Merge pull request #12561 from MicrosoftDocs/main

Publish main to live, 03/03, 11:00 AM IST

Author: aditisrivastava07

exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md

@@ -81,10 +81,13 @@ The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens ar
 
 Legacy Exchange tokens include Exchange user identity and callback tokens.
 
+This switch also specifies a date and time sometime within the past seven days when an add-in was either allowed or blocked from acquiring a token.
+
 **Important**:
 
-- Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+- An update is being deployed to enable the AllowLegacyExchangeTokens switch to specify any add-in that requested an Exchange token from the last seven days. For more information, see [Get the status of legacy Exchange Online tokens and add-ins that use them](https://learn.microsoft.com/office/dev/add-ins/outlook/turn-exchange-tokens-on-off#get-the-status-of-legacy-exchange-online-tokens-and-add-ins-that-use-them).
+- The AllowLegacyExchangeTokens switch returns `Not Set` if tokens haven't been explicitly allowed or blocked in your organization using the _AllowLegacyExchangeTokens_ or _BlockLegacyExchangeTokens_ parameters on the **Set-AuthenticationPolicy** cmdlet. For more information, see [Get the status of legacy Exchange Online tokens and add-ins that use them](https://learn.microsoft.com/office/dev/add-ins/outlook/turn-exchange-tokens-on-off#get-the-status-of-legacy-exchange-online-tokens-and-add-ins-that-use-them).
+- As of February 17 2025, legacy Exchange tokens are blocked by default in all cloud-based organizations. Although tokens are blocked by default, the AllowLegacyExchangeTokens switch still returns `Not Set` if you haven't used the _AllowLegacyExchangeTokens_ or _BlockLegacyExchangeTokens_ parameters on the **Set-AuthenticationPolicy** cmdlet. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md

@@ -84,7 +84,7 @@ This switch applies to the entire organization. The Identity parameter is requir
 - Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes.
 - It might take up to 24 hours for the change to take effect across your entire organization.
 - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+- As of February 17 2025, legacy Exchange tokens are blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Set-ArcConfig.md

@@ -73,6 +73,27 @@ The first four commands return the existing list of ARC sealers. The first ARC s
 
 The last two commands remove the seventh ARC sealer that's displayed in the list.
 
+### Example 4
+```powershell
+$arcSealer = 'fabrikam.com'
+$x = @(Get-ArcConfig | Select-Object -Expand ArcTrustedSealers)
+
+$y = @($x.Split(","))
+$DomainsRemove = [System.Collections.ArrayList]($y)
+$DomainsRemove.Remove($arcSealer)
+
+if ($DomainsToRemove.Count -eq 0) {        
+   Set-ArcConfig -Identity Default -ArcTrustedSealers " "
+   }
+else {
+   Set-ArcConfig -Identity Default -ArcTrustedSealers $DomainsRemove
+   }
+```
+
+This example removes the specified ARC sealer from the list (`$arcSealer`).
+
+If no other ARC sealers exist after removing this entry from the list, using the value `" "` for the ArcTrustedSealers parameter avoids a bind argument error if the `$DomainsToRemove` value is empty.
+
 ## PARAMETERS
 
 ### -Identity
@@ -99,9 +120,11 @@ The ArcTrustedSealers parameter specifies the domain name of the ARC sealers tha
 
 The domain name must match the domain that's shown in the `d` tag in the **ARC-Seal** and **ARC-Message-Signature** headers in affected email messages (for example, fabrikam.com). You can use Outlook to see these headers.
 
-To replace the existing list of ARC sealers with the values you specify, use the syntax `Domain1,Domain2,...DomainN`. To preserve existing values, be sure to include the file types that you want to keep along with the new values that you want to add.
+To replace the existing list of ARC sealers with the values you specify, use the syntax `Domain1,Domain2,...DomainN`. To preserve existing values, be sure to include the entries that you want to keep along with the new values that you want to add.
+
+To add or remove values without affecting the other entries, see the Examples section in this article.
 
-To add or remove file types without affecting the other file type entries, see the Examples section in this topic.
+To empty the list, use the value `" "` (a space enclosed in double quotation marks).
 
 ```yaml
 Type: String[]

exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md

@@ -371,7 +371,7 @@ The switch applies to the entire organization. The Identity parameter is require
 
 - Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes.
 - It might take up to 24 hours for the change to take effect across your entire organization.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+- As of February 17 2025, legacy Exchange tokens are blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter
@@ -569,7 +569,7 @@ The switch applies to the entire organization. The Identity parameter is require
 - It might take up to 24 hours for the change to take effect across your entire organization.
 - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire.
 - Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+- As of February 17 2025, legacy Exchange tokens are blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Set-ExternalInOutlook.md

@@ -58,7 +58,11 @@ This example adds and removes the specified email addresses from the exception l
 ## PARAMETERS
 
 ### -Identity
-The Identity parameter specifies the GUID of the external sender identification object that you want to modify. Although this parameter is available, you don't need to use it.
+The Identity parameter specifies the GUID of the external sender identification object that you want to modify.
+
+This parameter is optional and typically isn't needed, because the organization's GUID resolves automatically when you use this cmdlet.
+
+If you specify an invalid Identity value, the cmdlet still runs and changes the settings for the entire organization. Always verify the Identity value before you run this cmdlet.
 
 ```yaml
 Type: OrganizationIdParameter

exchange/exchange-ps/exchange/Start-ManagedFolderAssistant.md

@@ -184,7 +184,9 @@ Accept wildcard characters: False
 ```
 
 ### -AggMailboxCleanup
-The AggMailboxCleanup switch specifies a more aggressive processing cycle if items aren't moving as quickly as they should. You don't need to specify a value with this switch.
+The AggMailboxCleanup switch specifies aggregate mailbox cleanup. You don't need to specify a value with this switch.
+
+This switch cleans up aggregate mailboxes, audits, and calendar logging.
 
 ```yaml
 Type: SwitchParameter