Merge branch 'MicrosoftDocs:main' into main

Author: Jeahenng

.github/workflows/AutoLabelMsftContributor.yml

@@ -1,3 +1,4 @@
+
 name: Auto label Microsoft contributors
 
 permissions:
@@ -31,4 +32,5 @@ jobs:
           PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
         secrets:
           AccessToken: ${{ secrets.GITHUB_TOKEN }}
-          TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
+          ClientId: ${{ secrets.M365_APP_CLIENT_ID }}
+          PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}

exchange/exchange-ps/exchange/Add-VivaOrgInsightsDelegatedRole.md

@@ -12,7 +12,7 @@ ms.reviewer:
 # Add-VivaOrgInsightsDelegatedRole
 
 ## SYNOPSIS
-This cmdlet is available only in the Exchange Online PowerShell module v3.7.0-Preview1 or later. For more information, see [About the Exchange Online PowerShell module](https://aka.ms/exov3-module).
+This cmdlet is available only in the Exchange Online PowerShell module v3.7.1 or later. For more information, see [About the Exchange Online PowerShell module](https://aka.ms/exov3-module).
 
 Use the Add-VivaOrgInsightsDelegatedRole cmdlet to add delegate access to the specified account (the delegate) so they can view organizational insights like the leader (the delegator).
 

exchange/exchange-ps/exchange/Connect-ExchangeOnline.md

@@ -42,6 +42,7 @@ Connect-ExchangeOnline
  [-CertificateThumbprint <String>]
  [-Credential <PSCredential>]
  [-Device]
+ [-DisableWAM]
  [-EnableErrorReporting]
  [-InlineCredential]
  [-LoadCmdletHelp]
@@ -276,9 +277,9 @@ Accept wildcard characters: False
 ### -AccessToken
 **Note**: This parameter is available in version 3.1.0 or later of the module.
 
-The AccessToken parameter specifies the OAuth JSON Web Token (JWT) that's used to connect to ExchangeOnline.
+The AccessToken parameter specifies the OAuth JSON Web Token (JWT) that's used to connect to Exchange Online.
 
-Depending on the type of access token, you need to use this parameter with the Organization, DelegatedOrganization, or UserPrincipalName parameter.
+Depending on the type of access token, you need to use this parameter with the Organization, DelegatedOrganization, or UserPrincipalName parameters.
 
 ```yaml
 Type: String
@@ -459,6 +460,26 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DisableWAM
+**Note**: This parameter is available in version 3.7.2-Preview1 or later of the module.
+
+The DisableWAM switch disables Web Account Manager (WAM). You don't need to specify a value with this switch.
+
+Starting in version 3.7.0, WAM is enabled by default when connecting to Exchange Online. If you encounter WAM-related issues during sign in, you can use this switch to disable WAM.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableErrorReporting
 The EnableErrorReporting switch specifies whether to enable error reporting. You don't need to specify a value with this switch.
 

exchange/exchange-ps/exchange/Export-ContentExplorerData.md

@@ -110,8 +110,6 @@ When you use this switch with the TagName, TagType, and Workload parameters, the
 - Exchange Online and Microsoft Teams: The list of UPNs.
 - The count of items in the folders stamped with relevant tag.
 
-
-
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)

exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md

@@ -83,8 +83,8 @@ Legacy Exchange tokens include Exchange user identity and callback tokens.
 
 **Important**:
 
-- Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch.
-- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+- The AllowLegacyExchangeTokens switch returns `Not Set` if tokens haven't been explicitly allowed or blocked in your organization using the _AllowLegacyExchangeTokens_ or _BlockLegacyExchangeTokens_ parameters on the **Set-AuthenticationPolicy** cmdlet. For more information, see [Get the status of legacy Exchange Online tokens and add-ins that use them](https://learn.microsoft.com/office/dev/add-ins/outlook/turn-exchange-tokens-on-off#get-the-status-of-legacy-exchange-online-tokens-and-add-ins-that-use-them).
+- As of February 17 2025, legacy Exchange tokens are blocked by default in all cloud-based organizations. Although tokens are blocked by default, the AllowLegacyExchangeTokens switch still returns `Not Set` if you haven't used the _AllowLegacyExchangeTokens_ or _BlockLegacyExchangeTokens_ parameters on the **Set-AuthenticationPolicy** cmdlet. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Get-MessageTrackingReport.md

@@ -48,7 +48,9 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 ```powershell
 $Temp = Search-MessageTrackingReport -Identity "David Jones" -Recipients "[email protected]"
 
-Get-MessageTrackingReport -Identity $Temp.MessageTrackingReportID -ReportTemplate Summary
+foreach ($reportId in $Temp.MessageTrackingReportId) {
+    Get-MessageTrackingReport -Identity $reportId -ReportTemplate Summary -Status Delivered
+}
 ```
 
 This example gets the message tracking report for messages sent from one user to another. This example returns the summary of the message tracking report for a message that David Jones sent to Wendy Richardson.

exchange/exchange-ps/exchange/Get-VivaOrgInsightsDelegatedRole.md

@@ -12,7 +12,7 @@ ms.reviewer:
 # Get-VivaOrgInsightsDelegatedRole
 
 ## SYNOPSIS
-This cmdlet is available only in the Exchange Online PowerShell module v3.7.0-Preview1 or later. For more information, see [About the Exchange Online PowerShell module](https://aka.ms/exov3-module).
+This cmdlet is available only in the Exchange Online PowerShell module v3.7.1 or later. For more information, see [About the Exchange Online PowerShell module](https://aka.ms/exov3-module).
 
 Use the Get-VivaOrgInsightsDelegatedRole cmdlet to view all delegates of the specified delegator. Delegate accounts can view organizational insights like the specified delegator.
 

exchange/exchange-ps/exchange/New-AppRetentionCompliancePolicy.md

@@ -308,6 +308,8 @@ Accept wildcard characters: False
 ```
 
 ### -PolicyRBACScopes
+**Note**: Admin units aren't currently supported, so this parameter isn't functional. The information presented here is for informational purposes when support for admin units is released.
+
 The PolicyRBACScopes parameter specifies the administrative units to assign to the policy. A valid value is the Microsoft Entra ObjectID (GUID value) of the administrative unit. You can specify multiple values separated by commas.
 
 Administrative units are available only in Microsoft Entra ID P1 or P2. You create and manage administrative units in Microsoft Graph PowerShell.

exchange/exchange-ps/exchange/New-AutoSensitivityLabelRule.md

@@ -254,6 +254,10 @@ The ContentContainsSensitiveInformation parameter specifies a condition for the
 
 This parameter uses the basic syntax `@(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...)`. For example, `@(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"; minCount="1"; minConfidence="85"})`.
 
+Exact Data Match sensitive information types are supported only groups. For example:
+
+`@(@{operator="And"; groups=@(@{name="Default"; operator="Or"; sensitivetypes=@(@{id="<<EDM SIT Id>>"; name="<<EDM SIT name>>"; maxcount="-1"; classifiertype="ExactMatch"; mincount="100"; confidencelevel="Medium"})})})`
+
 ```yaml
 Type: PswsHashtable[]
 Parameter Sets: (All)

exchange/exchange-ps/exchange/New-ProtectionAlert.md

@@ -14,7 +14,17 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell).
 
-Use the New-ProtectionAlert cmdlet to create alert policies in the Microsoft Purview compliance portal. Alert policies contain conditions that define the user activities to monitor, and the notification options for email alerts and entries in the Microsoft Purview compliance portal.
+Use the New-ProtectionAlert cmdlet to create alert policies in the Microsoft Purview compliance portal and the Microsoft Defender portal. Alert policies contain conditions that define the user activities to monitor, and the notification options for email alerts and entries.
+
+> [!NOTE]
+> Although the cmdlet is available, you receive the following error if you don't have an enterprise license:
+>
+> _Creating advanced alert policies requires an Office 365 E5 subscription or Office 365 E3 subscription with an Office 365 Threat Intelligence or
+Office 365 EquivioAnalytics add-on subscription for your organization. With your current subscription, only single event alerts can be created._
+>
+> You can bypass this error by specifying `-AggregationType None` and an `-Operation` within the command.
+>
+> For more information, see [Alert policies in Microsoft 365](https://learn.microsoft.com/purview/alert-policies).
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).