Merge branch 'main' into patch-26

Author: mkbond007

.github/workflows/AutoLabelAssign.yml

@@ -0,0 +1,35 @@
+name: Assign and label PR
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-assign:
+        name: Run assign and label
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
+        with:
+            PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+            AutoAssignUsers: 1
+            AutoLabel: 1
+            ExcludedUserList: '["user1", "user2"]'
+            ExcludedBranchList: '["branch1", "branch2"]'
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/AutoLabelMsftContributor.yml

@@ -0,0 +1,34 @@
+name: Auto label Microsoft contributors
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        if: github.repository_visibility == 'public'
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-msft:
+        name: Label Microsoft contributors
+        if: github.repository_visibility == 'public'
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
+        with:
+          PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+        secrets:
+          AccessToken: ${{ secrets.GITHUB_TOKEN }}
+          TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}

.github/workflows/BackgroundTasks.yml

@@ -0,0 +1,26 @@
+name: Background tasks
+
+permissions:
+  pull-requests: write
+  contents: read
+  
+on:
+  pull_request_target:
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Save payload data
+        env:
+          PayloadJson: ${{ toJSON(github) }}
+          AccessToken: ${{ github.token }}
+        run: |
+          mkdir -p ./pr
+          echo $PayloadJson > ./pr/PayloadJson.json
+          sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: PayloadJson
+          path: pr/

.github/workflows/LiveMergeCheck.yml

@@ -0,0 +1,19 @@
+name: PR can merge into branch
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, edited]
+
+jobs:
+
+  live-merge:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/PrFileCount.yml

@@ -0,0 +1,19 @@
+name: PR file count less than limit
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, labeled, unlabeled, edited]
+
+jobs:
+
+  file-count:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ProtectedFiles.yml

@@ -0,0 +1,17 @@
+name: PR has no protected files
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: [pull_request_target]
+
+jobs:
+
+  protected-files:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}

exchange/exchange-ps/exchange/New-Label.md

@@ -722,6 +722,7 @@ Accept wildcard characters: False
 The DynamicWatermarkDisplay parameter specifies the watermark text to display for a given label. This parameter supports text and the following special tokens:
 
 - `${Consumer.PrincipalName}`: Required. The value is the user principal name (UPN) of the user.
+- `${Device.DateTime}`: Optional. The value is current date/time of the device used to view the document.
 
 This parameter is meaningful only when the ApplyDynamicWatermarkingEnabled parameter value is $true.
 

exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md

@@ -66,16 +66,7 @@ Accept wildcard characters: False
 ### -AllowLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens. You don't need to specify a value with this switch.
-
-Legacy Exchange tokens (for example, Exchange user identity and callback tokens) are used by Outlook add-ins.
-
-**Important**:
-
-- The Microsoft Report Message and Report Phishing add-ins require legacy Exchange tokens to work.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations.
-
-For more information on the Report Message and Report Phishing add-ins, see [Enable the Microsoft Report Message or the Report Phishing add-ins](https://learn.microsoft.com/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure).
+This parameter is reserved for internal Microsoft use.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md

@@ -354,16 +354,7 @@ Accept wildcard characters: False
 ### -AllowLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens. You don't need to specify a value with this switch.
-
-Legacy Exchange tokens (for example, Exchange user identity and callback tokens) are used by Outlook add-ins.
-
-**Important**:
-
-- The Microsoft Report Message and Report Phishing add-ins require legacy Exchange tokens to work.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations.
-
-For more information on the Report Message and Report Phishing add-ins, see [Enable the Microsoft Report Message or the Report Phishing add-ins](https://learn.microsoft.com/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure).
+This parameter is reserved for internal Microsoft use.
 
 ```yaml
 Type: SwitchParameter
@@ -549,16 +540,7 @@ Accept wildcard characters: False
 ### -BlockLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens. You don't need to specify a value with this switch.
-
-Legacy Exchange tokens (for example, Exchange user identity and callback tokens) are used by Outlook add-ins.
-
-**Important**:
-
-- The Microsoft Report Message and Report Phishing add-ins require legacy Exchange tokens to work.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations.
-
-For more information about the Report Message and Report Phishing add-ins, see [Enable the Microsoft Report Message or the Report Phishing add-ins](https://learn.microsoft.com/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure).
+This parameter is reserved for internal Microsoft use.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Set-Label.md

@@ -720,6 +720,7 @@ Accept wildcard characters: False
 The DynamicWatermarkDisplay parameter specifies the watermark text to display for a given label. This parameter supports text and the following special tokens:
 
 - **"\`${Consumer.PrincipalName}**": Required. The value is the user principal name (UPN) of the user.
+- **"\`${Device.DateTime}**": Optional. The value is current date/time of the device used to view the document.
 
 **Tip** The back quotation mark character ( \` ) is required as an escape character for the dollar sign character ( $ ) in PowerShell. For more information, see [Escape characters in Exchange PowerShell](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax#escape-characters-in-exchange-powershell).