Merge branch 'main' into DefaultTenant-chrisda

chrisda · chrisda · commit 142a00139792 · 2023-02-02T10:36:38.000-08:00
diff --git a/exchange/exchange-ps/exchange/Restore-RecoverableItems.md b/exchange/exchange-ps/exchange/Restore-RecoverableItems.md
@@ -312,6 +312,16 @@ This parameter is available only in the cloud-based service.
 
 The RestoreTargetFolder parameter specifies the top-level folder in which to restore data. If you don't specify this parameter, the command restores folders to the top of the folder structure in the target mailbox or archive. Content is merged under existing folders, and new folders are created if they don't already exist in the target folder structure.
 
+This parameter is required for archives and optional for primary mailboxes. A destination folder will be created if it does not exist. Valid paths are:
+
+- `/`
+- `/folder1`
+- `/folder1/folder2`
+- `folder1`
+- `folder1/folder2`
+```
+The preceding or trailing `/` will be ignored. Then, it will be treated as the relative path of the IPM sub-tree: `/Top Of Information Store`.
+
 ```yaml
 Type: String
 Parameter Sets: Default
@@ -345,11 +355,12 @@ Accept wildcard characters: False
 The SourceFolder parameter specifies where to search for deleted items in the mailbox. Valid values are:
 
 - DeletedItems: The Deleted Items folder.
-- DiscoveryHoldsItems: The Recoverable Items\DiscoveryHolds folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items) and are protected by a hold.
 - RecoverableItems: The Recoverable Items\Deletions folder. This folder contains items that have been deleted from the Deleted Items folder (soft-deleted items).
 - PurgedItems: The Recoverable Items\Purges folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items).
 
-If you don't use this parameter, the command will search all of these folders.
+If you don't use this parameter, the command will search these three folders.
+
+- DiscoveryHoldsItems: The Recoverable Items\DiscoveryHolds folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items) and are protected by a hold. To search for deleted items in this folder, use this parameter with the value DiscoveryHoldsItems.
 
 ```yaml
 Type: RecoverableItemsFolderType
diff --git a/exchange/exchange-ps/exchange/Set-RemoteDomain.md b/exchange/exchange-ps/exchange/Set-RemoteDomain.md
@@ -107,6 +107,11 @@ The AllowedOOFType parameter specifies the type of automatic replies or out-of-o
 - InternalLegacy: Only internal automatic replies or automatic replies that aren't designated as internal or external are sent to recipients in the remote domain.
 - None: No automatic replies are sent to recipients in the remote domain.
 
+The value of this parameter is affected by the value of the IsInternal parameter, and vice-versa:
+
+- If you change the AllowedOOFType parameter to the value InternalLegacy, the IsInternal parameter is changed to the value $true.
+- If you change the IsInternal parameter to the value $false, the AllowedOOFType parameter is changed to the value ExternalLegacy.
+
 ```yaml
 Type: AllowedOOFType
 Parameter Sets: (All)
@@ -331,6 +336,11 @@ The IsInternal parameter specifies whether the recipients in the remote domain a
 - $true: All transport components (for example, transport rules) treat recipients in the remote domain as internal recipients. Typically, you use this value in cross-forest deployments.
 - $false: Recipients in the remote domain are treated as external recipients. This is the default value.
 
+The value of this parameter is affected by the value of the AllowedOOFType parameter, and vice-versa:
+
+- If you change the AllowedOOFType parameter to the value InternalLegacy, the IsInternal parameter is changed to the value $true.
+- If you change the IsInternal parameter to the value $false, the AllowedOOFType parameter is changed to the value ExternalLegacy.
+
 ```yaml
 Type: Boolean
 Parameter Sets: (All)
diff --git a/exchange/exchange-ps/exchange/Test-ServicePrincipalAuthorization.md b/exchange/exchange-ps/exchange/Test-ServicePrincipalAuthorization.md
@@ -0,0 +1,165 @@
+---
+external help file: Microsoft.Exchange.RolesAndAccess-Help.xml
+online version: https://learn.microsoft.com/powershell/module/exchange/test-serviceprincipalauthorization
+applicable: Exchange Online
+title: Test-ServicePrincipalAuthorization
+schema: 2.0.0
+author: chrisda
+ms.author: chrisda
+ms.reviewer:
+---
+
+# Test-ServicePrincipalAuthorization
+
+## SYNOPSIS
+This cmdlet is available only in the cloud-based service.
+
+Use the Test-ServicePrincipalAuthorization cmdlet to test the access granted by role-based access control (RBAC) for Applications. For more information, see [Role Based Access Control for Applications in Exchange Online](https://learn.microsoft.com/Exchange/permissions-exo/application-rbac).
+
+For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
+
+## SYNTAX
+
+```
+Test-ServicePrincipalAuthorization [-Identity] <ServicePrincipalIdParameter>
+ [-Confirm]
+ [-Organization <OrganizationIdParameter>]
+ [-Resource <UserIdParameter>]
+ [-WhatIf]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> Test-ServicePrincipalAuthorization -Identity "DemoB" -Resource "Mailbox A" | Format-Table
+
+RoleName                      GrantedPermissions          AllowedResourceScope        ScopeType                 InScope 
+--------                      ------------------          --------------------        ---------                 ------
+Application Mail.Read         Mail.Read                   Canadian Employees           CustomRecipientScope     True 
+Application Calendars.Read    Calendars.Read              4d819ce9-9257-44..           AdministrativeUnit       False 
+Application Contacts.Read     Contacts.Read               Organization                 Organization             True 
+```
+
+This example tests if this service principal (the app named "DemoB") can exercise each of its assigned permissions against the target mailbox named "Mailbox A." The membership in the scope is indicated by the InScope column. 
+
+### Example 2
+```powershell
+PS C:\> Test-ServicePrincipalAuthorization -Identity "DemoB" | Format-Table
+
+RoleName                      GrantedPermissions          AllowedResourceScope        ScopeType                 InScope 
+--------                      ------------------          --------------------        ---------                 ------
+Application Mail.Read         Mail.Read                   Canadian Employees           CustomRecipientScope     Not Run 
+Application Calendars.Read    Calendars.Read              4d819ce9-9257-44..           AdministrativeUnit       Not Run  
+Application Contacts.Read     Contacts.Read               Organization                 Organization             Not Run  
+```
+
+This example tests the entitlement of the app named "DemoB", including which permissions it has at which scopes. Because the command doesn't use the Resource parameter, the scope membership check is not run.
+
+## PARAMETERS
+
+### -Identity
+The Identity parameter specifies the service principal that you want to test. You can use any value that uniquely identifies the service principal. For example:
+
+- Name
+- Distinguished name (DN)
+- GUID
+- AppId
+- ServiceId
+
+```yaml
+Type: ServicePrincipalIdParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -Confirm
+This parameter is reserved for internal Microsoft use.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Organization
+This parameter is reserved for internal Microsoft use.
+
+```yaml
+Type: OrganizationIdParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -Resource
+The Resource parameter specifies the target mailbox where the scoped permissions apply. You can use any value that uniquely identifies the mailbox. For example:
+
+- Name
+- Distinguished name (DN)
+- Canonical DN
+- GUID
+
+```yaml
+Type: UserIdParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -WhatIf
+This parameter is reserved for internal Microsoft use.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+
+## RELATED LINKS
diff --git a/exchange/exchange-ps/exchange/exchange.md b/exchange/exchange-ps/exchange/exchange.md
@@ -1674,6 +1674,8 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow
 
 ### [Test-OAuthConnectivity](Test-OAuthConnectivity.md)
 
+### [Test-ServicePrincipalAuthorization](Test-ServicePrincipalAuthorization.md)
+
 ### [Test-SystemHealth](Test-SystemHealth.md)
 
 ### [Update-ExchangeHelp](Update-ExchangeHelp.md)
diff --git a/exchange/mapping/serviceMapping.json b/exchange/mapping/serviceMapping.json
@@ -820,6 +820,7 @@
   "Set-SettingOverride": "organization",
   "Test-ApplicationAccessPolicy": "organization",
   "Test-OAuthConnectivity": "organization",
+  "Test-ServicePrincipalAuthorization": "organization",
   "Test-SystemHealth": "organization",
   "Update-ExchangeHelp": "organization",
   "Disable-JournalArchiving": "policy-and-compliance",
