Merge branch 'main' into update-set-cmdlet-wording

Author: Andy447

exchange/docs-conceptual/recipientfilter-properties.md

@@ -120,7 +120,7 @@ The recipient properties that have been *confirmed* to work with the _RecipientF
 |_ExchangeUserAccountControl_|_msExchUserAccountControl_|For valid values, see [ADS_USER_FLAG_ENUM enumeration](/windows/win32/api/iads/ne-iads-ads_user_flag_enum). The integer values will work as described. Most of the text values won't work as described (even if you remove `ADS_UF` and all underscores).||
 |_ExchangeVersion_|_msExchVersion_|Dynamic distribution groups: String (wildcards accepted). <br> Others: `ExchangeObjectVersion` values.||
 |_ExpansionServer_|_msExchExpansionServerName_|String (wildcards accepted).||
-|_ExtensionCustomAttribute1_ to _ExtensionCustomAttribute5_|_msExchExtensionCustomAttribute1_ to _msExchExtensionCustomAttribute5_|String (wildcards accepted).||
+|_ExtensionCustomAttribute1_ to _ExtensionCustomAttribute5_|_msExchExtensionCustomAttribute1_ to _msExchExtensionCustomAttribute5_|String (wildcards accepted).|Currently, these attributes aren't useable as filters in Exchange Online. For more information, see [Microsoft Entra Connect Sync: Attributes synchronized to Microsoft Entra ID](/entra/identity/hybrid/connect/reference-connect-sync-attributes-synchronized).|
 |_ExternalDirectoryObjectId_|_msExchExternalDirectoryObjectId_|String (wildcards accepted).||
 |_ExternalEmailAddress_|_targetAddress_|String (wildcards accepted).|This property contains the external email address for mail contacts and mail users.|
 |_ExternalOofOptions_|_msExchExternalOOFOptions_|`External` (0) or `InternalOnly` (1).||

exchange/exchange-ps/exchange/Export-ActivityExplorerData.md

@@ -33,6 +33,135 @@ Export-ActivityExplorerData -EndTime <DateTime> -OutputFormat <String> -StartTim
 ```
 
 ## DESCRIPTION
+This cmdlet supports following filters:
+
+- Activity
+- Application
+- ArtifactType
+- ClientIP
+- ColdScanPolicyId
+- CopilotAppHost
+- CopilotThreadId
+- CopilotType
+- CreationTime
+- DataState
+- DestinationFilePath
+- DestinationLocationType
+- DeviceName
+- DLPPolicyId
+- DLPPolicyRuleId
+- EmailReceiver
+- EmailSender
+- EndpointOperation
+- EnforcementMode
+- FalsePositive
+- FileExtension
+- GeneralPurposeComparison
+- HowApplied
+- HowAppliedDetail
+- IrmUrlCategory
+- IsProtected
+- IsProtectedBefore
+- ItemName
+- LabelEventType
+- Location
+- MDATPDeviceId
+- OriginatingDomain
+- PageSize
+- ParentArchiveHash
+- Platform
+- PolicyId
+- PolicyMode
+- PolicyName
+- PolicyRuleAction
+- PolicyRuleId
+- PolicyRuleName
+- PreviousFileName
+- PreviousProtectionOwner
+- ProtectionEventType
+- ProtectionOwner
+- RemovableMediaDeviceManufacturer
+- RemovableMediaDeviceModel
+- RemovableMediaDeviceSerialNumber
+- RetentionLabel
+- RMSEncrypted
+- SensitiveInfoTypeClassifierType
+- SensitiveInfoTypeConfidence
+- SensitiveInfoTypeCount
+- SensitiveInfoTypeId
+- SensitivityLabel
+- SensitivityLabelPolicy
+- Sha1
+- Sha256
+- SourceLocationType
+- TargetDomain
+- TargetPrinterName
+- User
+- UsersPerDay
+- Workload
+
+Valid workload filters include the following values:
+
+- Copilot
+- Endpoint
+- Exchange
+- OnPremisesFileShareScanner
+- OnPremisesSharePointScanner
+- OneDrive
+- PowerBI
+- PurviewDataMap
+- SharePoint
+
+Valid activity filters include the following values:
+
+- AIAppInteraction
+- ArchiveCreated
+- AutoLabelingSimulation
+- BrowseToUrl
+- ChangeProtection
+- ClassificationAdded
+- ClassificationDeleted
+- ClassificationUpdated
+- CopilotInteraction
+- DLPInfo
+- DLPRuleEnforce
+- DLPRuleMatch
+- DLPRuleUndo
+- DlpClassification
+- DownloadFile
+- DownloadText
+- FileAccessedByUnallowedApp
+- FileArchived
+- FileCopiedToClipboard
+- FileCopiedToNetworkShare
+- FileCopiedToRemoteDesktopSession
+- FileCopiedToRemovableMedia
+- FileCreated
+- FileCreatedOnNetworkShare
+- FileCreatedOnRemovableMedia
+- FileDeleted
+- FileDiscovered
+- FileModified
+- FilePrinted
+- FileRead
+- FileRenamed
+- FileTransferredByBluetooth
+- FileUploadedToCloud
+- LabelApplied
+- LabelChanged
+- LabelRecommended
+- LabelRecommendedAndDismissed
+- LabelRemoved
+- NewProtection
+- PastedToBrowser
+- RemoveProtection
+- ScreenCapture
+- UploadFile
+- UploadText
+- WebpageCopiedToClipboard
+- WebpagePrinted
+- WebpageSavedToLocal
+
 To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions).
 
 ## EXAMPLES
@@ -55,7 +184,7 @@ This example exports up to 100 records for the specified date range in Json form
 ```powershell
 $res = Export-ActivityExplorerData -StartTime "07/08/2022 07:15 AM" -EndTime "07/08/2022 11:08 AM" -PageSize 5000 -OutputFormat Json
 
-#Run the below steps in loop until all results are fetched
+#Run the following steps in loop until all results are fetched
 
 while ($res.LastPage -ne $true)
 {

exchange/exchange-ps/exchange/Get-IPv6StatusForAcceptedDomain.md

@@ -34,6 +34,11 @@ If IPv6 is enabled for an accepted domain in Exchange Online, IPv4 and IPv6 addr
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
+> [!NOTE]
+> When you use the Enable-IPv6ForAcceptedDomain or Disable-IPv6ForAcceptedDomain cmdlets to update the IPv6 setting for an accepted domain, the updated status can take up to an hour to be visible using Get-IPv6StatusForAcceptedDomain due to caching.
+>
+> For example, Get-IPv6StatusForAcceptedDomain shows the status value Enabled for a domain. You run Disable-IPv6ForAcceptedDomain to disable IPv6 for the domain, you immediately run Get-IPv6StatusForAcceptedDomain to check the staus of the domain, and the command erroneously returns the value Enabled. It might take up to an hour before Get-IPv6StatusForAcceptedDomain shows the correct value Disabled for the domain.
+
 ## EXAMPLES
 
 ### Example 1
@@ -96,10 +101,7 @@ Accept wildcard characters: False
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
 
-## INPUTS
 
-## OUTPUTS
 
-## NOTES
 
-## RELATED LINKS
+

exchange/exchange-ps/exchange/Get-RecipientPermission.md

@@ -34,6 +34,9 @@ Get-RecipientPermission [[-Identity] <RecipientIdParameter>]
 ## DESCRIPTION
 When a user is given SendAs permission to another user or group, the user can send messages that appear to come from the other user or group.
 
+> [!NOTE]
+> This cmdlet doesn't return expected results when the recipient specified by the Trustee parameter has multiple `SecurityPrincipalIdParameter` (Sid) values. When you use the Trustee parameter, the command compares the Sid of the specified Trustee with the recipient's access control list (ACL) record. If some of the recipient's Sid values have changed, there's a mismatch. The workaround is to not to use the user principal name (UPN) value, to use all Sids including the one for history.
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES

exchange/exchange-ps/exchange/Get-SpoofIntelligenceInsight.md

@@ -14,7 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Get-SpoofIntelligenceInsight cmdlet to view spoofed senders that were allowed or blocked by spoof intelligence during the last 7 days.
+Use the Get-SpoofIntelligenceInsight cmdlet to view spoofed senders that were allowed or blocked by spoof intelligence during the last 30 days.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 

exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md

@@ -76,6 +76,7 @@ The ListType parameter specifies the list to view. Valid values are:
 - FileHash
 - Sender
 - Url
+- IP
 
 ```yaml
 Type: ListType
@@ -96,6 +97,7 @@ The Entry parameter filters the results based on the ListType parameter value. V
 - FileHash: The exact SHA256 file hash value.
 - Sender: The exact domain or email address value.
 - Url: The exact URL value.
+- IP: IPv6 addresses only. Single IPv6 addresses in colon-hexadecimal or zero-compression format or CIDR IPv6 ranges from 1 to 128.
 
 This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet.
 

exchange/exchange-ps/exchange/New-SafeAttachmentPolicy.md

@@ -38,7 +38,7 @@ New-SafeAttachmentPolicy [-Name] <String>
 ## DESCRIPTION
 Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://learn.microsoft.com/defender-office-365/safe-attachments-about).
 
-New safe attachment policies that you create using this cmdlet aren't applied to users and aren't visible in the admin center. You need to use the SafeAttachmentPolicy parameter on the New-SafeAttachmentRule or Set-SafeAttachmentRule cmdlets to associate the policy with a rule to create a complete Safe Attachments policy that's visible in the admin center.
+New safe attachment policies that you create using this cmdlet aren't applied to users and aren't visible in the Microsoft Defender portal. You need to use the SafeAttachmentPolicy parameter on the New-SafeAttachmentRule or Set-SafeAttachmentRule cmdlets to associate the policy with a rule to create a complete Safe Attachments policy that's visible in the Defender portal.
 
 A safe attachment policy can be assigned to only one safe attachment rule.
 
@@ -79,13 +79,13 @@ Accept wildcard characters: False
 ### -Action
 The Action parameter specifies the action for the safe attachment policy. Valid values are:
 
-- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the admin center.
+- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the Microsoft Defender portal.
 - Block: Block the email message that contains the malware attachment. This is the default value.
 - DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe. For more information, see [Dynamic Delivery in Safe Attachments policies](https://learn.microsoft.com/defender-office-365/safe-attachments-about#dynamic-delivery-in-safe-attachments-policies).
 
 The value of this parameter is meaningful only when the value of the Enable parameter is $true (the default value is $false).
 
-To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the admin center), use the value $false for the Enable parameter.
+To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the Defender portal), use the value $false for the Enable parameter.
 
 The results of all actions are available in message trace.
 
@@ -219,11 +219,9 @@ Accept wildcard characters: False
 ### -Redirect
 The Redirect parameter specifies whether to deliver messages to an alternate email address if malware is detected in an attachment. Valid values are:
 
-- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter.
+- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter. This value is meaningful only when the value of the Action parameter is Allow.
 - $false: Messages that contain malware attachments aren't delivered to another email address. This is the default value.
 
-**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
-
 ```yaml
 Type: Boolean
 Parameter Sets: (All)
@@ -240,9 +238,7 @@ Accept wildcard characters: False
 ### -RedirectAddress
 The RedirectAddress parameter specifies the destination email address to deliver messages if malware is detected in an attachment.
 
-The value of this parameter is meaningful only when when value of the Redirect parameter is $true and the value of the Action parameter is Allow.
-
-**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
+The value of this parameter is meaningful only when value of the Redirect parameter is $true and the value of the Action parameter is Allow.
 
 ```yaml
 Type: SmtpAddress

exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md

@@ -82,16 +82,27 @@ The Entries parameter specifies the values that you want to add to the Tenant Al
 - FileHash: Use the SHA256 hash value of the file. In Windows, you can find the SHA256 hash value by running the following command in a Command Prompt: `certutil.exe -hashfile "<Path>\<Filename>" SHA256`. An example value is `768a813668695ef2483b2bde7cf5d1b2db0423a0d3e63e498f3ab6f2eb13ea3`.
 - Sender: A domain or email address value. For example, `contoso.com` or `michelle@contoso.com`.
 - URL: Use IPv4 or IPv6 addresses or hostnames. Wildcards (* and ~) are supported in hostnames. Protocols, TCP/UDP ports, or user credentials are not supported. For details, see [URL syntax for the Tenant Allow/Block List](https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-urls-configure#url-syntax-for-the-tenant-allowblock-list).
+- IP: IPv6 addresses only:
+
+  • Single IPv6 addresses in colon-hexadecimal format (for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
+
+  • Single IPv6 addresses in zero-compression format (for example, 2001:db8::1 for 2001:0db8:0000:0000:0000:0000:0000:0001).
+
+  • CIDR IPv6 ranges from 1 to 128 (for example, 2001:0db8::/32).
 
 To enter multiple values, use the following syntax: `"Value1","Value2",..."ValueN"`.
 
-For senders, files, and URLs the maximum number of allow entries for each type is 500, and the maximum number of block entries for each type is 500 (1000 entries total for each type).
+Entry limits for each list subtype (sender, URL, file, or IP address):
+
+- **Exchange Online Protection**: The maximum number of allow entries is 500, and the maximum number of block entries is 500.
+- **Defender for Office 365 Plan 1**: The maximum number of allow entries is 1000, and the maximum number of block entries is 1000.
+- **Defender for Office 365 Plan 2**: The maximum number of allow entries is 5000, and the maximum number of block entries is 10000.
 
 The maximum number of characters in a file entry is 64 and the maximum number of characters in a URL entry is 250.
 
-You can't mix value types (file, sender, or URL) or allow and block actions in the same command.
+You can't mix value types (sender, URL, file, or IP address) or allow and block actions in the same command.
 
-In most cases, you can't modify the URL, file, or sender values after you create the entry. The only exception is allow URL entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery).
+In most cases, you can't modify the sender, URL, file, or IP address values after you create the entry. The only exception is URL allow entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery).
 
 ```yaml
 Type: String[]
@@ -135,6 +146,7 @@ The ListType parameter specifies the type of entry to add. Valid values are:
 - FileHash
 - Sender
 - Url
+- IP
 
 ```yaml
 Type: ListType
@@ -156,6 +168,7 @@ This switch is available to use in the following scenarios:
 
 - With the Block switch.
 - With the Allow switch where the ListType parameter value is URL and the ListSubType parameter value is AdvancedDelivery.
+- With the Allow switch where the ListType parameter value is IP.
 
 You can't use this switch with the ExpirationDate or RemoveAfter parameter.
 

exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md

@@ -63,10 +63,11 @@ The Entries parameter specifies the entries that you want to remove based on the
 - FileHash: The exact SHA256 file hash value.
 - Sender domains and email addresses: The exact domain or email address value.
 - Url: The exact URL value.
+- IP: IPv6 addresses only. Single IPv6 addresses in colon-hexadecimal or zero-compression format or CIDR IPv6 ranges from 1 to 128.
 
 This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet.
 
-You can't mix value types (file, sender, or URL) or allow and block actions in the same command.
+You can't mix value types (sender, URL, file, or IP address) or allow and block actions in the same command.
 
 You can't use this parameter with the Ids parameter.
 
@@ -109,6 +110,7 @@ The ListType parameter specifies the type of entry that you want to remove. Vali
 - FileHash
 - Sender
 - Url
+- IP
 
 ```yaml
 Type: ListType

exchange/exchange-ps/exchange/Set-ComplianceSecurityFilter.md

@@ -43,7 +43,7 @@ $filterusers = Get-ComplianceSecurityFilter -FilterName "Ottawa Users Filter"
 
 $filterusers.users.add("pilarp@contoso.com")
 
-Set-ComplianceSecurityFilter -FilterName OttawaUsersFilter -Users $filterusers.users
+Set-ComplianceSecurityFilter -FilterName "Ottawa Users Filter" -Users $filterusers.users
 ```
 
 This example adds user pilarp@contoso.com to the compliance security filter named Ottawa Users Filter without affecting other users assigned to the filter.
@@ -54,7 +54,7 @@ $filterusers = Get-ComplianceSecurityFilter -FilterName "Ottawa Users Filter"
 
 $filterusers.users.remove("annb@contoso.com")
 
-Set-ComplianceSecurityFilter -FilterName OttawaUsersFilter -Users $filterusers.users
+Set-ComplianceSecurityFilter -FilterName "Ottawa Users Filter" -Users $filterusers.users
 ```
 
 This example removes user annb@contoso.com to the compliance security filter named Ottawa Users Filter without affecting other users assigned to the filter.

exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md

@@ -1129,7 +1129,7 @@ Accept wildcard characters: False
 ```
 
 ### -RemoveTeamsLocation
-The AddTeamsLocation parameter specifies the accounts, distribution groups, or mail-enabled security groups to remove from the list of included Teams chat and channel messages if you used the value All for the TeamsLocation parameter. You specify the entries by the email address or name of the account, distribution group, or mail-enabled security group.
+The RemoveTeamsLocation parameter specifies the accounts, distribution groups, or mail-enabled security groups to remove from the list of included Teams chat and channel messages if you used the value All for the TeamsLocation parameter. You specify the entries by the email address or name of the account, distribution group, or mail-enabled security group.
 
 To enter multiple values, use the following syntax: `<value1>,<value2>,...<valueX>`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"<value1>","<value2>",..."<valueX>"`.