SubhMSFT
diff --git a/‎exchange/exchange-ps/exchange/Disable-ATPProtectionPolicyRule.md
Lines changed: 24 additions & 10 deletions b/‎exchange/exchange-ps/exchange/Disable-ATPProtectionPolicyRule.md
Lines changed: 24 additions & 10 deletions
diff --git a/‎exchange/exchange-ps/exchange/Disable-EOPProtectionPolicyRule.md
Lines changed: 30 additions & 10 deletions b/‎exchange/exchange-ps/exchange/Disable-EOPProtectionPolicyRule.md
Lines changed: 30 additions & 10 deletions
diff --git a/‎exchange/exchange-ps/exchange/Enable-ATPProtectionPolicyRule.md
Lines changed: 24 additions & 10 deletions b/‎exchange/exchange-ps/exchange/Enable-ATPProtectionPolicyRule.md
Lines changed: 24 additions & 10 deletions
diff --git a/‎exchange/exchange-ps/exchange/Enable-EOPProtectionPolicyRule.md
Lines changed: 0 additions & 6 deletions b/‎exchange/exchange-ps/exchange/Enable-EOPProtectionPolicyRule.md
Lines changed: 0 additions & 6 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-ATPProtectionPolicyRule.md
Lines changed: 33 additions & 11 deletions b/‎exchange/exchange-ps/exchange/Get-ATPProtectionPolicyRule.md
Lines changed: 33 additions & 11 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-EOPProtectionPolicyRule.md
Lines changed: 0 additions & 6 deletions b/‎exchange/exchange-ps/exchange/Get-EOPProtectionPolicyRule.md
Lines changed: 0 additions & 6 deletions
@@ -14,9 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Disable-ATPProtectionPolicyRule cmdlet to
-
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
+Use the Disable-ATPProtectionPolicyRule and Disable-EOPProtectionPolicyRule cmdlets together to turn off the Standard preset security policy or the Strict preset security policy in organizations with Microsoft Defender for Office 365.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
@@ -30,21 +28,41 @@ Disable-ATPProtectionPolicyRule [-Identity] <RuleIdParameter>
 ```
 
 ## DESCRIPTION
+Organizations with Defender for Office 365 have up to four rules that are associated with the Standard preset security policy and the Strict preset security policy:
+
+- Two rules for Exchange Online Protection (EOP) protections: The rule for the Standard Preset security policy and the rule for the Strict preset security policy control who the EOP protections in the policy (anti-malware, anti-spam, and anti-phishing) apply to (the recipient conditions and exceptions for EOP protections).
+- Two rules for Defender for Office 365 protections: The rule for the Standard Preset security policy and the rule for the Strict preset security policy control who the Defender for Office 365 protections in the policy (Safe Links and Safe Attachments) apply to (the recipient conditions and exceptions for Defender for Office 365 protections).
+
+If the command `Get-ATPProtectionPolicyRule | Format-Table Name,State` returns a rule where the State property value is Enabled, you can use this cmdlet to disable the rule. However, the corresponding preset security policy isn't turned off until you also use the Disable-EOPProtectionPolicyRule cmdlet to disable the corresponding rule for EOP protections.
+
+A rule that's associated with Defender for Office 365 protections in the Standard preset security policy or the Strict preset security policy already exists if either of the following statements are true:
+
+- You previously turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal. Whether it's currently turned on after you initially turned it on doesn't matter.
+- You previously removed the rule using the Remove-ATPProtectionPolicyRule cmdlet, and then you recreated the rule using the New-ATPProtectionPolicyRule cmdlet.
+
+For more information about preset security policies, see [Preset security policies in EOP and Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/preset-security-policies).
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-{{ Add example code here }}
+Disable-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Disable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
 ```
 
-{{ Add example description here }}
+This example turns off the Standard preset security policy. The State value of both rules is now Disabled.
 
 ## PARAMETERS
 
 ### -Identity
-{{ Fill Identity Description }}
+The Identity parameter specifies the rule that you want to disable. You can use any value that uniquely identifies the rule. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+
+By default, the available rules (if they exist) are named Standard Preset Security Policy and Strict Preset Security Policy.
 
 ```yaml
 Type: RuleIdParameter
@@ -99,12 +117,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS
@@ -14,9 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Disable-EOPProtectionPolicyRule cmdlet to
-
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
+Use the Disable-EOPProtectionPolicyRule cmdlet to turn off the Standard preset security policy or the Strict preset security policy. If your organization has Defender for Office 365, you also need to use the Disable-ATPProtectionPolicyRule cmdlet to turn off the policy.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
@@ -30,21 +28,47 @@ Disable-EOPProtectionPolicyRule [-Identity] <RuleIdParameter>
 ```
 
 ## DESCRIPTION
+All Microsoft 365 organizations can have up to two rules that are associated with Exchange Online Protection (EOP) protections in preset security policies. The rule for the Standard Preset security policy and the rule for the Strict preset security policy controls who the EOP protections in the policy (anti-malware, anti-spam, and anti-phishing) apply to (the recipient conditions and exceptions for EOP protections).
+
+In organizations that don't have Defender for Office 365, if the command `Get-EOPProtectionPolicyRule | Format-Table Name,State` returns a rule where the State property value is Enabled, you can use this cmdlet to disable the rule. This action also turns off the corresponding preset security policy.
+
+But, if your organization has Defender for Office 365, there are two more rules that are associated with Defender for Office 365 protections in preset security policies. The rule for the Standard Preset security policy and the rule for the Strict preset security policy control who the Defender for Office 365 protections in the policy (Safe Links and Safe Attachments) apply to (the recipient conditions and exceptions for Defender for Office 365 protections). The corresponding preset security policy isn't turned off until you also use the Disable-AtPProtectionPolicyRule cmdlet to disable the corresponding rule for Defender for Office 365 protections.
+
+A rule that's associated with EOP protections in the Standard preset security policy or the Strict preset security policy already exists if either of the following statements are true:
+
+- You previously turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal. Whether it's currently turned on after you initially turned it on doesn't matter.
+- You previously removed the rule using the Remove-EOPProtectionPolicyRule cmdlet, and then you recreated the rule using the New-EOPProtectionPolicyRule cmdlet.
+
+For more information about preset security policies, see [Preset security policies in EOP and Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/preset-security-policies).
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-{{ Add example code here }}
+Disable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
 ```
 
-{{ Add example description here }}
+In organizations without Defender for Office 365, this example turns off the Standard preset security policy. The State value of the rule is now Disabled.
+
+### Example 2
+```powershell
+Disable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Disable-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+```
+
+In organizations with Defender for Office 365, this example turns off the Standard preset security policy. The State value of both rules is now Disabled.
 
 ## PARAMETERS
 
 ### -Identity
-{{ Fill Identity Description }}
+The Identity parameter specifies the rule that you want to disable. You can use any value that uniquely identifies the rule. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+
+By default, the available rules (if they exist) are named Standard Preset Security Policy and Strict Preset Security Policy.
 
 ```yaml
 Type: RuleIdParameter
@@ -99,12 +123,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS
@@ -14,9 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Enable-ATPProtectionPolicyRule cmdlet to
-
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
+Use the Enable-ATPProtectionPolicyRule and Enable-EOPProtectionPolicyRule cmdlets together to turn on the Standard preset security policy or the Strict preset security policy in organizations with Microsoft Defender for Office 365.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
@@ -30,21 +28,41 @@ Enable-ATPProtectionPolicyRule [-Identity] <RuleIdParameter>
 ```
 
 ## DESCRIPTION
+Organizations with Defender for Office 365 have up to four rules that are associated with the Standard preset security policy and the Strict preset security policy:
+
+- Two rules for Exchange Online Protection (EOP) protections: The rule for the Standard Preset security policy and the rule for the Strict preset security policy control who the EOP protections in the policy (anti-malware, anti-spam, and anti-phishing) apply to (the recipient conditions and exceptions for EOP protections).
+- Two rules for Defender for Office 365 protections: The rule for the Standard Preset security policy and the rule for the Strict preset security policy control who the Defender for Office 365 protections in the policy (Safe Links and Safe Attachments) apply to (the recipient conditions and exceptions for Defender for Office 365 protections).
+
+If the command `Get-ATPProtectionPolicyRule | Format-Table Name,State` returns a rule where the State value is Disabled, you can use this cmdlet to enable the rule. However, the corresponding preset security policy isn't turned on until you also use the Enable-EOPProtectionPolicyRule cmdlet to enable the corresponding rule.
+
+A rule that's associated with the Defender for Office 365 protections in the Standard preset security policy or the Strict preset security policy exists in organizations with Defender for Office 365 if either of the following statements are true:
+
+- You previously turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal. Whether it's currently turned on after you initially turned it on doesn't matter.
+- You previously removed the rule using the Remove-ATPProtectionPolicyRule cmdlet, and then you recreated the rule using the New-ATPProtectionPolicyRule cmdlet.
+
+For more information about preset security policies, see [Preset security policies in EOP and Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/preset-security-policies).
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-{{ Add example code here }}
+Enable-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
 ```
 
-{{ Add example description here }}
+This example turns on the Standard preset security policy in the Microsoft 365 Defender portal. The State value of both rules is now Enabled.
 
 ## PARAMETERS
 
 ### -Identity
-{{ Fill Identity Description }}
+The Identity parameter specifies the rule that you want to enable. You can use any value that uniquely identifies the rule. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+
+By default, the available rules (if they exist) are named Standard Preset Security Policy and Strict Preset Security Policy.
 
 ```yaml
 Type: RuleIdParameter
@@ -99,12 +117,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS
@@ -16,8 +16,6 @@ This cmdlet is available only in the cloud-based service.
 
 Use the Enable-EOPProtectionPolicyRule cmdlet to
 
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
-
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
 ## SYNTAX
@@ -99,12 +97,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS
@@ -14,9 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Get-ATPProtectionPolicyRule cmdlet to
-
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
+Use the Get-ATPProtectionPolicyRule cmdlet to view rules that are associated with Microsoft Defender for Office 365 protections in preset security policies.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
@@ -29,21 +27,46 @@ Get-ATPProtectionPolicyRule [[-Identity] <RuleIdParameter>]
 ```
 
 ## DESCRIPTION
+In organizations with Microsoft Defender for Office 365, the Standard preset security policy and the Strict preset security policy each have a rule that's associated with Defender for Office 365 protections. These rules are available to this cmdlet and control the following settings:
+
+- Recipient conditions and exceptions that specify who the Defender for Office 365 protections in the policy (Safe Links and Safe Attachments) apply to. If the conditions and exceptions are blank, then no restrictions are placed on who the Defender for Office 365 protections in the policy apply to.
+- Whether the preset security policy is turned on or turned off (the State property value). To completely turn on or turn off the preset security policy, the State property value in the corresponding Exchange Online Protection (EOP) rule must match the State value of this rule (Enabled or Disabled).
+
+A rule that's associated with the Defender for Office 365 protections in the Standard preset security policy or the Strict preset security policy exists in organizations with Defender for Office 365 if either of the following statements are true:
+
+- You previously turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal. Whether it's currently turned on after you initially turned it on doesn't matter.
+- You previously removed the rule using the Remove-ATPProtectionPolicyRule cmdlet, and then you recreated the rule using the New-ATPProtectionPolicyRule cmdlet.
+
+For more information about preset security policies, see [Preset security policies in EOP and Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/preset-security-policies).
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-{{ Add example code here }}
+Get-ATPProtectionPolicyRule | Format-Table Name,State
 ```
 
-{{ Add example description here }}
+This example returns a summary list of the rules that are associated with Defender for Office 365 protections in preset security policies.
+
+### Example 2
+```powershell
+Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+```
+
+This example returns detailed information about the rule named Strict Preset Security Policy.
 
 ## PARAMETERS
 
 ### -Identity
-{{ Fill Identity Description }}
+The Identity parameter specifies the rule that you want to view. You can use any value that uniquely identifies the rule. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+
+By default, the available rules (if they exist) are named Standard Preset Security Policy and Strict Preset Security Policy.
 
 ```yaml
 Type: RuleIdParameter
@@ -59,7 +82,10 @@ Accept wildcard characters: False
 ```
 
 ### -State
-The State parameter filters the results by the state of the rule. Valid values are Enabled and Disabled.
+The State parameter filters the results by the state of the rule. Valid values are:
+
+- Enabled
+- Disabled
 
 ```yaml
 Type: RuleState
@@ -80,12 +106,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS
@@ -16,8 +16,6 @@ This cmdlet is available only in the cloud-based service.
 
 Use the Get-EOPProtectionPolicyRule cmdlet to
 
-**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Use the Exchange Online PowerShell V2 module](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell-v2).
-
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
 ## SYNTAX
@@ -80,12 +78,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ## INPUTS
 
-###  
-
 ## OUTPUTS
 
-###  
-
 ## NOTES
 
 ## RELATED LINKS