MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 15 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 15 additions & 0 deletions
diff --git a/‎exchange/docfx.json
Lines changed: 1 addition & 0 deletions b/‎exchange/docfx.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 33 additions & 15 deletions b/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 33 additions & 15 deletions
diff --git a/‎exchange/docs-conceptual/connect-exo-powershell-managed-identity.md
Lines changed: 9 additions & 5 deletions b/‎exchange/docs-conceptual/connect-exo-powershell-managed-identity.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎exchange/docs-conceptual/connect-to-exchange-online-powershell.md
Lines changed: 18 additions & 5 deletions b/‎exchange/docs-conceptual/connect-to-exchange-online-powershell.md
Lines changed: 18 additions & 5 deletions
@@ -6919,6 +6919,21 @@
       "source_path": "exchange/virtual-folder/exchange/Update-EOPDistributionGroupMember.md",
       "redirect_url": "/powershell/module/exchange/update-distributiongroupmember",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Get-DefaultTenantBriefingConfig.md",
+      "redirect_url": "/viva/insights/personal/reference/briefing-pause",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "exchange/virtual-folder/exchange/Set-DefaultTenantBriefingConfig.md",
+      "redirect_url": "/viva/insights/personal/reference/briefing-pause",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "teams/teams-ps/teams/New-CsTeamsShiftsConnectionTeamMap.yml",
+      "redirect_url": "https://review.learn.microsoft.com/en-us/powershell/module/teams/",
+      "redirect_document_id": false
     }
   ]
 }
@@ -75,6 +75,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "author": "chrisda",
       "ms.author": "chrisda",
       "manager": "serdars",
 
@@ -3,7 +3,7 @@ title: App-only authentication in Exchange Online PowerShell and Security & Comp
 ms.author: chrisda
 author: chrisda
 manager: dansimp
-ms.date: 01/31/2023
+ms.date: 5/3/2023
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -44,10 +44,6 @@ Certificate based authentication (CBA) or app-only authentication as described i
 >
 >   You can use Microsoft Graph to replace most of the functionality from those cmdlets. For more information, see [Working with groups in Microsoft Graph](/graph/api/resources/groups-overview).
 >
-> - In Security & Compliance PowerShell, you can't use the procedures in this article with the following cmdlets:
->   - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase)
->   - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy)
->
 > - Delegated scenarios are supported in Exchange Online. The recommended method for connecting with delegation is using GDAP and App Consent. For more information, see [Use the Exchange Online PowerShell v3 Module with GDAP and App Consent](/powershell/partnercenter/exchange-online-gdap-app). You can also use multi-tenant applications when CSP relationships are not created with the customer. The required steps for using multi-tenant applications are called out within the regular instructions in this article.
 >
 > - If the procedures in this article don't work for you, verify that you don't have Beta versions of the PackageManagement or PowerShellGet modules installed by running the following command: `Get-InstalledModule PackageManagement -AllVersions; Get-InstalledModule PowerShellGet -AllVersions`.
@@ -65,7 +61,7 @@ The following examples show how to use the Exchange Online PowerShell module wit
 >
 > The following connection commands have many of the same options available as described in [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md) and [Connect to Security & Compliance PowerShell](connect-to-scc-powershell.md). For example:
 >
-> - In Exchange Online PowerShell using the EXO V3 module, you can omit or include the _UseRPSSession_ switch to use REST API cmdlets or original remote PowerShell cmdlets. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+> - You can use REST API cmdlets or original remote PowerShell cmdlets. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
 >
 >   Remote PowerShell support in Exchange Online PowerShell will be deprecated. For more information, see [Announcing Deprecation of Remote PowerShell (RPS) Protocol in Exchange Online PowerShell](https://aka.ms/RPSDeprecation).
 >
@@ -75,10 +71,13 @@ The following examples show how to use the Exchange Online PowerShell module wit
 >   - **Connect-ExchangeOnline in DoD**: `-ExchangeEnvironmentName O365USGovDoD`.
 >   - **Connect-IPPSSession in DoD**: `-ConnectionUri https://l5.ps.compliance.protection.office365.us/powershell-liveid/ -AzureADAuthorizationEndpointUri https://login.microsoftonline.us/common`.
 >
-> - If a **Connect-IPPSSession** command present a login prompt, run the command: `$Global:IsWindows = $true` before the **Connect-IPPSSession** command.
+> - If a **Connect-IPPSSession** command presents a login prompt, run the command: `$Global:IsWindows = $true` before the **Connect-IPPSSession** command.
 
 - **Connect using a certificate thumbprint**:
 
+  > [!NOTE]
+  > The CertificateThumbprint parameter is supported only in Microsoft Windows.
+
   The certificate needs to be installed on the computer where you're running the command. The certificate should be installed in the user certificate store.
 
   - <u>Exchange Online PowerShell</u>:
@@ -166,7 +165,7 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
 
    ![Screenshot that shows App registrations in the Search results on the home page of the Azure portal.](media/exo-app-only-auth-find-app-registrations.png)
 
-   Or, to go directly to the **App registrations** page, use <https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps>.
+   Or, to go directly to the **App registrations** page, use <https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade>.
 
 3. On the **App registrations** page, click **New registration**.
 
@@ -219,6 +218,23 @@ For a detailed visual flow about creating applications in Azure AD, see <https:/
    ],
    ```
 
+   > [!NOTE]
+   > Microsoft 365 GCC High or DoD environments have access to Security & Compliance PowerShell only. Use the following values for `resourceAppId`, `resourceAccess id`, and `resourceAccess type`:
+   >
+   > ```json
+   > "requiredResourceAccess": [
+   >    {
+   >      "resourceAppId": "00000007-0000-0ff1-ce00-000000000000",
+   >      "resourceAccess": [
+   >         {
+   >            "id": "455e5cd2-84e8-4751-8344-5672145dfa17",
+   >            "type": "Role"
+   >         }
+   >      ]
+   >    }
+   > ],
+   > ```
+
    When you're finished, click **Save**.
 
 3. Still on the **Manifest** page, under **Management**, select **API permissions**.
@@ -314,7 +330,7 @@ For more information about the URL syntax, see [Request the permissions from a d
 You have two options:
 
 - **Assign Azure AD roles to the application**: This method is supported in Exchange Online PowerShell and Security & Compliance PowerShell.
-- **Assign custom Exchange Online role groups to the application**: Currently, this method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
+- **Assign custom Exchange Online role groups to the application using service principals**: This method is supported only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
 
 > [!NOTE]
 > You can also combine both methods to assign permissions. For example, you can use Azure AD roles for the "Exchange Recipient Administrator" role and also assign your custom RBAC role to extend the permissions.
@@ -390,14 +406,16 @@ For general instructions about assigning roles in Azure AD, see [View and assign
 
      ![The role assignments page after to added the app to the role for Security & Compliance PowerShell.](media/exo-app-only-auth-app-assigned-to-role-scc.png)
 
-#### Assign custom Exchange Online role groups to the application
+#### Assign custom Exchange Online role groups to the application using service principals
 
 > [!NOTE]
-> Remember, this method is supported only in Exchange Online PowerShell, and only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module) (don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command).
+> You need to connect to Exchange Online PowerShell or Security & Compliance PowerShell _before_ completing steps to create a new service principal. Creating a new service principal without connecting to PowerShell won't work (your Azure App ID and Object ID is needed to create the new service principal).
+>
+> This method is supported only when you connect in [REST API mode](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
 
 For information about creating custom role groups, see [Create role groups](/exchange/permissions-exo/role-groups#create-role-groups). The custom role group that you assign to the application can contain any combination of built-in and custom roles.
 
-To assign custom Exchange Online role groups to the application, do the following steps:
+To assign custom role groups to the application using service principals, do the following steps:
 
 1. In [Azure Active Directory PowerShell for Graph](/powershell/azure/active-directory/install-adv2), run the following command to store the details of the Azure application that you registered in [Step 1](#step-1-register-the-application-in-azure-ad) in a variable:
 
@@ -413,8 +431,8 @@ To assign custom Exchange Online role groups to the application, do the followin
 
    For detailed syntax and parameter information, see [Get-AzureADServicePrincipal](/powershell/module/azuread/get-azureadserviceprincipal).
 
-2. In the same PowerShell window, connect to [Exchange Online PowerShell](connect-to-exchange-online-powershell.md) and run the following commands to:
-   - Create an Exchange Online service principal object for the Azure application.
+2. In the same PowerShell window, connect to [Exchange Online PowerShell](connect-to-exchange-online-powershell.md) or [Security & Compliance PowerShell](connect-to-scc-powershell.md) and run the following commands to:
+   - Create a service principal object for the Azure application.
    - Store the details of the service principal in a variable.
 
    ```powershell
@@ -433,7 +451,7 @@ To assign custom Exchange Online role groups to the application, do the followin
 
    For detailed syntax and parameter information, see [New-ServicePrincipal](/powershell/module/exchange/new-serviceprincipal).
 
-3. In Exchange Online PowerShell, run the following command to add the service principal as a member of the custom role group:
+3. In Exchange Online PowerShell or Security & Compliance PowerShell, run the following command to add the service principal as a member of the custom role group:
 
    ```powershell
    Add-RoleGroupMember -Identity "<CustomRoleGroupName>" -Member <$<VariableName2>.Identity | $<VariableName2>.ServiceId | $<VariableName2>.Id>
 
@@ -3,7 +3,7 @@ title: Use Azure managed identities to connect to Exchange Online PowerShell
 ms.author: chrisda
 author: chrisda
 manager: dansimp
-ms.date:
+ms.date: 5/10/2023
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -242,6 +242,9 @@ For detailed syntax and parameter information, see [Get-AzADServicePrincipal](/p
 
 #### Add the Exchange Online PowerShell module to Azure Automation accounts with system-assigned managed identities
 
+> [!TIP]
+> If the following procedure in the Azure portal doesn't work for you, try the **New-AzAutomationModule** command in Azure PowerShell that's described after the Azure portal procedure.
+
 1. On the **Automation accounts** page at <https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts>, select the Automation account.
 2. In the details flyout that opens, start typing "Modules" in the ![Search icon.](media/search-icon.png) **Search** box, and then select **Modules** from results.
 3. On the **Modules** flyout that opens, click ![Add module icon.](media/add-icon.png) **Add a module**.
@@ -261,17 +264,18 @@ For detailed syntax and parameter information, see [Get-AzADServicePrincipal](/p
 To add the module to the Automation account in Azure PowerShell, use the following syntax:
 
 ```powershell
-New-AzAutomationModule -ResourceGroupName "<ResourceGroupName>" -AutomationAccountName "<AutomationAccountName>" -Name ExchangeOnlineManagement -ContentLinkUri https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.0.0
+New-AzAutomationModule -ResourceGroupName "<ResourceGroupName>" -AutomationAccountName "<AutomationAccountName>" -Name ExchangeOnlineManagement -ContentLinkUri https://www.powershellgallery.com/packages/ExchangeOnlineManagement/<LatestModuleVersion>
 ```
 
 - \<ResourceGroupName\> is the name of the resource group that's already assigned to the Automation account.
 - \<AutomationAccountName\> is the name of the Automation account.
+- \<LatestModuleVersion\> is the current version of the ExchangeOnlineManagement module. To see the latest GA (non-Preview) version of the module, run the following command in Windows PowerShell: `Find-Module ExchangeOnlineManagement`. To see the latest Preview release, run the following command: `Find-Module ExchangeOnlineManagement -AllowPrerelease`.
 - Currently, the PowerShell procedures don't give you a choice for the runtime version (it's 5.1).
 
 For example:
 
 ```powershell
-New-AzAutomationModule -ResourceGroupName "ContosoRG" -AutomationAccountName "ContosoAzAuto1" -Name ExchangeOnlineManagement -ContentLinkUri https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.0.0
+New-AzAutomationModule -ResourceGroupName "ContosoRG" -AutomationAccountName "ContosoAzAuto1" -Name ExchangeOnlineManagement -ContentLinkUri https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0
 ```
 
 To verify that the module imported successfully, run the following command:
@@ -375,7 +379,7 @@ To assign a role to the managed identity in Microsoft Graph PowerShell, do the f
 
    ```powershell
    $RoleID = (Get-MgRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '<Role Name>'").Id
-   
+
    New-MgRoleManagementDirectoryRoleAssignment -PrincipalId $MI_ID -RoleDefinitionId $RoleID -DirectoryScopeId "/"
    ```
 
@@ -386,7 +390,7 @@ To assign a role to the managed identity in Microsoft Graph PowerShell, do the f
 
    ```powershell
    $RoleID = (Get-MgRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq 'Exchange Administrator'").Id
-   
+
    New-MgRoleManagementDirectoryRoleAssignment -PrincipalId $MI_ID -RoleDefinitionId $RoleID -DirectoryScopeId "/"
    ```
 
 
@@ -34,7 +34,7 @@ To connect to Exchange Online PowerShell from C#, see [Use C# to connect to Exch
 - The requirements for installing and using the module are described in [Install and maintain the Exchange Online PowerShell module](exchange-online-powershell-v2.md#install-and-maintain-the-exchange-online-powershell-module).
 
   > [!NOTE]
-  > If you're using the EXO V3 module (v3.0.0 or later) and you don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command, you'll have access to REST API cmdlets _only_. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
+  > If you're using the EXO V3 module (v3.0.0 or later) and you don't use the _UseRPSSession_ switch in the **Connect-ExchangeOnline** command, you have access to REST API cmdlets _only_. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
   >
   > Remote PowerShell support in Exchange Online PowerShell will be deprecated. For more information, see [Announcing Deprecation of Remote PowerShell (RPS) Protocol in Exchange Online PowerShell](https://aka.ms/RPSDeprecation).
 
@@ -69,8 +69,6 @@ Connect-ExchangeOnline -UserPrincipalName <UPN> [-UseRPSSession] [-ExchangeEnvir
 
 For detailed syntax and parameter information, see [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline).
 
-**Notes**:
-
 - _\<UPN\>_ is your account in user principal name format (for example, `[email protected]`).
 
 - With the EXO V3 module (v3.0.0 or later), if you don't use the _UseRPSSession_ switch, you're using REST API cmdlets only. For more information, see [Updates for the EXO V3 module)](exchange-online-powershell-v2.md#updates-for-the-exo-v3-module).
@@ -165,7 +163,7 @@ The connection examples in the following sections use modern authentication, and
   2. On any other device with a web browser and internet access, open <https://microsoft.com/devicelogin> and enter the \<XXXXXXXXX\> code value from the previous step.
 
   3. Enter your credentials on the resulting pages.
-  
+
   4. In the confirmation prompt, click **Continue**. The next message should indicate success, and you can close the browser or tab.
 
   5. The command from step 1 continues to connect you to Exchange Online PowerShell.
@@ -209,7 +207,7 @@ For more information, see [Use Azure managed identities to connect to Exchange O
 
 ## Step 3: Disconnect when you're finished
 
-Be sure to disconnect the session when you're finished. If you close the PowerShell window without disconnecting the session, you could use up all the sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the session, run the following command.
+Be sure to disconnect the session when you're finished. If you close the PowerShell window without disconnecting the session, you could use up all the sessions available to you, and you need to wait for the sessions to expire. To disconnect the session, run the following command:
 
 ```powershell
 Disconnect-ExchangeOnline
@@ -240,6 +238,18 @@ If you receive errors, check the following requirements:
 
 - If your organization uses federated authentication, and your identity provider (IDP) and/or security token service (STS) isn't publicly available, you can't use a federated account to connect to Exchange Online PowerShell. Instead, create and use a non-federated account in Microsoft 365 to connect to Exchange Online PowerShell.
 
+- REST-based connections to Exchange Online PowerShell require the PowerShellGet module, and by dependency, the PackageManagement module, so you'll receive errors if you try to connect without having them installed. For example, you might see the following error:
+
+  > The term 'Update-ModuleManifest' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
+
+  For more information about the PowerShellGet and PackageManagement module requirements, see [PowerShellGet for REST-based connections in Windows](exchange-online-powershell-v2.md#powershellget-for-rest-based-connections-in-windows).
+
+- After you connect, you might received an error that looks like this:
+
+  > Could not load file or assembly 'System.IdentityModel.Tokens.Jwt,Version=\<Version\>, Culture=neutral, PublicKeyToken=\<TokenValue\>'. Could not find or load a specific file.
+
+  This error happens when the Exchange Online PowerShell module conflicts with another module that's imported into the runspace. Try connecting in a new Windows PowerShell window before importing other modules.
+
 ## Appendix: Comparison of old and new connection methods
 
 This section attempts to compare older connection methods that have been replaced by the Exchange Online PowerShell module. The Basic authentication and OAuth token procedures are included for historical reference only and are no longer supported.
@@ -400,6 +410,9 @@ This section attempts to compare older connection methods that have been replace
 
   - **Certificate thumbprint**:
 
+    > [!NOTE]
+    > The CertificateThumbprint parameter is supported only in Microsoft Windows.
+
     ```powershell
     Connect-ExchangeOnline -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contoso.onmicrosoft.com"
     ```