Merge branch 'master' into SupRevAct-chrisda

Author: chrisda

exchange/docs-conceptual/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell.md

@@ -42,7 +42,7 @@ If you want to use multi-factor authentication (MFA) to connect to Exchange Onli
 
   1. In Internet Explorer or Edge, open the Exchange admin center (EAC) for your Exchange Online organization. For instructions, see [Exchange Admin Center in Exchange Online](http://technet.microsoft.com/library/ace44f6b-4084-4f9c-89b3-e0317962472b.aspx).
 
-    **Note**: Internet Explorer or Edge is required because the download in the next step uses ClickOnce, so Google Chrome or Mozilla Firefox won't work.
+    **Note**: A browser that uses ClickOnce to download (like Internet Explorer or Edge) is needed to complete the next step.
 
   2. In the EAC, go to **Hybrid** > **Setup** and click the appropriate **Configure** button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
 

exchange/docs-conceptual/exchange-server/recipient-filters/filter-properties.md

@@ -213,7 +213,7 @@ Now, when you run **Update-ExchangeHelp** in the Exchange Management Shell on yo
 
 More interesting is the long-term maintenance of this customized configuration. Basically, you'll need to repeat Step 1 through Step 3 when you discover an update has been made available for Exchange cmdlet reference help, and you want to deploy that updated help to your Exchange servers. 
 
-An easy way to find new update packages is to periodically run **Update-ExchangeHelp** on an Internet-connected Exchange server, or computer that has the Exchange mangement tools installed.
+An easy way to find new update packages is to periodically run **Update-ExchangeHelp** on an Internet-connected Exchange server, or computer that has the Exchange management tools installed.
 
 [Return to top](use-update-exchangehelp.md#RTT)
 

exchange/docs-conceptual/exchange-server/use-update-exchangehelp.md

@@ -44,7 +44,7 @@ You can use any value that uniquely identifies the rule. For example:
 
 - Name
 
-- Distinguised name (DN)
+- Distinguished name (DN)
 
 - GUID
 

exchange/exchange-ps/exchange/advanced-threat-protection/Disable-SafeAttachmentRule.md

@@ -44,7 +44,7 @@ You can use any value that uniquely identifies the rule. For example:
 
 - Name
 
-- Distinguised name (DN)
+- Distinguished name (DN)
 
 - GUID
 

exchange/exchange-ps/exchange/advanced-threat-protection/Disable-SafeLinksRule.md

@@ -44,7 +44,7 @@ You can use any value that uniquely identifies the rule. For example:
 
 - Name
 
-- Distinguised name (DN)
+- Distinguished name (DN)
 
 - GUID
 

exchange/exchange-ps/exchange/advanced-threat-protection/Enable-SafeAttachmentRule.md

@@ -44,7 +44,7 @@ You can use any value that uniquely identifies the rule. For example:
 
 - Name
 
-- Distinguised name (DN)
+- Distinguished name (DN)
 
 - GUID
 

exchange/exchange-ps/exchange/advanced-threat-protection/Enable-SafeLinksRule.md

@@ -94,35 +94,45 @@ Accept wildcard characters: False
 ### -EventType
 The EventType parameter filters the report by the event type. Valid values are:
 
-- Advanced phish filter\*
+Email phish EventTypes:
 
-- Anti-malware engine
+- Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
 
-- ATP safe attachments\*
+- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
 
-- ATP safe links\*
+- Anti-spoof: external ___domain (Indicates an external message caught by anti-phish spoof protection.)
 
-- Anti-spoof: Intra-org
+- Domain impersonation\* (Indicates a message impersonating a ___domain protected by an anti-phish policy.)
 
-- Anti-spoof: external ___domain\*
+- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
 
-- Domain impersonation\*
+- Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
 
-- General phish filter
+- General phish filter (Indicates a message caught by basic Office 365 phish protection.)
 
-- Malicious URL reputation
+- Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
 
-- URL detonation\*
+- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
 
-- Message passed
+Email malware EventTypes:
 
-- Phish ZAP
+- Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
 
-- User impersonation\*
+- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.)
 
-- Brand impersonation
+- ATP safe links\* (Indicates when a malicious link is blocked by ATP.)
 
-- ZAP
+- ZAP (Indicates a message with malware detected and auto-purged after delivery.)
+
+- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
+
+- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
+
+Content malware EventTypes:
+
+- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
+
+- AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires ATP or E5.)
 
 \* These features require a standalone Office 365 ATP or E5 subscription.
 
@@ -187,7 +197,7 @@ Accept wildcard characters: False
 ```
 
 ### -MessageId
-The MessageId parameter filters the results by the Message-ID header field of the message. This value is also known as the Client ID. The format of the Message-ID depends on the messaging server that sent the message. The value should be unique for each message. However, not all messaging servers create values for the Message-ID in the same way. Be sure to include the full Message ID string. This may include angle brackets.
+The MessageId parameter filters the results by the Message-ID header field of the message. This value is also known as the Client ID. The format of the Message-ID depends on the messaging server that sent the message. The value should be unique for each message. However, not all messaging servers create values for the Message-ID in the same way. Be sure to include the full Message ID string (which may include angle brackets) and enclose the value in quotation marks (for example, "<d9683b4c-127b-413a-ae2e-fa7dfb32c69d@DM3NAM06BG401.Eop-nam06.prod.protection.outlook.com>").
 
 ```yaml
 Type: MultiValuedProperty

exchange/exchange-ps/exchange/advanced-threat-protection/Get-MailDetailATPReport.md

@@ -152,35 +152,47 @@ Accept wildcard characters: False
 ### -EventType
 The EventType parameter filters the report by the event type. Valid values are:
 
-- Advanced phish filter\*
+- Message passed (Indicates a good message.)
 
-- Anti-malware engine
+Email phish EventTypes:
 
-- ATP safe attachments\*
+- Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
 
-- ATP safe links\*
+- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
 
-- Anti-spoof: Intra-org
+- Anti-spoof: external ___domain (Indicates an external message caught by anti-phish spoof protection.)
 
-- Anti-spoof: external ___domain\*
+- Domain impersonation\* (Indicates a message impersonating a ___domain protected by an anti-phish policy.)
 
-- Domain impersonation\*
+- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
 
-- General phish filter
+- Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
 
-- Malicious URL reputation
+- General phish filter (Indicates a message caught by basic Office 365 phish protection.)
 
-- URL detonation\*
+- Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
 
-- Message passed
+- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
 
-- Phish ZAP
+Email malware EventTypes:
 
-- User impersonation\*
+- Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
 
-- Brand impersonation
+- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.)
 
-- ZAP
+- ATP safe links\* (Indicates when a malicious link is blocked by ATP.)
+
+- ZAP (Indicates a message with malware detected and auto-purged after delivery.)
+
+- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
+
+- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
+
+Content malware EventTypes:
+
+- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
+
+- AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires ATP/E5.)
 
 \* These features require a standalone Office 365 ATP or E5 subscription.
 

exchange/exchange-ps/exchange/advanced-threat-protection/Get-MailTrafficATPReport.md

@@ -51,7 +51,7 @@ You can use any value that uniquely identifies the rule. For example:
 
 - Name
 
-- Distinguised name (DN)
+- Distinguished name (DN)
 
 - GUID