Merge branch 'main' into TestSPA-chrisda

Author: chrisda

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -48,7 +48,7 @@ Certificate based authentication (CBA) or app-only authentication as described i
 >   - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase)
 >   - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy)
 >
-> - Delegated scenarios are supported in **Exchange Online** using multi-tenant applications. The required steps are called out within the regular instructions in this article.
+> - Delegated scenarios are supported in Exchange Online. The recommended method for connecting with delegation is using GDAP and App Consent. For more information, see [Use the Exchange Online PowerShell v3 Module with GDAP and App Consent](/powershell/partnercenter/exchange-online-gdap-app). You can also use multi-tenant applications when CSP relationships are not created with the customer. The required steps for using multi-tenant applications are called out within the regular instructions in this article.
 
 ## How does it work?
 

exchange/exchange-ps/exchange/Get-Label.md

@@ -22,7 +22,7 @@ For information about the parameter sets in the Syntax section below, see [Excha
 
 ```
 Get-Label [[-Identity] <ComplianceRuleIdParameter>]
- [-IncludeDetailedLabelActions <System.Boolean>]
+ [-IncludeDetailedLabelActions]
  [-SkipValidations]
  [<CommonParameters>]
 ```
@@ -69,13 +69,10 @@ Accept wildcard characters: False
 ```
 
 ### -IncludeDetailedLabelActions
-The IncludeDetailedLabelActions parameter specifies whether to expand label actions into properties for better readability. Valid values are:
-
-- $true: Include detailed label actions.
-- $false: Don't include detailed label actions.
+The IncludeDetailedLabelActions parameter specifies whether to expand label actions into properties for better readability. You don't need to specify a value with this switch.
 
 ```yaml
-Type: System.Boolean
+Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Applicable: Security & Compliance

exchange/exchange-ps/exchange/New-DlpFingerprint.md

@@ -22,7 +22,6 @@ For information about the parameter sets in the Syntax section below, see [Excha
 
 ```
 New-DlpFingerprint [[-FileData] <Byte[]>] -Description <String>
- [-Threshold <UInt32>]
  [-Confirm]
  [-WhatIf]
  [<CommonParameters>]
@@ -98,27 +97,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Threshold
-The Threshold parameter specifies the confidence threshold to use for matches. Valid values are 0 to 100:
-
-- The value 0 matches all items, resulting in many false positives.
-- The value 100 demands a near-perfect match, but might also result in more false negatives.
-
-The default value is 50.
-
-```yaml
-Type: UInt32
-Parameter Sets: (All)
-Aliases:
-Applicable: Security & Compliance
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -WhatIf
 The WhatIf switch doesn't work in Security & Compliance PowerShell.
 

exchange/exchange-ps/exchange/New-Mailbox.md

@@ -911,16 +911,18 @@ Accept wildcard characters: False
 ```
 
 ### -EnableRoomMailboxAccount
+This parameter is functional only in on-premises Exchange.
+
 The EnableRoomMailboxAccount parameter specifies whether to enable the disabled user account that's associated with this room mailbox. Valid values are:
 
-- $true: The disabled account that's associated with the room mailbox is enabled. You also need to use the RoomMailboxPassword with this value. This allows the account to log on to the room mailbox.
-- $false: The account that's associated with the room mailbox is disabled. You can't use the account to logon to the room mailbox. This is the default value.
+- $true: The disabled account that's associated with the room mailbox is enabled. You also need to use the RoomMailboxPassword with this value. The account is able to log in and access the room mailbox or other resources.
+- $false: The account that's associated with the room mailbox is disabled. The account is not able to log in and access the room mailbox or other resources. In on-premises Exchange, this is the default value.
 
-You need to use this parameter with the Room switch.
+You need to enable the account for features like the Skype for Business Room System or Microsoft Teams Rooms.
 
-Typically, the account that's associated with a room mailbox is disabled. However, you need to enable the account for features like the Skype for Business Room System or Microsoft Teams Rooms.
+You need to use this parameter with the Room switch.
 
-In Exchange Online, a room mailbox with an associated enabled account doesn't require a license.
+A room mailbox in Exchange Online is created with associated an account that has an unknown password. This account is active and visible in Azure Active Directory PowerShell and the Microsoft 365 admin center just like a regular user account, but it consumes no licenses. If the password is known or changed, the account can be used to log in and access the mailbox or other resources. To prevent this account from being able to log in after you create the mailbox, use the Set-AzureADUser cmdlet in Azure Active Directory PowerShell. For instructions, see [Block Microsoft 365 user accounts with PowerShell](https://learn.microsoft.com/microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell).
 
 ```yaml
 Type: Boolean
@@ -1190,7 +1192,9 @@ The Room switch is required to create room mailboxes. You don't need to specify
 
 Room mailboxes are resource mailboxes that are associated with a specific location (for example, conference rooms).
 
-When you use this switch, a logon-disabled account is created with the room mailbox, which prevents users from signing in to the mailbox. When you use the EnableRoomMailboxAccount and RoomMailboxPassword parameters, you can mail-enable the associated account.
+When you use this switch in on-premises Exchange, a disabled account is created with the room mailbox. The account can't be used to sign in to the mailbox or anywhere in the organization. To enable the associated account, use the EnableRoomMailboxAccount and RoomMailboxPassword parameters.
+
+When you use this switch in Exchange Online, an account with an unknown password is created with the room mailbox. If the password is known or changed, the account can be used to log in to the mailbox or anywhere in the organization. To prevent this account from being able to log in after you create the room mailbox, use the Set-AzureADUser cmdlet in Azure Active Directory PowerShell. For instructions, see [Block Microsoft 365 user accounts with PowerShell](https://learn.microsoft.com/microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell).
 
 ```yaml
 Type: SwitchParameter
@@ -2006,19 +2010,26 @@ Accept wildcard characters: False
 ```
 
 ### -RoomMailboxPassword
-Use the RoomMailboxPassword parameter to configure the password for a room mailbox that has a logon-enabled account (the EnableRoomMailboxAccount parameter is set to the value $true.)
+This parameter is functional only in on-premises Exchange.
 
-To use this parameter, you need to be a member of one of the following role groups:
+Use the RoomMailboxPassword parameter to configure the password for the account that's associated with the room mailbox when that account is enabled and able to log in (the EnableRoomMailboxAccount parameter is set to the value $true).
 
-- Exchange Online: The Organization Management role group via the Mail Recipients, Reset Password, and User Options roles, the Help Desk role group via the Reset Password and User Options roles, or the Recipient Management role group via the Mail Recipients and Reset Password roles.
-- On-premises Exchange: The Organization Management role group via the Mail Recipients and User Options roles, the Recipient Management role group via the Mail Recipients role, or the Help Desk role group via the User Options role. The Reset Password role also allows you to use this parameter, but it isn't assigned to any role groups by default.
+To use this parameter in on-premises Exchange, you need to be a member of one of the following role groups:
+
+- The Organization Management role group via the Mail Recipients and User Options roles.
+- The Recipient Management role group via the Mail Recipients role.
+- The Help Desk role group via the User Options role.
+
+The Reset Password role also allows you to use this parameter, but it isn't assigned to any role groups by default.
 
 You can use the following methods as a value for this parameter:
 
 - `(ConvertTo-SecureString -String '<password>' -AsPlainText -Force)`.
 - Before you run this command, store the password as a variable (for example, `$password = Read-Host "Enter password" -AsSecureString`), and then use the variable (`$password`) for the value.
 - `(Get-Credential).password` to be prompted to enter the password securely when you run this command.
 
+To configure the password for a room mailbox account in Exchange Online, use Set-AzureADUserPassword cmdlet in Azure Active Directory PowerShell. For instructions, see [Manage passwords with PowerShell](https://learn.microsoft.com/microsoft-365/enterprise/manage-passwords-with-microsoft-365-powershell).
+
 ```yaml
 Type: SecureString
 Parameter Sets: EnableRoomMailboxAccount

exchange/exchange-ps/exchange/New-SharingPolicy.md

@@ -16,6 +16,8 @@ This cmdlet is available in on-premises Exchange and in the cloud-based service.
 
 Use the New-SharingPolicy cmdlet to create a sharing policy to regulate how users inside your organization can share calendar and contact information with users outside the organization. Users can only share this information after federation has been configured in Exchange. After federation is configured, users can send sharing invitations that comply with a sharing policy to external recipients in other Exchange Server 2010 or later organizations that have federation enabled. A sharing policy needs to get assigned to a mailbox to be effective. If a mailbox doesn't have a specific sharing policy assigned, a default policy enforces the level of sharing permitted for this mailbox.
 
+Sharing policies provide user-established, people-to-people sharing of both calendar and contact information with different types of external users. Sharing polices allow users to share both their free/busy and contact information (including the Calendar and Contacts folders) with recipients in other external federated Exchange organizations. For recipients that aren't in an external federated organization or are in non-Exchange organizations, sharing policies allow people-to-people sharing of their calendar information with anonymous users through the use of Internet Calendar Publishing.
+
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
 ## SYNTAX

exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md

@@ -81,6 +81,10 @@ The Entries parameter specifies the values that you want to add to the Tenant Al
 
 To enter multiple values, use the following syntax: `"Value1","Value2",..."ValueN"`.
 
+For senders, files, and URLs the maximum number of allow entries for each type is 500, and the maximum number of block entries for each type is 500 (1000 entries total for each type).
+
+The maximum number of characters in a file entry is 64 and the maximum number of characters in a URL entry is 250.
+
 You can't mix value types (file, sender, or URL) or allow and block actions in the same command.
 
 In most cases, you can't modify the URL, file, or sender values after you create the entry. The only exception is allow URL entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery).

exchange/exchange-ps/exchange/New-TenantAllowBlockListSpoofItems.md

@@ -64,7 +64,7 @@ Accept wildcard characters: False
 The SendingInfrastructure parameter specifies the source of the messages sent by the spoofed sender that's defined in the SpoofedUser parameter. Valid values are:
 
 - An email domain (for example contoso.com). The domain is found in the reverse DNS lookup (PTR record) of the source email server's IP address.
-- An IP address using the syntax: \<source IP\>/24 (for example, 192.168.100.100/24). Use the IP address if the source IP address has no PTR record.
+- An IP address using the syntax: \<source IP\>/24 (for example, 192.168.100.100/24). Use the IP address if the source IP address has no PTR record. /24 is the only available and maximum subnet depth.
 - A verified DKIM domain.
 
 ```yaml
@@ -86,6 +86,8 @@ The SpoofedUser parameter specifies the email address or domain for the spoofed
 - For domains outside your organization (cross-org), use the domain of the email address that appears in the From field of the message.
 - For domains inside your organization (intra-org), use the full email address that appears in the From field of the message.
 
+For spoofed senders, the maximum number of entries is 1024.
+
 ```yaml
 Type: String
 Parameter Sets: (All)

exchange/exchange-ps/exchange/Remove-UserPhoto.md

@@ -50,7 +50,7 @@ In on-premises Exchange, it also removes the user's photo from their Active Dire
 **Notes**:
 
 - Changes to the user photo won't appear in SharePoint until the affected user visits their profile page (My Site) or any SharePoint page that shows their large thumbnail image.
-- **Note**: In Microsoft Graph, the [Remove-MgUserPhoto](https://learn.microsoft.com/powershell/module/microsoft.graph.users/remove-mguserphoto) and [Update-MgUserPhoto](https://learn.microsoft.com/powershell/module/microsoft.graph.users/update-mguserphoto) cmdlets are also available.
+- In Microsoft Graph, the [Update-MgUserPhoto](https://learn.microsoft.com/powershell/module/microsoft.graph.users/update-mguserphoto) cmdlet is also available.
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 

exchange/exchange-ps/exchange/Set-Mailbox.md

@@ -2572,16 +2572,16 @@ Accept wildcard characters: False
 ```
 
 ### -EnableRoomMailboxAccount
-The EnableRoomMailboxAccount parameter specifies whether to enable the disabled user account that's associated with this room mailbox. Valid values are:
+This parameter is functional only in on-premises Exchange.
 
-- $true: The disabled account that's associated with the room mailbox is enabled. You also need to use the RoomMailboxPassword with this value. This allows the account to log on to the room mailbox.
-- $false: The account that's associated with the room mailbox is disabled. You can't use the account to logon to the room mailbox. This is the default value.
+The EnableRoomMailboxAccount parameter specifies whether to enable the disabled user account that's associated with this room mailbox. Valid values are:
 
-Typically, the account that's associated with a room mailbox is disabled. However, you need to enable the account for features like the Skype for Business Room System or Microsoft Teams Rooms.
+- $true: The disabled account that's associated with the room mailbox is enabled. You also need to use the RoomMailboxPassword with this value. The account is able to log in and access the room mailbox or other resources.
+- $false: The account that's associated with the room mailbox is disabled. The account is not able to log in and access the room mailbox or other resources. In on-premises Exchange, this is the default value.
 
-In Exchange Online, a room mailbox with an associated enabled account doesn't require a license.
+You need to enable the account for features like the Skype for Business Room System or Microsoft Teams Rooms.
 
-In an on-premises Exchange organization, you also need to enable the corresponding user account in Active Directory Users and Computers or by running the Enable-ADAccount cmdlet in Windows PowerShell.
+A room mailbox in Exchange Online is created with associated an account that has an unknown password. This account is active and visible in Azure Active Directory PowerShell and the Microsoft 365 admin center just like a regular user account, but it consumes no licenses. If the password is known or changed, the account can be used to log in and access the mailbox or other resources. To prevent this account from being able to log in, use the Set-AzureADUser cmdlet in Azure Active Directory PowerShell. For instructions, see [Block Microsoft 365 user accounts with PowerShell](https://learn.microsoft.com/microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell).
 
 ```yaml
 Type: Boolean
@@ -4975,14 +4975,26 @@ Accept wildcard characters: False
 ```
 
 ### -RoomMailboxPassword
-Use the RoomMailboxPassword parameter to change the password for a room mailbox that has an enabled account (the EnableRoomMailboxAccount parameter is set to the value $true.)
+This parameter is functional only in on-premises Exchange.
+
+Use the RoomMailboxPassword parameter to configure the password for the account that's associated with the room mailbox when that account is enabled and able to log in (the EnableRoomMailboxAccount parameter is set to the value $true).
+
+To use this parameter in on-premises Exchange, you need to be a member of one of the following role groups:
+
+- The Organization Management role group via the Mail Recipients and User Options roles.
+- The Recipient Management role group via the Mail Recipients role.
+- The Help Desk role group via the User Options role.
+
+The Reset Password role also allows you to use this parameter, but it isn't assigned to any role groups by default.
 
 You can use the following methods as a value for this parameter:
 
 - `(ConvertTo-SecureString -String '<password>' -AsPlainText -Force)`.
 - Before you run this command, store the password as a variable (for example, `$password = Read-Host "Enter password" -AsSecureString`), and then use the variable (`$password`) for the value.
 - `(Get-Credential).password` to be prompted to enter the password securely when you run this command.
 
+To configure the password for a room mailbox account in Exchange Online, use Set-AzureADUserPassword cmdlet in Azure Active Directory PowerShell. For instructions, see [Manage passwords with PowerShell](https://learn.microsoft.com/microsoft-365/enterprise/manage-passwords-with-microsoft-365-powershell).
+
 ```yaml
 Type: SecureString
 Parameter Sets: (All)