From 8b71ac499f184e493ee1f116d6891b883d0d9c8a Mon Sep 17 00:00:00 2001
From: Ben Jenkins <140325164+Yebbenbe@users.noreply.github.com>
Date: Mon, 13 Jan 2025 14:05:30 -0400
Subject: [PATCH] Update recommended-settings-for-eop-and-office365.md

Reading through this, setting a notification address for Default Outbound Spam policy recommends not configured because of Alert policy. However, as of 1/13/25, this is enabled on our tenant, and SecureScore is asking for it to be configured. Not sure how to link to a specific SS entry, but the title is "Ensure Exchange Online Spam Policies are set to notify administrators"

Implementation tasks, copied:

Check Send a copy of outbound messages that exceed these limits to these users and groups then enter the desired email addresses.
Check Notify these users and groups if a sender is blocked due to sending outbound spam then enter the desired email addresses.
---
 .../recommended-settings-for-eop-and-office365.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defender-office-365/recommended-settings-for-eop-and-office365.md b/defender-office-365/recommended-settings-for-eop-and-office365.md
index 696f0bfa2e..3ba6537f6f 100644
--- a/defender-office-365/recommended-settings-for-eop-and-office365.md
+++ b/defender-office-365/recommended-settings-for-eop-and-office365.md
@@ -170,8 +170,8 @@ For more information about the default sending limits in the service, see [Sendi
 |**Set a daily message limit** (_RecipientLimitPerDay_)|0|1000|800|The default value 0 means use the service defaults.|
 |**Restriction placed on users who reach the message limit** (_ActionWhenThresholdReached_)|**Restrict the user from sending mail until the following day** (`BlockUserForToday`)|**Restrict the user from sending mail** (`BlockUser`)|**Restrict the user from sending mail** (`BlockUser`)||
 |**Automatic forwarding rules** (_AutoForwardingMode_)|**Automatic - System-controlled** (`Automatic`)|**Automatic - System-controlled** (`Automatic`)|**Automatic - System-controlled** (`Automatic`)|
-|**Send a copy of outbound messages that exceed these limits to these users and groups** (_BccSuspiciousOutboundMail_ and _BccSuspiciousOutboundAdditionalRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|We have no specific recommendation for this setting. <br><br> This setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies that you create.|
-|**Notify these users and groups if a sender is blocked due to sending outbound spam** (_NotifyOutboundSpam_ and _NotifyOutboundSpamRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|The default [alert policy](/purview/alert-policies#threat-management-alert-policies) named **User restricted from sending email** already sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members) when users are blocked due to exceeding the limits in policy. **We strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users**. For instructions, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users).|
+|**Send a copy of outbound messages that exceed these limits to these users and groups** (_BccSuspiciousOutboundMail_ and _BccSuspiciousOutboundAdditionalRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Microsoft SecureScore now recommends this be configured, in the recommendation "Ensure Exchange Online Spam Policies are set to notify administrators". <br><br> This setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies that you create.|
+|**Notify these users and groups if a sender is blocked due to sending outbound spam** (_NotifyOutboundSpam_ and _NotifyOutboundSpamRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|The default [alert policy](/purview/alert-policies#threat-management-alert-policies) named **User restricted from sending email** already sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members) when users are blocked due to exceeding the limits in policy. Microsoft SecureScore now recommends this be configured. For instructions, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users).|
 
 ### EOP anti-phishing policy settings