Fresh Friday updates

Author: chrisda

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -395,7 +395,7 @@ For more information about the URL syntax, see [Request the permissions from a d
 You have two options:
 
 - **Assign Azure AD roles to the application**
-- **Assign custom role groups to the application using service principals**: This method is supported only when you connect to Exchange Online PowerShell or Security & Compliance PowerShell in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module). Security & Compliance PowerShell supports REST API mode in v3.2.0 or later.
+- **Assign custom role groups to the application using service principals**: This method is supported only when you connect to Exchange Online PowerShell or Security & Compliance PowerShell in [REST API mode](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module). Security & Compliance PowerShell supports REST API mode in v3.2.0 or later.
 
 > [!NOTE]
 > You can also combine both methods to assign permissions. For example, you can use Azure AD roles for the "Exchange Recipient Administrator" role and also assign your custom RBAC role to extend the permissions.
@@ -476,7 +476,7 @@ For general instructions about assigning roles in Azure AD, see [View and assign
 > [!NOTE]
 > You need to connect to Exchange Online PowerShell or Security & Compliance PowerShell _before_ completing steps to create a new service principal. Creating a new service principal without connecting to PowerShell won't work (your Azure App ID and Object ID are needed to create the new service principal).
 >
->  This method is supported only when you connect to Exchange Online PowerShell or Security & Compliance PowerShell in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module). Security & Compliance PowerShell supports REST API mode in v3.2.0 or later.
+>  This method is supported only when you connect to Exchange Online PowerShell or Security & Compliance PowerShell in [REST API mode](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module). Security & Compliance PowerShell supports REST API mode in v3.2.0 or later.
 
 For information about creating custom role groups, see [Create role groups in Exchange Online](/exchange/permissions-exo/role-groups#create-role-groups) and [Create Email & collaboration role groups in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/mdo-portal-permissions#create-email--collaboration-role-groups-in-the-microsoft-365-defender-portal). The custom role group that you assign to the application can contain any combination of built-in and custom roles.
 

exchange/docs-conceptual/cmdlet-property-sets.md

@@ -3,7 +3,7 @@ title: Property sets in Exchange Online PowerShell module cmdlets
 ms.author: chrisda
 author: chrisda
 manager: dansimp
-ms.date:
+ms.date: 9/1/2023
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -23,8 +23,8 @@ This article describes the property sets that are available in the nine exclusiv
 
 For more information about filtering with cmdlets in the module, see [Filters in the Exchange Online PowerShell module](filters-v2.md).
 
-> [!NOTE]
-> Version 2.0.5 and earlier is known as the Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module). Version 3.0.0 and later is known as the Exchange Online PowerShell V3 module (abbreviated as the EXO V3 module).
+  > [!TIP]
+  > Version 3.0.0 and later (2022) is known as the Exchange Online PowerShell V3 module (abbreviated as the EXO V3 module). Version 2.0.5 and earlier (2021) was known as the Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module).
 
 ## Get-EXOCasMailbox property sets
 

exchange/docs-conceptual/connect-exo-powershell-managed-identity.md

@@ -19,7 +19,7 @@ description: "Learn about using the Exchange Online PowerShell V3 module and Azu
 
 # Use Azure managed identities to connect to Exchange Online PowerShell
 
-Using the [Exchange Online PowerShell V3 module](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module), you can connect to Exchange Online PowerShell using a user-assigned or system assigned Azure managed identity. For more information about managed identities, see [What are managed identities for Azure resources?](/azure/active-directory/managed-identities-azure-resources/overview).
+Using the [Exchange Online PowerShell V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module), you can connect to Exchange Online PowerShell using a user-assigned or system assigned Azure managed identity. For more information about managed identities, see [What are managed identities for Azure resources?](/azure/active-directory/managed-identities-azure-resources/overview).
 
 Unlike other connection methods using the Exchange Online PowerShell module, you can't run the connection commands in a Windows PowerShell session on your local computer. Instead, you connect in the context of the Azure resource that's associated with the managed identity (for example, an Azure automation account or an Azure Virtual Machine).
 

exchange/docs-conceptual/connect-to-exchange-online-powershell.md

@@ -68,7 +68,7 @@ For detailed syntax and parameter information, see [Connect-ExchangeOnline](/pow
 
 - _\<UPN\>_ is your account in user principal name format (for example, `[email protected]`).
 
-- With the EXO V3 module (v3.0.0 or later) and the [demise of Basic authentication (remote PowerShell) connections to Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecation-of-remote-powershell-rps-protocol-in-security-and/ba-p/3815432), you're using REST API cmdlets only. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+- With the EXO V3 module (v3.0.0 or later) and the [demise of Basic authentication (remote PowerShell) connections to Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecation-of-remote-powershell-rps-protocol-in-security-and/ba-p/3815432), you're using REST API cmdlets only. For more information, see [REST API connections in the EXO V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module).
 
 - When you use the _ExchangeEnvironmentName_ parameter, you don't need use the _ConnectionUri_ or _AzureADAuthorizationEndPointUrl_ parameters. Common values for the _ExchangeEnvironmentName_ parameter are described in the following table:
 

exchange/docs-conceptual/connect-to-exchange-online-protection-powershell.md

@@ -70,7 +70,7 @@ For detailed syntax and parameter information, see [Connect-IPPSSession](/powers
 
 - _\<UPN\>_ is your account in user principal name format (for example, `[email protected]`).
 
-- With the EXO V3 module (v3.0.0 or later) and the [demise of Basic authentication (remote PowerShell) connections to Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecation-of-remote-powershell-rps-protocol-in-security-and/ba-p/3815432), you're using REST API cmdlets only. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+- With the EXO V3 module (v3.0.0 or later) and the [demise of Basic authentication (remote PowerShell) connections to Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecation-of-remote-powershell-rps-protocol-in-security-and/ba-p/3815432), you're using REST API cmdlets only. For more information, see [REST API connections in the EXO V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module).
 
 ### Connect to Exchange Online Protection PowerShell with an interactive login prompt
 

exchange/docs-conceptual/connect-to-exo-powershell-c-sharp.md

@@ -19,7 +19,7 @@ description: "Learn about using the Exchange Online PowerShell V3 module and C#
 
 # Use C# to connect to Exchange Online PowerShell
 
-The code samples in this article use the [Exchange Online PowerShell V3 module](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) module to connect to Exchange Online from C#.
+The code samples in this article use the [Exchange Online PowerShell V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module) module to connect to Exchange Online from C#.
 
 To install the Exchange Online PowerShell module, see [Install and maintain the Exchange Online PowerShell module](exchange-online-powershell-v2.md#install-and-maintain-the-exchange-online-powershell-module).
 

exchange/docs-conceptual/connect-to-scc-powershell.md

@@ -31,7 +31,7 @@ To use the older Exchange Online Remote PowerShell Module (the V1 module) to con
 - The requirements for installing and using the module are described in [Install and maintain the Exchange Online PowerShell module](exchange-online-powershell-v2.md#install-and-maintain-the-exchange-online-powershell-module).
 
   > [!NOTE]
-  > If you're using version 3.2.0 or later of the module, and you don't use the _UseRPSSession_ switch in the **Connect-IPPSSession** command, you have access to REST API cmdlets _only_. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+  > If you're using version 3.2.0 or later of the module, and you don't use the _UseRPSSession_ switch in the **Connect-IPPSSession** command, you have access to REST API cmdlets _only_. For more information, see [REST API connections in the EXO V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module).
   >
   > REST API connections in the Exchange Online PowerShell V3 module require the PowerShellGet and PackageManagement modules. For more information, see [PowerShellGet for REST-based connections in Windows](exchange-online-powershell-v2.md#powershellget-for-rest-based-connections-in-windows).
   >
@@ -65,7 +65,7 @@ For detailed syntax and parameter information, see [Connect-IPPSSession](/powers
 
 - _\<UPN\>_ is your account in user principal name format (for example, `[email protected]`).
 
-- In v3.2.0 or later of the module, if you don't use the _UseRPSSession_ switch in the **Connect-IPPSSession** command, you connect in REST API mode. To connect in remote PowerShell mode, use the _UseRPSSession_ switch. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+- In v3.2.0 or later of the module, if you don't use the _UseRPSSession_ switch in the **Connect-IPPSSession** command, you connect in REST API mode. To connect in remote PowerShell mode, use the _UseRPSSession_ switch. For more information, see [REST API connections in the EXO V3 module](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module).
 
 - The required _ConnectionUri_ and _AzureADAuthorizationEndpointUri_ values depend on the nature of your Microsoft 365 organization. Common values are described in the following table:
 

exchange/docs-conceptual/disable-access-to-exchange-online-powershell.md

@@ -3,36 +3,39 @@ title: "Enable or disable access to Exchange Online PowerShell"
 ms.author: chrisda
 author: chrisda
 manager: dansimp
-ms.date:
+ms.date: 9/1/2023
 ms.audience: Admin
 audience: Admin
 ms.topic: article
 ms.service: exchange-powershell
 ms.localizationpriority: medium
 ms.assetid: f969816a-2607-4655-9d47-9e8767fb5633
 search.appverid: MET150
-description: "Admins can learn how to enable or disable access to Exchange Online PowerShell for users in their organization"
+description: "Admins can learn how to disable or enable access to Exchange Online PowerShell for users in their organization"
 ---
 
 # Enable or disable access to Exchange Online PowerShell
 
-Exchange Online PowerShell enables you to manage your Exchange Online organization from the command line. By default, all accounts you create in Microsoft 365 are allowed to use Exchange Online PowerShell. Administrators can use Exchange Online PowerShell to enable or disable a user's ability to connect to Exchange Online PowerShell. Note that access to Exchange Online PowerShell doesn't give users extra administrative powers in your organization. A user's capabilities in Exchange Online PowerShell are still defined by role based access control (RBAC) and the roles that are assigned to them.
+Exchange Online PowerShell is the administrative interface that enables admins to manage the Exchange Online part of a Microsoft 365 organization from the command line (including many security features in Exchange Online Protection and Microsoft Defender for Office 365).
 
-> [!NOTE]
-> You can also use Client Access Rules to block PowerShell access to Exchange Online. For details, see [Client Access Rules in Exchange Online](/Exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules).
+By default, all accounts in Microsoft 365 are allowed to use Exchange Online PowerShell. This access doesn't give users administrative capabilities in an organization. They're still limited by [role based access control (RBAC)](/exchange/permissions-exo/permissions-exo) (for example, they can configure settings on their own mailbox or manage distribution groups that they own).
+
+Admins can use the procedures in this article to disable or enable a user's ability to connect to Exchange Online PowerShell.
 
 ## What do you need to know before you begin?
 
 - Estimated time to complete each procedure: less than 5 minutes
 
-- Microsoft 365 global admins have access to Exchange Online PowerShell, and can use the procedures in this article to configure Exchange Online PowerShell access for other users. For more information about permissions in Exchange Online, see [Feature Permissions in Exchange Online](/exchange/permissions-exo/feature-permissions).
+- The procedures in this article are available only in Exchange Online PowerShell. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md).
+
+- You need to be assigned permissions before you can do the procedures in this article. You have the following options:
+  - [Exchange Online RBAC](/exchange/permissions-exo/permissions-exo): Membership in the **Organization Management** or **Recipient Management** role groups.
+  - [Azure AD RBAC](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Global Administrator** role.
 
   > [!IMPORTANT]
-  > In your haste to quickly and globally disable remote PowerShell access in your organization, beware of commands like `Get-User | Set-User -RemotePowerShellEnabled $false` without considering admin accounts. Use the procedures in this article to selectively remove remote PowerShell access, or preserve access for those who need it by using the following syntax in your global removal command: `Get-User | Where-Object {$_.UserPrincipalName -ne '[email protected]' -and $_.UserPrincipalName -ne '[email protected]'...} | Set-User -RemotePowerShellEnabled $false`.
+  > In your haste to quickly and globally disable PowerShell access in your organization, beware of commands like `Get-User | Set-User -RemotePowerShellEnabled $false` without considering admin accounts. Use the procedures in this article to selectively remove remote PowerShell access, or preserve access for those who need it by using the following syntax in your global removal command: `Get-User | Where-Object {$_.UserPrincipalName -ne '[email protected]' -and $_.UserPrincipalName -ne '[email protected]'...} | Set-User -RemotePowerShellEnabled $false`.
   >
-  > If you accidentally lock yourself out of remote PowerShell access, create a new admin account in the Microsoft 365 admin center, and then use that account to give yourself remote PowerShell access using the procedures in this article.
-
-- You can only use Exchange Online PowerShell to perform this procedure. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md).
+  > If you accidentally lock yourself out of PowerShell access, create a new admin account in the Microsoft 365 admin center, and then use that account to give yourself PowerShell access using the procedures in this article.
 
 - For detailed information about OPATH filter syntax in Exchange Online, see [Additional OPATH syntax information](recipient-filters.md#additional-opath-syntax-information).
 
@@ -91,19 +94,19 @@ $<VariableName> | foreach {Set-User -Identity $_ -RemotePowerShellEnabled $false
 
 The following example uses the text file C:\My Documents\NoPowerShell.txt to identify the users by their accounts. The text file must contain one account on each line as follows:
 
-> [email protected] <br> [email protected] <br> [email protected]
+> [email protected] <br/> [email protected] <br/> [email protected]
 
 After you populate the text file with the user accounts you want to update, run the following commands:
 
 ```powershell
-$NPS = Get-Content "C:\My Documents\NoPowerShell.txt"
+$NoPS = Get-Content "C:\My Documents\NoPowerShell.txt"
 
-$NPS | foreach {Set-User -Identity $_ -RemotePowerShellEnabled $false}
+$NoPS | foreach {Set-User -Identity $_ -RemotePowerShellEnabled $false}
 ```
 
-## View the Exchange Online PowerShell access for users
+## View the Exchange Online PowerShell access status for users
 
-To view the remote PowerShell access status for a specific user, replace \<UserIdentity\> with the name or user principal name (UPN) of the user, and then run the following command:
+To view the PowerShell access status for a specific user, replace \<UserIdentity\> with the name or user principal name (UPN) of the user, and run the following command:
 
 ```powershell
 Get-User -Identity "<UserIdentity>" | Format-List RemotePowerShellEnabled