Merge branch 'main' into patch-3

Author: jechen2

.openpublishing.redirection.json

@@ -7133,6 +7133,16 @@
       "redirect_url": "/exchange/exchange-hybrid",
       "redirect_document_id": false
     },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Get-PhishSimOverrideRule.md",
+      "redirect_url": "/powershell/module/exchange/get-exophishsimoverriderule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Get-SecOpsOverrideRule.md",
+      "redirect_url": "/powershell/module/exchange/get-exosecopsoverriderule",
+      "redirect_document_id": false
+    },
     {
       "source_path": "skype/virtual-folder/skype/Disable-CsOnlineSipDomain.md",
       "redirect_url": "/powershell/module/teams/Disable-CsOnlineSipDomain",

exchange/docs-conceptual/disable-access-to-exchange-online-powershell.md

@@ -3,7 +3,7 @@ title: "Enable or disable access to Exchange Online PowerShell"
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 5/16/2024
+ms.date: 12/11/2024
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -18,7 +18,7 @@ description: "Admins can learn how to disable or enable access to Exchange Onlin
 
 Exchange Online PowerShell is the administrative interface that enables admins to manage the Exchange Online part of a Microsoft 365 organization from the command line (including many security features in Exchange Online Protection and Microsoft Defender for Office 365).
 
-By default, all accounts in Microsoft 365 are allowed to use Exchange Online PowerShell. This access doesn't give users administrative capabilities in an organization. They're still limited by [role based access control (RBAC)](/exchange/permissions-exo/permissions-exo) (for example, they can configure settings on their own mailbox or manage distribution groups that they own, but not much else).
+By default, all accounts in Microsoft 365 are allowed to use Exchange Online PowerShell. This access doesn't give users administrative capabilities. They're still limited by [role based access control (RBAC)](/exchange/permissions-exo/permissions-exo). For example, they can configure some settings on their own mailbox and manage distribution groups that they own, but not much else.
 
 Admins can use the procedures in this article to disable or enable a user's ability to connect to Exchange Online PowerShell.
 
@@ -33,7 +33,7 @@ Admins can use the procedures in this article to disable or enable a user's abil
   - [Microsoft Entra RBAC](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Exchange Administrator** or **Global Administrator**<sup>\*</sup> roles gives users the required permissions *and* permissions for other features in Microsoft 365.
 
   > [!IMPORTANT]
-  > In your haste to quickly and globally disable PowerShell access in your cloud-based organization, beware of commands like `Get-User | Set-User -EXOModuleEnabled $false` without considering admin accounts. Use the procedures in this article to selectively remove PowerShell access, or preserve access for those who need it by using the following syntax in your global removal command: `Get-User | Where-Object {$_.UserPrincipalName -ne '[email protected]' -and $_.UserPrincipalName -ne '[email protected]'...} | Set-User -EXOModuleEnabled $false`.
+  > In your haste to quickly and globally disable PowerShell access in your cloud-based organization, beware of commands like `Get-User | Set-User -EXOModuleEnabled $false` without considering admin accounts. Use the procedures in this article to **selectively** remove PowerShell access, or **preserve access for those who need it** by using the following syntax in your global removal command: `Get-User | Where-Object {$_.UserPrincipalName -ne '[email protected]' -and $_.UserPrincipalName -ne '[email protected]'...} | Set-User -EXOModuleEnabled $false`.
   >
   > If you accidentally lock yourself out of PowerShell access, create a new admin account in the Microsoft 365 admin center, and then use that account to give yourself PowerShell access using the procedures in this article.
   >
@@ -62,7 +62,7 @@ Set-User -Identity [email protected] -EXOModuleEnabled $true
 
 To prevent access to Exchange Online PowerShell for a specific group of existing users, you have the following options:
 
-- **Filter users based on an existing attribute**: This method assumes that the target user accounts all share a unique filterable attribute. Some attributes, such as Title, Department, address information, and telephone number, are available only from the **Get-User** cmdlet. Other attributes, such as CustomAttribute1 to CustomAttribute15, are available only from the **Get-Mailbox** cmdlet.
+- **Filter users based on an existing attribute**: This method assumes that the target user accounts all share a unique filterable attribute. Some attributes (for example, Title, Department, address information, and telephone number) are available only from the **Get-User** cmdlet. Other attributes (for example, CustomAttribute1 to CustomAttribute15) are available only from the **Get-Mailbox** cmdlet.
 - **Use a list of specific users**: After you generate the list of specific users, you can use that list to disable their access to Exchange Online PowerShell.
 
 ### Filter users based on an existing attribute
@@ -107,6 +107,9 @@ $NoPS | foreach {Set-User -Identity $_ -EXOModuleEnabled $false}
 
 ## View the Exchange Online PowerShell access status for users
 
+> [!TIP]
+> The newer `EXOModuleEnabled` property isn't available to use with the *Filter* parameter on the **Get-User** cmdlet, but the values of the `EXOModuleEnabled` property and the older `RemotePowerShellEnabled` property are always the same, so use the `RemotePowerShellEnabled` property with the *Filter* parameter on the **Get-User** cmdlet.
+
 To view the PowerShell access status for a specific user, replace \<UserIdentity\> with the name or user principal name (UPN) of the user, and run the following command:
 
 ```powershell
@@ -122,11 +125,11 @@ Get-User -ResultSize unlimited | Format-Table -Auto DisplayName,EXOModuleEnabled
 To display all users who don't have access to Exchange Online PowerShell, run the following command:
 
 ```powershell
-Get-User -ResultSize unlimited -Filter 'EXOModuleEnabled -eq $false'
+Get-User -ResultSize unlimited -Filter 'RemotePowerShellEnabled -eq $false'
 ```
 
 To display all users who have access to Exchange Online PowerShell, run the following command:
 
 ```powershell
-Get-User -ResultSize unlimited -Filter 'EXOModuleEnabled -eq $true'
+Get-User -ResultSize unlimited -Filter 'RemotePowerShellEnabled -eq $true'
 ```

exchange/exchange-ps/exchange/Get-ClientAccessRule.md

@@ -13,7 +13,7 @@ ms.reviewer:
 
 ## SYNOPSIS
 > [!NOTE]
-> Beginning in October 2022, we've disabled access to client access rules for all existing Exchange Online organizations that weren't using them. In September 2024, support for client access rules will end for all Exchange Online organizations. For more information, see [Update: Deprecation of Client Access Rules in Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/update-deprecation-of-client-access-rules-in-exchange-online/ba-p/3790165).
+> Beginning in October 2022, client access rules were deprecated for all Exchange Online organizations that weren't using them. Client access rules will be deprecated for all remaining organizations on September 1, 2025. If you choose to turn off client access rules before the deadline, the feature will be disabled in your organization. For more information, see [Update on Client Access Rules Deprecation in Exchange Online](https://techcommunity.microsoft.com/blog/exchange/update-on-client-access-rules-deprecation-in-exchange-online/4354809).
 
 This cmdlet is functional only in Exchange Server 2019 and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
 

exchange/exchange-ps/exchange/Get-FederatedOrganizationIdentifier.md

@@ -1,7 +1,7 @@
 ---
 external help file: Microsoft.Exchange.CalendarsAndGroups-Help.xml
 online version: https://learn.microsoft.com/powershell/module/exchange/get-federatedorganizationidentifier
-applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online, Exchange Online Protection
 title: Get-FederatedOrganizationIdentifier
 schema: 2.0.0
 author: chrisda
@@ -12,7 +12,7 @@ ms.reviewer:
 # Get-FederatedOrganizationIdentifier
 
 ## SYNOPSIS
-This cmdlet is available only in on-premises Exchange.
+This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
 
 Use the Get-FederatedOrganizationIdentifier cmdlet to retrieve the Exchange organization's federated organization identifier and related details, such as federated domains, organization contact and status.
 
@@ -57,7 +57,7 @@ The Identity parameter specifies the organization ID.
 Type: OrganizationIdParameter
 Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online, Exchange Online Protection
 
 Required: False
 Position: 1
@@ -67,6 +67,8 @@ Accept wildcard characters: False
 ```
 
 ### -DomainController
+This parameter is available only in on-premises Exchange.
+
 The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.
 
 ```yaml
@@ -91,7 +93,7 @@ The status is returned with each domain in the Domains property.
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online, Exchange Online Protection
 
 Required: False
 Position: Named

exchange/exchange-ps/exchange/Get-MailUser.md

@@ -52,6 +52,19 @@ Get-MailUser [[-Identity] <MailUserIdParameter>]
  [<CommonParameters>]
 ```
 
+### LOBAppAccount
+```
+Get-MailUser [-LOBAppAccount]
+ [-Filter <String>]
+ [-OrganizationalUnit <OrganizationalUnitIdParameter>]
+ [-ProgressAction <ActionPreference>]
+ [-ResultSize <Unlimited>]
+ [-SharedWithMailUser]
+ [-SoftDeletedMailUser]
+ [-SortBy <String>]
+ [<CommonParameters>]
+```
+
 ### HVEAccount
 ```
 Get-MailUser [-HVEAccount]
@@ -193,6 +206,24 @@ Accept pipeline input: false
 Accept wildcard characters: False
 ```
 
+### -HVEAccount
+This parameter is available only in the cloud-based service.
+
+The HVEAccount switch specifies that this mail user account is specifically used for the [High volume email service](https://learn.microsoft.com/exchange/mail-flow-best-practices/high-volume-mails-m365). You don't need to specify a value with this switch.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: LOBAppAccount
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Position: Named
+Default value: None
+Required: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -IgnoreDefaultScope
 This parameter is available only in on-premises Exchange.
 
@@ -216,20 +247,20 @@ Accept pipeline input: false
 Accept wildcard characters: False
 ```
 
-### -HVEAccount
+### -LOBAppAccount
 This parameter is available only in the cloud-based service.
 
-The HVEAccount switch specifies that this mail user account is specifically used for the [High volume email service](https://learn.microsoft.com/exchange/mail-flow-best-practices/high-volume-mails-m365). You don't need to specify a value with this switch.
+{{ Fill LOBAppAccount Description }}
 
 ```yaml
 Type: SwitchParameter
 Parameter Sets: LOBAppAccount
 Aliases:
 Applicable: Exchange Online, Exchange Online Protection
 
+Required: False
 Position: Named
 Default value: None
-Required: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```

exchange/exchange-ps/exchange/Get-Mailbox.md

@@ -39,6 +39,7 @@ Get-Mailbox [-Anr <String>]
  [-IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames]
  [-IncludeAcceptMessagesOnlyFromWithDisplayNames]
  [-IncludeEmailAddressDisplayNames]
+ [-IncludeGrantSendOnBehalfToWithDisplayNames]
  [-IncludeInactiveMailbox]
  [-Migration]
  [-Monitoring]
@@ -96,6 +97,7 @@ Get-Mailbox [[-Identity] <MailboxIdParameter>]
  [-IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames]
  [-IncludeAcceptMessagesOnlyFromWithDisplayNames]
  [-IncludeEmailAddressDisplayNames]
+ [-IncludeGrantSendOnBehalfToWithDisplayNames]
  [-IncludeInactiveMailbox]
  [-Migration]
  [-Monitoring]
@@ -147,6 +149,7 @@ Get-Mailbox [-MailboxPlan <MailboxPlanIdParameter>]
  [-IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames]
  [-IncludeAcceptMessagesOnlyFromWithDisplayNames]
  [-IncludeEmailAddressDisplayNames]
+ [-IncludeGrantSendOnBehalfToWithDisplayNames]
  [-IncludeInactiveMailbox]
  [-Migration]
  [-OrganizationalUnit <OrganizationalUnitIdParameter>]
@@ -555,6 +558,24 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -IncludeGrantSendOnBehalfToWithDisplayNames
+This parameter is available only in the cloud-based service.
+
+{{ Fill IncludeGrantSendOnBehalfToWithDisplayNames Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: Identity, AnrSet, MailboxPlanSet
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -IncludeInactiveMailbox
 This parameter is available only in the cloud-based service.