Merge branch 'main' into EWSCortana-chrisda

Author: chrisda

cabgen-bootstrap.yml

@@ -0,0 +1,14 @@
+trigger:
+- live
+
+pr: none # Disable pull request triggers.
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: Content CI/ReferenceAutomation
+      ref: refs/heads/master
+
+extends:
+  template: PowerShell/cabgen.yml@templates

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -20,16 +20,27 @@ description: "Learn about using the Exchange Online V2 module in scripts and oth
 # App-only authentication for unattended scripts in the EXO V2 module
 
 > [!NOTE]
-> The features and procedures described in this article require the following versions of the EXO V2 module:
 >
-> - **Exchange Online PowerShell (Connect-ExchangeOnline)**: Version 2.0.3 or later.
-> - **Security & Compliance Center PowerShell (Connect-IPPSSession)**: Version 2.0.6 Preview5 or later.
+> - The features and procedures described in this article require the following versions of the EXO V2 module:
+>   - **Exchange Online PowerShell (Connect-ExchangeOnline)**: Version 2.0.3 or later.
+>   - **Security & Compliance PowerShell (Connect-IPPSSession)**: Version 2.0.6 Preview5 or later.
 >
-> For instructions on how to install or update the module, see [Install and maintain the EXO V2 module](exchange-online-powershell-v2.md#install-and-maintain-the-exo-v2-module).
+>   For instructions on how to install or update the module on clients or servers, see [Install and maintain the EXO V2 module](exchange-online-powershell-v2.md#install-and-maintain-the-exo-v2-module). For instructions on how to use the module in Azure automation, see [Manage modules in Azure Automation](/azure/automation/shared-resources/modules).
 >
-> You can't use the procedures in this article to modify Microsoft 365 Groups ([Set-UnifiedGroup](/powershell/module/exchange/set-unifiedgroup)). To use Microsoft Graph instead, see [Update group](/graph/api/group-update).
+> - In Exchange Online PowerShell, you can't use the procedures in this article with the following Microsoft 365 Group cmdlets:
+>   - [New-UnifiedGroup](/powershell/module/exchange/new-unifiedgroup)
+>   - [Remove-UnifiedGroup](/powershell/module/exchange/remove-unifiedgroup)
+>   - [Set-UnifiedGroup](/powershell/module/exchange/set-unifiedgroup)
+>   - [Remove-UnifiedGroupLinks](/powershell/module/exchange/remove-unifiedgrouplinks)
+>   - [Add-UnifiedGroupLinks](/powershell/module/exchange/add-unifiedgrouplinks)
+>
+>   You can use Microsoft Graph instead. For more information, see [Working with groups in Microsoft Graph](/graph/api/resources/groups-overview)
+>
+> - In Security & Compliance PowerShell, you can't use the procedures in this article with the following cmdlets:
+>   - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase)
+>   - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy)
 
-Auditing and reporting scenarios in Microsoft 365 often involve unattended scripts in Exchange Online PowerShell and Security & Compliance Center PowerShell. In the past, unattended sign in required you to store the username and password in a local file or in a secret vault that's accessed at run-time. But, as we all know, storing user credentials locally is not a good security practice.
+Auditing and reporting scenarios in Microsoft 365 often involve unattended scripts in Exchange Online PowerShell and Security & Compliance PowerShell. In the past, unattended sign in required you to store the username and password in a local file or in a secret vault that's accessed at run-time. But, as we all know, storing user credentials locally is not a good security practice.
 
 Certificate based authentication (CBA) or app-only authentication as described in this article supports unattended script and automation scenarios by using Azure AD apps and self-signed certificates.
 
@@ -46,7 +57,7 @@ The following examples show how to use the Exchange Online PowerShell V2 module
     Connect-ExchangeOnline -CertificateFilePath "C:\Users\johndoe\Desktop\automation-cert.pfx" -CertificatePassword (ConvertTo-SecureString -String "<MyPassword>" -AsPlainText -Force) -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
     ```
 
-  - **Security & Compliance Center PowerShell**:
+  - **Security & Compliance PowerShell**:
 
      ```powershell
     Connect-IPPSSession -CertificateFilePath "C:\Users\johndoe\Desktop\automation-cert.pfx" -CertificatePassword (ConvertTo-SecureString -String "<MyPassword>" -AsPlainText -Force) -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
@@ -60,7 +71,7 @@ The following examples show how to use the Exchange Online PowerShell V2 module
     Connect-ExchangeOnline -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
     ```
 
-  - **Security & Compliance Center PowerShell**:
+  - **Security & Compliance PowerShell**:
 
     ```powershell
     Connect-IPPSSession -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
@@ -76,7 +87,7 @@ The following examples show how to use the Exchange Online PowerShell V2 module
     Connect-ExchangeOnline -Certificate <%X509Certificate2 Object%> -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
     ```
 
-  - **Security & Compliance Center PowerShell**:
+  - **Security & Compliance PowerShell**:
 
     ```powershell
     Connect-IPPSSession -Certificate <%X509Certificate2 Object%> -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
@@ -166,7 +177,7 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
 
    ![Select Manifest on the application properties page.](media/exo-app-only-auth-select-manifest.png)
 
-2. On the **Manifest** page that opens, find the `requiredResourceAccess` entry (on or about line 44).
+2. On the **Manifest** page that opens, find the `requiredResourceAccess` entry (on or about line 47).
 
    Modify the `resourceAppId`, `resourceAccess`, `id`, and `type` values as shown in the following code snippet:
 
@@ -194,6 +205,9 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
 
    - **API / Permissions name**: Verify the value **Exchange.ManageAsApp** is shown.
 
+     > [!NOTE]
+     > If necessary, search for **Office 365 Exchange** under **APIs my organization uses** on the **Request API Permissions** page.
+
    - **Status**: The current incorrect value is **Not granted for \<Organization\>**, and this value needs to be changed.
 
      ![Original incorrect API permissions.](media/exo-app-only-auth-original-permissions.png)
@@ -267,7 +281,7 @@ After you register the certificate with your application, you can use the privat
 
 Azure AD has more than 50 admin roles available. The supported roles are described in the following table:
 
-|Role|Exchange Online PowerShell|Security & Compliance Center PowerShell|
+|Role|Exchange Online PowerShell|Security & Compliance PowerShell|
 |---|:---:|:---:|
 |Compliance Administrator|![Check mark.](media/checkmark.png)|![Check mark.](media/checkmark.png)|
 |Exchange Administrator<sup>\*</sup>|![Check mark.](media/checkmark.png)||
@@ -276,6 +290,7 @@ Azure AD has more than 50 admin roles available. The supported roles are describ
 |Helpdesk Administrator|![Check mark.](media/checkmark.png)||
 |Security Administrator<sup>\*</sup>|![Check mark.](media/checkmark.png)|![Check mark.](media/checkmark.png)|
 |Security Reader|![Check mark.](media/checkmark.png)|![Check mark.](media/checkmark.png)|
+|Exchange Recipient Administrator|![Check mark.](media/checkmark.png)||
 
 <sup>\*</sup> The Global Administrator and Exchange Administrator roles provide the required permissions for any task in Exchange Online PowerShell. For example:
 
@@ -287,7 +302,7 @@ The Security Administrator role does not have the necessary permissions for thos
 For general instructions about assigning roles in Azure AD, see [View and assign administrator roles in Azure Active Directory](/azure/active-directory/roles/manage-roles-portal).
 
 > [!NOTE]
-> The following steps are slightly different for Exchange Online PowerShell vs. Security & Compliance Center PowerShell. The steps for both environments are shown. To configure roles for both environments, repeat the steps in this section.
+> The following steps are slightly different for Exchange Online PowerShell vs. Security & Compliance PowerShell. The steps for both environments are shown. To configure roles for both environments, repeat the steps in this section.
 
 1. On the Azure AD portal at <https://portal.azure.com/>, under **Manage Azure Active Directory**, click **View**.
 
@@ -303,19 +318,19 @@ For general instructions about assigning roles in Azure AD, see [View and assign
 
      ![Find and select a supported Exchange Online PowerShell role by clicking on the role name.](media/exo-app-only-auth-find-and-select-supported-role.png)
 
-   - **Security & Compliance Center PowerShell**:
+   - **Security & Compliance PowerShell**:
 
-     ![Find and select a supported Security & Compliance Center PowerShell role by clicking on the role name.](media/exo-app-only-auth-find-and-select-supported-role-scc.png)
+     ![Find and select a supported Security & Compliance PowerShell role by clicking on the role name.](media/exo-app-only-auth-find-and-select-supported-role-scc.png)
 
 4. On the **Assignments** page that opens, click **Add assignments**.
 
    - **Exchange Online PowerShell**:
 
      ![Select Add assignments on the role assignments page for Exchange Online PowerShell.](media/exo-app-only-auth-role-assignments-click-add-assignments.png)
 
-   - **Security & Compliance Center PowerShell**:
+   - **Security & Compliance PowerShell**:
 
-     ![Select Add assignments on the role assignments page for Security & Compliance Center PowerShell.](media/exo-app-only-auth-role-assignments-click-add-assignments-scc.png)
+     ![Select Add assignments on the role assignments page for Security & Compliance PowerShell.](media/exo-app-only-auth-role-assignments-click-add-assignments-scc.png)
 
 5. In the **Add assignments** flyout that opens, find and select the app that you created in [Step 1](#step-1-register-the-application-in-azure-ad).
 
@@ -329,6 +344,6 @@ For general instructions about assigning roles in Azure AD, see [View and assign
 
      ![The role assignments page after to added the app to the role for Exchange Online PowerShell.](media/exo-app-only-auth-app-assigned-to-role.png)
 
-   - **Security & Compliance Center PowerShell**:
+   - **Security & Compliance PowerShell**:
 
-     ![The role assignments page after to added the app to the role for Security & Compliance Center PowerShell.](media/exo-app-only-auth-app-assigned-to-role-scc.png)
+     ![The role assignments page after to added the app to the role for Security & Compliance PowerShell.](media/exo-app-only-auth-app-assigned-to-role-scc.png)

exchange/docs-conceptual/basic-auth-connect-to-eop-powershell.md

@@ -17,7 +17,7 @@ description: "Use remote PowerShell to connect to a standalone Exchange Online P
 # Bssic auth - Connect to Exchange Online Protection PowerShell
 
 > [!NOTE]
-> The connection instructions in this article [will eventually be deprecated](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163) due to the security concerns around Basic authentication. Instead, you should use the Exchange Online PowerShell V2 module (the EXO V2 module) to connect to Exchange Online Protection PowerShell. For instructions, see [Connect to Exchange Online Protection PowerShell](connect-to-exchange-online-protection-powershell.md).
+> The connection instructions in this article [will be deprecated starting on October 1, 2022](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437) due to the security concerns around Basic authentication. Instead, you should use the Exchange Online PowerShell V2 module (the EXO V2 module) to connect to Exchange Online Protection PowerShell. For instructions, see [Connect to Exchange Online Protection PowerShell](connect-to-exchange-online-protection-powershell.md).
 
 In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, standalone EOP PowerShell allows you to manage your EOP organization from the command line. You use Windows PowerShell on your local computer to create a remote PowerShell session to EOP. It's a simple three-step process where you enter your Microsoft 365 credentials, provide the required connection settings, and then import the EOP cmdlets into your local Windows PowerShell session so that you can use them.
 
@@ -61,7 +61,7 @@ The following introductory video shows you how to connect to and use Exchange On
 
 - WinRM needs to allow Basic authentication (it's enabled by default). We don't send the username and password combination, but the Basic authentication header is required to send the session's OAuth token, since the client-side WinRM implementation has no support for OAuth.
 
-  **Note**: You must temporarily enable WinRM to run the following commands. You can enable it by running the command: `winrm quickconfig`.
+  **Note**: The following commands require that WinRM is enabled. To enable WinRM, run the following command:  `winrm quickconfig`.
 
   To verify that Basic authentication is enabled for WinRM, run this command **in a Command Prompt** (not in Windows PowerShell):
 

exchange/docs-conceptual/basic-auth-connect-to-exo-powershell.md

@@ -20,7 +20,8 @@ description: "Learn how to use remote PowerShell to connect to Exchange Online w
 # Basic auth - Connect to Exchange Online PowerShell
 
 > [!NOTE]
-> The connection instructions in this article [will eventually be deprecated](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163) due to the security concerns around Basic authentication. Instead, you should use the Exchange Online PowerShell V2 module (the EXO V2 module) to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md).
+> The connection instructions in this article [will be deprecated starting on October 1, 2022](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437) due to the security concerns around Basic authentication. Instead, you should use the Exchange Online PowerShell V2 module (the EXO V2 module) to connect to Exchange Online PowerShell.
+If you're using PowerShell for administration, see [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md). If you're using PowerShell for automation, see [App-only authentication for unattended scripts](app-only-auth-powershell-v2.md).
 
 Exchange Online PowerShell allows you to manage your Exchange Online settings from the command line. You use Windows PowerShell on your local computer to create a remote PowerShell session to Exchange Online. It's a simple three-step process where you enter your Microsoft 365 credentials, provide the required connection settings, and then import the Exchange Online cmdlets into your local Windows PowerShell session so that you can use them.
 
@@ -64,7 +65,7 @@ The following introductory video shows you how to connect to and use Exchange On
 
 - WinRM needs to allow Basic authentication (it's enabled by default). We don't send the username and password combination, but the Basic authentication header is required to send the session's OAuth token, since the client-side WinRM implementation has no support for OAuth.
 
-  **Note**: You must temporarily enable WinRM to run the following commands. You can enable it by running the command: `winrm quickconfig`.
+  **Note**: You The following commands require that WinRM is enabled. To enable WinRM, run the following command:  `winrm quickconfig`.
 
   To verify that Basic authentication is enabled for WinRM, run this command **in a Command Prompt** (not in Windows PowerShell):