Merge branch 'main' into patch-26

Author: CLYVR

exchange/docs-conceptual/client-advanced-settings.md

@@ -429,7 +429,7 @@ To ensure that the NTFS owner value is preserved, set the *UseCopyAndPreserveNTF
 > [!CAUTION]
 > For the scanner: Define this advanced setting only when you can ensure a low-latency, reliable network connection between the scanner and the scanned repository. A network failure during the automatic labeling process can cause the file to be lost.
 
-Example PowerShell command, where your label policy is named "Scanner"
+Example PowerShell command, where your label policy is named "Global"
 
 ```PowerShell
 Set-LabelPolicy -Identity Global -AdvancedSettings @{UseCopyAndPreserveNTFSOwner ="true"}

exchange/exchange-ps/exchange/Invoke-ComplianceSecurityFilterAction.md

@@ -0,0 +1,225 @@
+---
+external help file: Microsoft.Exchange.TransportMailflow-Help.xml
+online version: https://learn.microsoft.com/powershell/module/exchange/invoke-compliancesecurityfilteraction
+applicable: Security & Compliance
+title: Invoke-ComplianceSecurityFilterAction
+schema: 2.0.0
+author: chrisda
+ms.author: chrisda
+ms.reviewer:
+---
+
+# Invoke-ComplianceSecurityFilterAction
+
+## SYNOPSIS
+This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell).
+
+Use the Invoke-ComplianceSecurityFilterAction cmdlet to view and set compliance boundaries for Microsoft OneDrive sites in cloud-based organizations.
+
+For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
+
+## SYNTAX
+
+```
+Invoke-ComplianceSecurityFilterAction [-Action] <String> [-PropertyName] <String> [[-PropertyValue] <String>] [-SiteUrl] <String>
+ [-Confirm]
+ [-WhatIf]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+This cmdlet is useful in scenarios where the OneDrive site has fallen out of the compliance boundary due to a departed user and a corresponding inactive mailbox.
+
+To use this cmdlet in Security & Compliance PowerShell, you need to be a member of the Compliance Administrator role group. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions).
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> Invoke-ComplianceSecurityFilterAction -Action GetStatus -PropertyName CustomAttribute1 -SiteUrl https://contoso-my.sharepoint.com/personal/lila_contoso_onmicrosoft_com/_layouts/15/onedrive.aspx
+
+SiteUrlOrEmailAddress : https://contoso-my.sharepoint.com/personal/lila_contoso_onmicrosoft_com/_layouts/15/onedrive.aspx
+BoundaryType          : UserMailbox
+BoundaryInstruction   : Set via Set-Mailbox
+BoundaryObjectId      : SPO_f82ace6e-817e-4752-8917-67164dabde98@SPO_775ea11f-a2af-7821-b04c-9848e903ce47
+BoundaryStatus        : Success
+BoundaryProperty      : CustomAttribute1
+BoundaryPropertyValue :
+```
+
+This example returns the status of a OneDrive site to indicate it's associated to a UserMailbox and the CustomAttribute1 property isn't currently set.
+
+### Example 2
+```powershell
+PS C:\> Invoke-ComplianceSecurityFi1terAction Action GetStatus -PropertyName "CustomAttribute3" -EmailAddress "nina@contoso.onmicrosoft.com"
+
+SiteUrlOrEmailAddress : nina@contoso.onmicrosoft.com
+BoundaryType          : UserMailbox
+BoundaryInstruction   : Set via Set-Mailbox
+BoundaryObjectId      : nina@contoso.onmicrosoft.com
+BoundaryStatus        : Success
+BoundaryProperty      : CustomAttribute3
+BoundaryPropertyVa1ue :
+```
+
+This example returns the status of a mailbox to indicate the mailbox is inactive, and the CustomAttribute3 property isn't currently set.
+
+### Example 3
+```powershell
+PS C:\> Invoke-ComplianceSecurityFi1terAction -Action GetStatus -PropertyName "CustomAttribute3" -EmailAddress "zhexuan@contoso.onmicrosoft.com"
+
+SiteUrlOrEmailAddress : zhexuan@contoso.onmicrosoft.com
+BoundaryType          : InactiveMailbox
+BoundaryInstruction   : Set via Invoke-ComplianceSecurityFiIterAction -Set
+BoundaryObjectId      : zhexuan@contoso.onmicrosoft.com
+BoundaryStatus        : Success
+BoundaryProperty      : CustomAttribute3
+BoundaryPropertyVa1ue : test33
+```
+
+This example returns the status of a mailbox to indicate the mailbox is inactive, and the CustomAttribute3 property is currently set to test33.
+
+### Example 4
+```powershell
+Invoke-ComplianceSecurityFilterAction -Action Set -PropertyName CustomAttribute1 -PropertyValue "Research and Development" -SiteUrl https://contoso-my.sharepoint.com/personal/lila_contoso_onmicrosoft_com/_layouts/15/onedrive.aspx
+```
+
+This example sets the boundary of the specified OneDrive site for a user who left the company.
+
+### Example 5
+```powershell
+PS C:\> Invoke-ComplianceSecurityFiIterAction -Action Set -PropertyName "CustomAttribute3" -PropertyValue "ProjectX" -EmailAddress "zhexuan@contoso.onmicrosoft.com"
+
+Set action succeeded, please use GetStatus to check the result.
+
+PS C:\> Invoke-ComplianceSecurityFiIterAction -Action GetStatus -PropertyName "CustomAttribute3" -EmailAddress "zhexuan@contoso.onmicrosoft.com"
+
+SiteUrlOrEmailAddress : zhexuan@contoso.onmicrosoft.com
+BoundaryType          : InactiveMailbox
+BoundaryInstruction   : Set via Invoke-ComplianceSecurityFiIterAction -Set
+BoundaryObjectId      : zhexuan@contoso.onmicrosoft.com
+BoundaryStatus        : Success
+BoundaryProperty      : CustomAttribute3
+BoundaryPropertyVa1ue : ProjectX
+```
+
+This example sets the boundary of the specified OneDrive site to the specified CustomAttribute3 property value, and runs another command to review the result.
+
+## PARAMETERS
+
+### -Action
+The Action parameter specifies the action for the command. Valid values are:
+
+- GetStatus
+- Set
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PropertyName
+The PropertyName parameter specifies the name of the property of the compliance boundary for the OneDrive site that you want to view or modify. Valid values are:
+
+- CustomAttribute1 to CustomAttribute15
+
+Use the PropertyValue parameter to set the compliance boundary.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PropertyValue
+The PropertyValue parameter specifies the value of the PropertyName value when you use the Action parameter value Set to set the compliance boundary of a OneDrive site. If the value contains spaces, enclose the value in quotation marks (").
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SiteUrl
+The SiteUrl parameter specifies the OneDrive site that you want to view or modify. This parameter uses the syntax `https://<domain>-my.sharepoint.com/personal/<user>_<domain>_onmicrosoft_com/_layouts/15/onedrive.aspx`. For example: `https://contoso-my.sharepoint.com/personal/lila_contoso_onmicrosoft_com/_layouts/15/onedrive.aspx`.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: True
+Position: 4
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
+
+- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`.
+- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+The WhatIf switch doesn't work in Security & Compliance PowerShell.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+
+## RELATED LINKS

exchange/exchange-ps/exchange/New-AddressBookPolicy.md

@@ -115,7 +115,19 @@ Accept wildcard characters: False
 ```
 
 ### -RoomList
-The RoomList parameter specifies the room address list that will be used by mailbox users who are assigned this address book policy. You can specify only one room list for each address book policy.
+The RoomList parameter specifies an address list that used for location experiences for mailbox users who have this address book policy assigned to them.
+
+- When using location experiences (for example, Room Finder or selecting a conference room when scheduling a meeting), users see only resources that match the [RecipientFilter](https://learn.microsoft.com/powershell/module/exchange/new-addresslist#-recipientfilter) results from the address list that's specified by this parameter.
+- When using experiences that aren't location specific (for example, the To or Cc fields of a calendar event), the address lists specified by the AddressLists parameter in this address book policy are applied. The address list specified by this parameter isn't used.
+
+A valid value for this parameter is one address list. You can use any value that uniquely identifies the address list. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+
+> [!NOTE]
+> There's no automatic association between this parameter and [room list distribution groups](https://learn.microsoft.com/exchange/recipients/room-mailboxes#create-a-room-list), which also use a parameter named RoomList in the New-DistributionGroup and Set-DistributionGroup cmdlets. You still need to create room list distribution groups and assign resources as group members. Location experiences are filtered to show only rooms included in the address list that's specified by the RoomList property of the address book policy that's assigned to the user (if any).
 
 ```yaml
 Type: AddressListIdParameter

exchange/exchange-ps/exchange/New-DistributionGroup.md

@@ -304,7 +304,7 @@ The HiddenGroupMembershipEnabled switch specifies whether to hide the members of
 
 You can use this setting to help comply with regulations that require you to hide group membership from members or outsiders (for example, a distribution group that represents students enrolled in a class).
 
-**Note**: You can't change this setting after you create the group. If you create the group with hidden membership, you can't edit the group later to reveal the membership to the group, or vice-versa.
+**Note**: If you create the group with hidden membership, you can't edit the group later to reveal the membership to the group.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/New-InboundConnector.md

@@ -92,7 +92,7 @@ Accept wildcard characters: False
 ```
 
 ### -SenderDomains
-The SenderDomains parameter specifies the source domains that the connector accepts messages for. A valid value is an SMTP domain. Wildcards are supported to indicate a domain and all subdomains (for example, \*.contoso.com), but you can't embed the wildcard character (for example, domain.\*.contoso.com is not valid).
+The SenderDomains parameter specifies the source domains that a Partner type connector accepts messages for (limits the scope of a Partner type connector). A valid value is an SMTP domain. Wildcards are supported to indicate a domain and all subdomains (for example, `*.contoso.com`). However, you can't embed the wildcard character (for example, `domain.*.contoso.com` isn't valid).
 
 You can specify multiple domains separated by commas.
 
@@ -227,7 +227,7 @@ Accept wildcard characters: False
 The ConnectorType parameter specifies the category for the source domains that the connector accepts messages for. Valid values are:
 
 - Partner: External partners or services.
-- OnPremises: Your on-premises email organization. Use this value for accepted domains in your cloud-based organization that are also specified by the SenderDomains parameter.
+- OnPremises: The connector services domains that are used by your on-premises organization. OnPremises connectors grant special rights to an email that matches the connector and additional requirements. For example: allowing relay through the tenant to internet destinations, promoting emails from on-premises or other environments as internal (in a hybrid configuration), or enabling other more complex mail flows.
 
 ```yaml
 Type: TenantConnectorType
@@ -353,11 +353,13 @@ Accept wildcard characters: False
 ```
 
 ### -RequireTls
-The RequireTLS parameter specifies whether to require TLS transmission for all messages that are received by the connector. Valid values are:
+The RequireTLS parameter specifies whether to require TLS transmission for all messages that are received by a Partner type connector. Valid values are:
 
 - $true: Reject messages if they aren't sent over TLS. This is the default value
 - $false: Allow messages if they aren't sent over TLS.
 
+**Note**: This parameter applies only to Partner type connectors.
+
 ```yaml
 Type: Boolean
 Parameter Sets: (All)
@@ -372,11 +374,13 @@ Accept wildcard characters: False
 ```
 
 ### -RestrictDomainsToCertificate
-The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector. Valid values are:
+The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the Partner type connector. Valid values are:
 
 - $true: Mail is allowed to use the connector only if the Subject value of the TLS certificate that the source email server uses to authenticate matches the TlsSenderCertificateName parameter value.
 - $false: The Subject value of the TLS certificate that the source email server uses to authenticate doesn't control whether mail from that source uses the connector. This is the default value.
 
+**Note**: This parameter applies only to Partner type connectors.
+
 ```yaml
 Type: Boolean
 Parameter Sets: (All)
@@ -391,11 +395,13 @@ Accept wildcard characters: False
 ```
 
 ### -RestrictDomainsToIPAddresses
-The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses. Valid values are:
+The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses for Partner type connectors. Valid values are:
 
 - $true: Automatically reject mail from domains that are specified by the SenderDomains parameter if the source IP address isn't also specified by the SenderIPAddress parameter.
 - $false: Don't automatically reject mail from domains that are specified by the SenderDomains parameter based on the source IP address. This is the default value.
 
+**Note**: This parameter applies only to Partner type connectors.
+
 ```yaml
 Type: Boolean
 Parameter Sets: (All)
@@ -426,7 +432,7 @@ Accept wildcard characters: False
 ```
 
 ### -SenderIPAddresses
-The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the connector accepts messages from. Valid values are:
+The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the Partner type connector accepts messages from when the value of the RestrictDomainsToIPAddresses parameter is $true. Valid values are:
 
 - Single IP address: For example, 192.168.1.1.
 - Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25. Valid subnet mask values are /24 through /32.
@@ -435,6 +441,8 @@ You can specify multiple IP addresses separated by commas.
 
 IPv6 addresses are not supported.
 
+**Note**: This parameter applies to Partner type connectors only if the value of the RestrictDomainsToIPAddresses parameter is $true.
+
 ```yaml
 Type: MultiValuedProperty
 Parameter Sets: (All)

exchange/exchange-ps/exchange/New-LabelPolicy.md

@@ -110,6 +110,8 @@ Supported settings for built-in labeling:
 
 - **EnableAudit**: Prevent Office apps from sending sensitivity label data to Microsoft 365 auditing solutions. Supported apps: Word, Excel, and PowerPoint on Windows (version 2201+), macOS (version 16.57+), iOS (version 2.57+), and Android (version 16.0.14827+); Outlook on Windows (version 2201+), Outlook on the web, and rolling out to macOS, iOS, and Android. Example: `New-LabelPolicy -Identity Global -AdvancedSettings @{EnableAudit="False"}`.
 
+- **EnableRevokeGuiSupport**: Remove the Track & Revoke button from the sensitivity menu in Office clients. Supported apps: Word, Excel, and PowerPoint on Windows (version 2406+). Example: `New-LabelPolicy -Identity Global -AdvancedSettings @{EnableRevokeGuiSupport="False"}`. For more information about this configuration choice, see [Track and revoke document access](https://learn.microsoft.com/purview/track-and-revoke-admin).
+
 - **DisableMandatoryInOutlook**: Outlook apps that support this setting exempt Outlook messages from mandatory labeling. Example: `New-LabelPolicy -Identity Global -AdvancedSettings @{DisableMandatoryInOutlook="True"}`. For more information about this configuration choice, see [Outlook-specific options for default label and mandatory labeling](https://learn.microsoft.com/purview/sensitivity-labels-office-apps#outlook-specific-options-for-default-label-and-mandatory-labeling).
 
 - **DisableShowSensitiveContent**: For Office apps that highlight the sensitive content that caused a label to be recommended, turn off these highlights and corresponding indications about the sensitive content. For more information, see [Sensitivity labels are automatically applied or recommended for your files and emails in Office](https://support.microsoft.com/office/sensitivity-labels-are-automatically-applied-or-recommended-for-your-files-and-emails-in-office-622e0d9c-f38c-470a-bcdb-9e90b24d71a1). Supported apps: Word for Windows (version 2311+). Example: `Set-LabelPolicy -Identity Global -AdvancedSettings @{DisableShowSensitiveContent="True"}`