From efcb6a17c47704e02b949d1a7f01d67056ca6199 Mon Sep 17 00:00:00 2001
From: Kartik P V R <pullabhk@microsoft.com>
Date: Fri, 26 Sep 2025 13:03:53 +0530
Subject: [PATCH 1/2] RAC support for SPE containers

---
 .../Set-SPOContainer.md                       | 133 ++++++++++++++++--
 1 file changed, 123 insertions(+), 10 deletions(-)

diff --git a/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md b/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
index 91f5f2565..1fad3c3d4 100644
--- a/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
+++ b/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
@@ -30,6 +30,30 @@ Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-BlockDownloadPolicy <Boole
  [-Confirm] [<CommonParameters>]
 ```
 
+### RestrictedAccessControl
+```
+Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-EnableRestrictedAccessControl <Boolean>]
+ [-RestrictedAccessControlGroups <Guid[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+### RestrictedAccessControlGroupsToAdd
+```
+Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-RestrictedAccessControlGroupsToAdd <Guid[]>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
+```
+
+### RestrictedAccessControlGroupsToRemove
+```
+Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-RestrictedAccessControlGroupsToRemove <Guid[]>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
+```
+
+### ClearRestrictedAccessControl
+```
+Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-ClearRestrictedAccessControl] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
+```
+
 ### ParamSet2
 ```
 Set-SPOContainer [-Identity] <SPOContainerPipeBind> [-RemoveLabel] [-WhatIf] [-Confirm] [<CommonParameters>]
@@ -68,7 +92,6 @@ For any parameters that are passed in, the `Set-SPOContainer` cmdlet sets or upd
 
 > [!IMPORTANT]
 > Always wait for the current principal owner transfer attempt to finish before reusing the cmdlet. Concurrent or premature reuse can lead to incomplete or invalid ownership changes.
-> 
 
 You must be a SharePoint Embedded Administrator to run the cmdlet.
 
@@ -163,6 +186,24 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ClearRestrictedAccessControl
+
+> Applicable: SharePoint Online
+
+Clears the list of groups that are given access via an access restriction policy.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: ClearRestrictedAccessControl
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ConditionalAccessPolicy
 
 > Applicable: SharePoint Online
@@ -187,15 +228,33 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ExcludeBlockDownloadPolicyContainerOwners
+### -CurrentPrincipalOwner
 
 > Applicable: SharePoint Online
 
-Controls if container owners are excluded from block download policy.
+The current principal owner of the container.
 
 ```yaml
-Type: System.Boolean
-Parameter Sets: BlockDownloadPolicy
+Type: String
+Parameter Sets: PrincipalOwnerTransfer
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -EnableRestrictedAccessControl
+
+> Applicable: SharePoint Online
+
+Lets you and other SharePoint Embedded admins restrict access to containers.
+
+```yaml
+Type: Boolean
+Parameter Sets: RestrictedAccessControl
 Aliases:
 
 Required: False
@@ -205,18 +264,18 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -CurrentPrincipalOwner
+### -ExcludeBlockDownloadPolicyContainerOwners
 
 > Applicable: SharePoint Online
 
-The current principal owner of the container.
+Controls if container owners are excluded from block download policy.
 
 ```yaml
-Type: String
-Parameter Sets: PrincipalOwnerTransfer
+Type: System.Boolean
+Parameter Sets: BlockDownloadPolicy
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
@@ -354,6 +413,60 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -RestrictedAccessControlGroups
+
+> Applicable: SharePoint Online
+
+Specifies the IDs of groups that have access under an access restriction policy.
+
+```yaml
+Type: Guid[]
+Parameter Sets: RestrictedAccessControl
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -RestrictedAccessControlGroupsToAdd
+
+> Applicable: SharePoint Online
+
+Specifies the IDs of groups to be added to an access restriction policy and gain access.
+
+```yaml
+Type: Guid[]
+Parameter Sets: RestrictedAccessControlGroupsToAdd
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -RestrictedAccessControlGroupsToRemove
+
+> Applicable: SharePoint Online
+
+Specifies the IDs of groups to be removed from access restriction policy and lose access.
+
+```yaml
+Type: Guid[]
+Parameter Sets: RestrictedAccessControlGroupsToRemove
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -SensitivityLabel
 
 > Applicable: SharePoint Online

From 809d4724251dccded1bcb62a5fdab60002fd683d Mon Sep 17 00:00:00 2001
From: Kartik P V R <pullabhk@microsoft.com>
Date: Mon, 29 Sep 2025 11:48:00 +0530
Subject: [PATCH 2/2] Incorporating comments

---
 .../Set-SPOContainer.md                                | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md b/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
index 1fad3c3d4..e7615d812 100644
--- a/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
+++ b/sharepoint/sharepoint-ps/Microsoft.Online.SharePoint.PowerShell/Set-SPOContainer.md
@@ -250,7 +250,7 @@ Accept wildcard characters: False
 
 > Applicable: SharePoint Online
 
-Lets you and other SharePoint Embedded admins restrict access to containers.
+Allows you and other SharePoint Embedded admins restrict access to containers.
 
 ```yaml
 Type: Boolean
@@ -268,7 +268,7 @@ Accept wildcard characters: False
 
 > Applicable: SharePoint Online
 
-Controls if container owners are excluded from block download policy.
+Specifies whether container owners are excluded from block download policy.
 
 ```yaml
 Type: System.Boolean
@@ -417,7 +417,7 @@ Accept wildcard characters: False
 
 > Applicable: SharePoint Online
 
-Specifies the IDs of groups that have access under an access restriction policy.
+Specifies the group IDs that have access under an access restriction policy.
 
 ```yaml
 Type: Guid[]
@@ -435,7 +435,7 @@ Accept wildcard characters: False
 
 > Applicable: SharePoint Online
 
-Specifies the IDs of groups to be added to an access restriction policy and gain access.
+Specifies the group IDs to add to an access restriction policy to grant access.
 
 ```yaml
 Type: Guid[]
@@ -453,7 +453,7 @@ Accept wildcard characters: False
 
 > Applicable: SharePoint Online
 
-Specifies the IDs of groups to be removed from access restriction policy and lose access.
+Specifies the group IDs to remove from an access restriction policy to revoke access.
 
 ```yaml
 Type: Guid[]