Adding some bits of module 4

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/audit-logs.mdx

@@ -0,0 +1,6 @@
+---
+title: Audit logs
+pcx_content_type: how-to
+sidebar:
+  order: 4
+---

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/email-dispositions.mdx

@@ -0,0 +1,8 @@
+---
+title: Email dispositions
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+{/* CREATE PARTIAL */}

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/enable-auto-move.mdx

@@ -0,0 +1,10 @@
+---
+title: Enable auto-move options
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+When you set up auto-moves in Section 5,  you can move messages manually or set up automatic moves to send messages matching certain dispositions to specific folders within a user’s mailbox. You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
+
+Refer to the Office 365 guide in section 5 for detailed information. 

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/index.mdx

@@ -0,0 +1,8 @@
+---
+title: What to consider prior to production deployment
+pcx_content_type: overview
+sidebar:
+  order: 1
+---
+
+Before deploying Email Security to production, you will have to consider reporting any phishing attacks, evaluating which disposition to assign a specific message, and using different screen criteria to search through your inbox.

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/phish-report.mdx

@@ -0,0 +1,15 @@
+---
+title: Phish reports
+pcx_content_type: how-to
+sidebar:
+  order: 4
+---
+
+Email Security automatically generates a Phishing Risk Assessment Report (PRA) to provide an overview of your email traffic. The report only includes malicious emails. Spam and bulk emails are not included.
+
+To generate a phishing risk assessment report:
+
+1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+2. Select **Monitoring**.
+3. Select **Generate summary report**.
+4. Select **Generate and download**.

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/search-inbox.mdx

@@ -0,0 +1,14 @@
+---
+title: Search through your inbox
+pcx_content_type: how-to
+sidebar:
+  order: 3
+---
+
+With Email Security, you can use different screen criteria to search through your email inbox.There are three to scan through your email inbox:
+
+- **Popular screen**: Allows you to view messages based on common pre-defined criteria.
+- **Regular screen**: Allows you to investigate your inbox by inserting a term to screen across all criteria.
+- **Advanced screen**: Allows you to narrow message results based on specific criteria.
+
+Refer to [Search email](https://developers.cloudflare.com/cloudflare-one/insights/email-monitoring/search-email/) for advanced documentation. 

src/content/docs/learning-paths/secure-o365-email/pre-production-deployment/submit-a-phish.mdx

@@ -0,0 +1,20 @@
+---
+title: Submit a phish
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+PhishNet is an add-in button that helps users to submit directly to Email Security phish samples missed by Email Security detection. 
+
+PhishNet is an add-in button that helps users to submit directly to Email Security <GlossaryTooltip term="phishing">phish</GlossaryTooltip> samples missed by Email Security's detection. 
+
+To set up PhishNet O365:
+
+1. Log in to the Microsoft admin panel. Go to **Microsoft 365 admin center** > **Settings** > **Integrated Apps**.
+2. Select **Upload custom apps**.
+3. Choose **Provide link to manifest file** and paste the the following URL:
+    ```txt
+    https://phishnet-o365.area1cloudflare-webapps.workers.dev?clientId=ODcxNDA0MjMyNDM3NTA4NjQwNDk1Mzc3MDIxNzE0OTcxNTg0Njk5NDEyOTE2NDU5ODQyNjU5NzYzNjYyNDQ3NjEwMzIxODEyMDk1NQ
+    ```
+4. Verify and complete the wizard.

src/content/docs/learning-paths/zero-trust-web-access/access-application/best-practices.mdx

@@ -24,4 +24,4 @@ Access applications have an inherently flexible and powerful domain structure ca
 
 Many customers who have workflows designed around internal web applications, especially those that were built internally, often see challenges related to interdependencies on multiple internal services. Separately, there can be challenges related to SPAs (Single-Page Applications) that make onboarding to a Zero Trust Web Access service difficult. For example, an application may have iFrames or other embedded systems that rely on different internal and/or external addresses.
 
-If your internal service operates in this way, we recommend specifying multiple top-level domains in a single Access application. Otherwise, if the goal of using multiple domains is to streamline or simplify policy creation, we recommend making one primary domain per application, and automating the rest of your deployment [using Terraform](/learning-paths/zero-trust-web-access/terraform/) or another Infrastructure as Code (IaC) service.
+If your internal service operates in this way, we recommend specifying multiple top-level domains in a single Access application. Otherwise, if the goal of using multiple domains is to streamline or simplify policy creation, we recommend making one primary domain per application, and automating the rest of your deployment [using Terraform](/learning-paths/zero-trust-web-access/terraform/) or another Infrastructure as Code (IaC) service.