MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 15 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 15 additions & 0 deletions
diff --git a/‎exchange/docfx.json
Lines changed: 1 addition & 0 deletions b/‎exchange/docfx.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 30 additions & 13 deletions b/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 30 additions & 13 deletions
diff --git a/‎exchange/docs-conceptual/connect-exo-powershell-managed-identity.md
Lines changed: 2 additions & 2 deletions b/‎exchange/docs-conceptual/connect-exo-powershell-managed-identity.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎exchange/docs-conceptual/connect-to-exchange-online-powershell.md
Lines changed: 13 additions & 1 deletion b/‎exchange/docs-conceptual/connect-to-exchange-online-powershell.md
Lines changed: 13 additions & 1 deletion
diff --git a/‎exchange/docs-conceptual/connect-to-exchange-online-protection-powershell.md
Lines changed: 1 addition & 1 deletion b/‎exchange/docs-conceptual/connect-to-exchange-online-protection-powershell.md
Lines changed: 1 addition & 1 deletion
@@ -6919,6 +6919,21 @@
       "source_path": "exchange/virtual-folder/exchange/Update-EOPDistributionGroupMember.md",
       "redirect_url": "/powershell/module/exchange/update-distributiongroupmember",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Get-DefaultTenantBriefingConfig.md",
+      "redirect_url": "/viva/insights/personal/reference/briefing-pause",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Set-DefaultTenantBriefingConfig.md",
+      "redirect_url": "/viva/insights/personal/reference/briefing-pause",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "teams/teams-ps/teams/New-CsTeamsShiftsConnectionTeamMap.yml",
+      "redirect_url": "https://review.learn.microsoft.com/en-us/powershell/module/teams/",
+      "redirect_document_id": false
     }
   ]
 }
@@ -75,6 +75,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "author": "chrisda",
       "ms.author": "chrisda",
       "manager": "serdars",
 
@@ -3,7 +3,7 @@ title: App-only authentication in Exchange Online PowerShell and Security & Comp
 ms.author: chrisda
 author: chrisda
 manager: dansimp
-ms.date: 01/31/2023
+ms.date: 4/20/2023
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -44,10 +44,6 @@ Certificate based authentication (CBA) or app-only authentication as described i
 >
 >   You can use Microsoft Graph to replace most of the functionality from those cmdlets. For more information, see [Working with groups in Microsoft Graph](/graph/api/resources/groups-overview).
 >
-> - In Security & Compliance PowerShell, you can't use the procedures in this article with the following cmdlets:
->   - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase)
->   - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy)
->
 > - Delegated scenarios are supported in Exchange Online. The recommended method for connecting with delegation is using GDAP and App Consent. For more information, see [Use the Exchange Online PowerShell v3 Module with GDAP and App Consent](/powershell/partnercenter/exchange-online-gdap-app). You can also use multi-tenant applications when CSP relationships are not created with the customer. The required steps for using multi-tenant applications are called out within the regular instructions in this article.
 >
 > - If the procedures in this article don't work for you, verify that you don't have Beta versions of the PackageManagement or PowerShellGet modules installed by running the following command: `Get-InstalledModule PackageManagement -AllVersions; Get-InstalledModule PowerShellGet -AllVersions`.
@@ -166,7 +162,7 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
 
    ![Screenshot that shows App registrations in the Search results on the home page of the Azure portal.](media/exo-app-only-auth-find-app-registrations.png)
 
-   Or, to go directly to the **App registrations** page, use <https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps>.
+   Or, to go directly to the **App registrations** page, use <https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade>.
 
 3. On the **App registrations** page, click **New registration**.
 
@@ -219,6 +215,25 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
    ],
    ```
 
+   > [!NOTE]
+   > Microsoft 365 GCC High or DoD environments have access to Security & Compliance PowerShell only. Use the following values for `resourceAppId`, `resourceAccess id`, and `resourceAccess type`:
+   >
+   > ```json
+   > "requiredResourceAccess": [
+   >    {
+   >      "resourceAppId": "00000007-0000-0ff1-ce00-000000000000",
+   >      "resourceAccess": [
+   >         {
+   >            "id": "455e5cd2-84e8-4751-8344-5672145dfa17",
+   >            "type": "Role"
+   >         }
+   >      ]
+   >    }
+   > ],
+   > ```
+   >
+   > 
+
    When you're finished, click **Save**.
 
 3. Still on the **Manifest** page, under **Management**, select **API permissions**.
@@ -314,7 +329,7 @@ For more information about the URL syntax, see [Request the permissions from a d
 You have two options:
 
 - **Assign Azure AD roles to the application**: This method is supported in Exchange Online PowerShell and Security & Compliance PowerShell.
-- **Assign custom Exchange Online role groups to the application**: Currently, this method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
+- **Assign custom Exchange Online role groups to the application using service principals**: Currently, this method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
 
 > [!NOTE]
 > You can also combine both methods to assign permissions. For example, you can use Azure AD roles for the "Exchange Recipient Administrator" role and also assign your custom RBAC role to extend the permissions.
@@ -390,14 +405,16 @@ For general instructions about assigning roles in Azure AD, see [View and assign
 
      ![The role assignments page after to added the app to the role for Security & Compliance PowerShell.](media/exo-app-only-auth-app-assigned-to-role-scc.png)
 
-#### Assign custom Exchange Online role groups to the application
+#### Assign custom Exchange Online role groups to the application using service principals
 
 > [!NOTE]
-> Remember, this method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
+> You need to connect to Exchange Online PowerShell or Security & Compliance PowerShell _before_ completing steps to create a new service principal. Creating a new service principal without connecting to PowerShell won't work (your Azure App ID and Object ID is needed to create the new service principal).
+>
+> This method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
 
 For information about creating custom role groups, see [Create role groups](/exchange/permissions-exo/role-groups#create-role-groups). The custom role group that you assign to the application can contain any combination of built-in and custom roles.
 
-To assign custom Exchange Online role groups to the application, do the following steps:
+To assign custom role groups to the application using service principals, do the following steps:
 
 1. In [Azure Active Directory PowerShell for Graph](/powershell/azure/active-directory/install-adv2), run the following command to store the details of the Azure application that you registered in [Step 1](#step-1-register-the-application-in-azure-ad) in a variable:
 
@@ -413,8 +430,8 @@ To assign custom Exchange Online role groups to the application, do the followin
 
    For detailed syntax and parameter information, see [Get-AzureADServicePrincipal](/powershell/module/azuread/get-azureadserviceprincipal).
 
-2. In the same PowerShell window, connect to [Exchange Online PowerShell](connect-to-exchange-online-powershell.md) and run the following commands to:
-   - Create an Exchange Online service principal object for the Azure application.
+2. In the same PowerShell window, connect to [Exchange Online PowerShell](connect-to-exchange-online-powershell.md) or [Security & Compliance PowerShell](connect-to-scc-powershell.md) and run the following commands to:
+   - Create a service principal object for the Azure application.
    - Store the details of the service principal in a variable.
 
    ```powershell
@@ -433,7 +450,7 @@ To assign custom Exchange Online role groups to the application, do the followin
 
    For detailed syntax and parameter information, see [New-ServicePrincipal](/powershell/module/exchange/new-serviceprincipal).
 
-3. In Exchange Online PowerShell, run the following command to add the service principal as a member of the custom role group:
+3. In Exchange Online PowerShell or Security & Compliance PowerShell, run the following command to add the service principal as a member of the custom role group:
 
    ```powershell
    Add-RoleGroupMember -Identity "<CustomRoleGroupName>" -Member <$<VariableName2>.Identity | $<VariableName2>.ServiceId | $<VariableName2>.Id>
 
@@ -375,7 +375,7 @@ To assign a role to the managed identity in Microsoft Graph PowerShell, do the f
 
    ```powershell
    $RoleID = (Get-MgRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '<Role Name>'").Id
-   
+
    New-MgRoleManagementDirectoryRoleAssignment -PrincipalId $MI_ID -RoleDefinitionId $RoleID -DirectoryScopeId "/"
    ```
 
@@ -386,7 +386,7 @@ To assign a role to the managed identity in Microsoft Graph PowerShell, do the f
 
    ```powershell
    $RoleID = (Get-MgRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq 'Exchange Administrator'").Id
-   
+
    New-MgRoleManagementDirectoryRoleAssignment -PrincipalId $MI_ID -RoleDefinitionId $RoleID -DirectoryScopeId "/"
    ```
 
 
@@ -165,7 +165,7 @@ The connection examples in the following sections use modern authentication, and
   2. On any other device with a web browser and internet access, open <https://microsoft.com/devicelogin> and enter the \<XXXXXXXXX\> code value from the previous step.
 
   3. Enter your credentials on the resulting pages.
-  
+
   4. In the confirmation prompt, click **Continue**. The next message should indicate success, and you can close the browser or tab.
 
   5. The command from step 1 continues to connect you to Exchange Online PowerShell.
@@ -240,6 +240,18 @@ If you receive errors, check the following requirements:
 
 - If your organization uses federated authentication, and your identity provider (IDP) and/or security token service (STS) isn't publicly available, you can't use a federated account to connect to Exchange Online PowerShell. Instead, create and use a non-federated account in Microsoft 365 to connect to Exchange Online PowerShell.
 
+- REST-based connections to Exchange Online PowerShell require the PowerShellGet module, and by dependency, the PackageManagement module, so you'll receive errors if you try to connect without having them installed. For example, you might see the following error:
+
+  > The term 'Update-ModuleManifest' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
+
+  For more information about the PowerShellGet and PackageManagement module requirements, see [PowerShellGet for REST-based connections in Windows](exchange-online-powershell-v2.md#powershellget-for-rest-based-connections-in-windows).
+
+- After you connect, you might received an error that looks like this:
+
+  > Could not load file or assembly 'System.IdentityModel.Tokens.Jwt,Version=\<Version\>, Culture=neutral, PublicKeyToken=\<TokenValue\>'. Could not find or load a specific file.
+
+  This error happens when the Exchange Online PowerShell module conflicts with another module that's imported into the runspace. Try connecting in a new Windows PowerShell window before importing other modules.
+
 ## Appendix: Comparison of old and new connection methods
 
 This section attempts to compare older connection methods that have been replaced by the Exchange Online PowerShell module. The Basic authentication and OAuth token procedures are included for historical reference only and are no longer supported.
 
@@ -28,7 +28,7 @@ For more information about Exchange Online Protection PowerShell, see [Exchange
 > Version 2.0.5 and earlier is known as the Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module). Version 3.0.0 and later is known as the Exchange Online PowerShell V3 module (abbreviated as the EXO V3 module).
 >
 > As of June 2020, the instructions for connecting to standalone Exchange Online Protection PowerShell and Exchange Online PowerShell are basically the same. If you use the **Connect-IPPSSession** cmdlet with the _ConnectionUri_ parameter value `https://ps.protection.outlook.com/powershell-liveid/`, you're redirected to the same `https://outlook.office365.com/powershell-liveid/` endpoint that's used by **Connect-ExchangeOnline** for Exchange Online PowerShell connections.
->  
+>
 > Remote PowerShell support in Exchange Online PowerShell will be deprecated. For more information, see [Announcing Deprecation of Remote PowerShell (RPS) Protocol in Exchange Online PowerShell](https://aka.ms/RPSDeprecation).
 
 ## What do you need to know before you begin?
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ For more information about Exchange Online Protection PowerShell, see [Exchange`
`28`	`28`	`> Version 2.0.5 and earlier is known as the Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module). Version 3.0.0 and later is known as the Exchange Online PowerShell V3 module (abbreviated as the EXO V3 module).`
`29`	`29`	`>`
`30`	`30`	> As of June 2020, the instructions for connecting to standalone Exchange Online Protection PowerShell and Exchange Online PowerShell are basically the same. If you use the Connect-IPPSSession cmdlet with the _ConnectionUri_ parameter value `https://ps.protection.outlook.com/powershell-liveid/`, you're redirected to the same `https://outlook.office365.com/powershell-liveid/` endpoint that's used by Connect-ExchangeOnline for Exchange Online PowerShell connections.
`31`		`->`
	`31`	`+>`
`32`	`32`	`> Remote PowerShell support in Exchange Online PowerShell will be deprecated. For more information, see [Announcing Deprecation of Remote PowerShell (RPS) Protocol in Exchange Online PowerShell](https://aka.ms/RPSDeprecation).`
`33`	`33`
`34`	`34`	`## What do you need to know before you begin?`