Search email messages
-Original file line number
+Diff line change
@@ Expand Up @@
     :::note
-    A global timeout does not necessarily fit all customer needs. With the increased interrogation of traffic offered by ZTNA compared to traditional remote access, many customers choose not to use a global reauthentication event and instead only use reauthentication for specific applications.
+    A global timeout does not necessarily fit all customer needs. With the increased interrogation of traffic offered by ZTNA compared to traditional remote access, many customers choose not to use a global reauthentication event and instead only use reauthentication for specific applications.
     :::
     ### Common mistake
@@ Expand Down @@