Merge pull request MicrosoftDocs#5349 from MicrosoftDocs/chrisda

chrisda · web-flow · commit 862561fe547a · 2020-04-21T10:28:27.000-07:00
Chrisda to Master
diff --git a/exchange/exchange-ps/exchange/advanced-threat-protection/Set-PhishFilterPolicy.md b/exchange/exchange-ps/exchange/advanced-threat-protection/Set-PhishFilterPolicy.md
@@ -128,17 +128,17 @@ There are two basic options for the CSV file:
 
 - **Block or allow all spoofed mail from the source**: You want to block or allow any and all spoofed messages from the specified message source, regardless of the spoofed email address. You can get the CSV file by running the command `Get-PhishFilterPolicy -Detailed | Export-CSV "<PathAndFileName>.csv"`. The important header fields (column headers) are:
 
-  **Sender**: The ___domain of the source email server from DNS records, or the IP address if there aren't any DNS records.
+  **Sender**: The ___domain of the source email server from reverse DNS lookup (PTR records), or the IP address if there aren't any PTR records.
 
   **AllowedToSpoof**: Indicates whether the message source is allowed to send spoofed messages. Valid values are Yes or No.
 
-- **Block or allow some spoofed mail from the source**: You want to block or allow some spoofed messages from the specified message source, but not others. You can get the CSV file by running the command `Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList | Export-CSV "<PathAndFileName>.csv"`. The important header fields (column headers) are:
+- **Block or allow some spoofed mail from the source**: You want to block or allow some spoofed messages from the specified message source, but not others. You can get the CSV file by running the command `Get-PhishFilterPolicy -Detailed | Export-CSV "<PathAndFileName>.csv"`. The important header fields (column headers) are:
 
-  **Sender**: The ___domain of the source email server from DNS records, or the IP address if there aren't any DNS records.
+  **Sender**
 
   **SpoofedUser**: The spoofed email address in your organization that the messages appear to be coming from.
 
-  **AllowedToSpoof**: Indicates whether messages that contain the spoofed sender from the source email server are allowed. Valid values are Yes or No.
+  **AllowedToSpoof**
 
 ```yaml
 Type: String
diff --git a/exchange/exchange-ps/exchange/mail-flow/Get-MessageTrace.md b/exchange/exchange-ps/exchange/mail-flow/Get-MessageTrace.md
@@ -25,16 +25,27 @@ For information about the parameter sets in the Syntax section below, see [Excha
 ## SYNTAX
 
 ```
-Get-MessageTrace [-EndDate <DateTime>] [-Expression <Expression>] [-FromIP <String>]
- [-MessageId <MultiValuedProperty>] [-MessageTraceId <Guid>] [-Page <Int32>] [-PageSize <Int32>]
- [-ProbeTag <String>] [-RecipientAddress <MultiValuedProperty>] [-SenderAddress <MultiValuedProperty>]
- [-StartDate <DateTime>] [-Status <MultiValuedProperty>] [-ToIP <String>] [<CommonParameters>]
+Get-MessageTrace
+ [-EndDate <DateTime>]
+ [-Expression <Expression>]
+ [-FromIP <String>]
+ [-MessageId <MultiValuedProperty>]
+ [-MessageTraceId <Guid>]
+ [-Page <Int32>]
+ [-PageSize <Int32>]
+ [-ProbeTag <String>]
+ [-RecipientAddress <MultiValuedProperty>]
+ [-SenderAddress <MultiValuedProperty>]
+ [-StartDate <DateTime>]
+ [-Status <MultiValuedProperty>]
+ [-ToIP <String>]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned.
+You can use this cmdlet to search message data for the last 30 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned.
 
-If you enter a time period that's older than 10 days, you won't receive an error, but the command will return no results. To search for message data that's between 10 and 90 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets.
+If you enter a time period that's older than 30 days, you won't receive an error, but the command will return no results. To search for message data that's between 10 and 90 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets.
 
 This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns too many results, consider splitting it up using smaller StartDate and EndDate intervals.
 
