diff --git a/exchange/exchange-ps/ExchangePowerShell/Enable-OutlookAnywhere.md b/exchange/exchange-ps/ExchangePowerShell/Enable-OutlookAnywhere.md
index abc2ac60b5..c934496e30 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Enable-OutlookAnywhere.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Enable-OutlookAnywhere.md
@@ -63,21 +63,21 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 
 ### Example 1
 ```powershell
-Enable-OutlookAnywhere -Server:Server01 -ExternalHostname:mail.contoso.com -ClientAuthenticationMethod:Ntlm -SSLOffloading:$true
+Enable-OutlookAnywhere -Server Server01 -ExternalHostname mail.contoso.com -ClientAuthenticationMethod Ntlm -SSLOffloading $true
 ```
 
 This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, both Basic and NTLM authentication are used, and the SSLOffloading parameter is set to $true.
 
 ### Example 2
 ```powershell
-Enable-OutlookAnywhere -DefaultAuthenticationMethod:Ntlm -ExternalHostname:mail.contoso.com -SSLOffloading:$false
+Enable-OutlookAnywhere -DefaultAuthenticationMethod Ntlm -ExternalHostname mail.contoso.com -SSLOffloading $false
 ```
 
 This example enables Outlook Anywhere on the server that has the Client Access role installed. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is specified as mail.contoso.com, and the DefaultAuthenticationMethod parameter is set to NTLM.
 
 ### Example 3
 ```powershell
-Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSlOffloading:$false -ClientAuthenticationMethod:Basic -ExternalHostname:mail.contoso.com
+Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSlOffloading $false -ClientAuthenticationMethod Basic -ExternalHostname mail.contoso.com
 ```
 
 This example enables the Exchange Client Access server for Outlook Anywhere. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is set to mail.contoso.com, the IISAuthenticationMethods parameter is set to NTLM, and the ClientAuthenticationMethod parameter is set to Basic.
@@ -158,8 +158,8 @@ Accept wildcard characters: False
 
 The SSLOffloading parameter specifies whether a network device accepts Transport Layer Security (TLS) connections and decrypts them before proxying the connections to the Outlook Anywhere virtual directory on the Exchange server. Valid values are:
 
-- $true: Outlook Anywhere clients using TLS don't maintain an TLS connection along the entire network path to the Exchange server. A network device in front of the server decrypts the TLS connections and proxies the unencrypted (HTTP) client connections to the Outlook Anywhere virtual directory. The network segment where HTTP is used should be a secured network. This value is the default.
-- $false: Outlook Anywhere clients using TLS maintain an TLS connection along the entire network path to the Exchange server. Only TLS connections are allowed to the Outlook Anywhere virtual directory.
+- $true: Outlook Anywhere clients using TLS don't maintain an TLS connection along the entire network path to the Exchange server. A network device in front of the server decrypts the TLS connections and proxies the unencrypted (HTTP) client connections to the Outlook Anywhere virtual directory. The network segment where HTTP is used should be a secured network.
+- $false: Outlook Anywhere clients using TLS maintain an TLS connection along the entire network path to the Exchange server. Only TLS connections are allowed to the Outlook Anywhere virtual directory. This value is the default.
 
 This parameter configures the "Require SSL" setting on the Outlook Anywhere virtual directory. When you set this parameter to $true, "Require SSL" is disabled. When you set this parameter to $false, "Require SSL" is enabled. However, it might take several minutes before the change is visible in IIS Manager.
 
@@ -269,13 +269,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by default. The available settings are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None Extended Protection for Authentication isn't used. Connections between the client and Exchange don't use Extended Protection for Authentication on this virtual directory. This is the default setting.
-- Allow Extended Protection for Authentication is used for connections between the client and Exchange on this virtual directory if both the client and server support Extended Protection for Authentication. Connections that don't support Extended Protection for Authentication on the client and server work, but might not be as secure as a connection using Extended Protection for Authentication.
-- Require Extended Protection for Authentication is used for all connections between clients and Exchange servers for this virtual directory. If either the client or server doesn't support Extended Protection for Authentication, the connection between the client and server will fail. If you set this option, you must also set a value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 To learn more about Extended Protection for Authentication, see [Understanding Extended Protection for Authentication](https://learn.microsoft.com/previous-versions/office/exchange-server-2010/ff459225(v=exchg.141)).
 
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-ActiveSyncVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-ActiveSyncVirtualDirectory.md
index 10e9528845..838eca9981 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-ActiveSyncVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-ActiveSyncVirtualDirectory.md
@@ -196,13 +196,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-AutodiscoverVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-AutodiscoverVirtualDirectory.md
index cfd9aa74f6..2d8784a6f3 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-AutodiscoverVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-AutodiscoverVirtualDirectory.md
@@ -228,13 +228,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-EcpVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-EcpVirtualDirectory.md
index ed04306171..a9c315a2a8 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-EcpVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-EcpVirtualDirectory.md
@@ -160,13 +160,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-FeatureConfiguration.md b/exchange/exchange-ps/ExchangePowerShell/New-FeatureConfiguration.md
index bb04d6b1e3..93467153c2 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-FeatureConfiguration.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-FeatureConfiguration.md
@@ -41,34 +41,37 @@ To use this cmdlet in Security & Compliance PowerShell, you need to be assigned
 
 ### Example 1
 ```powershell
-New-FeatureConfiguration -Name "Collection policy for supported Copilots" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText","DownloadText"],"EnforcementPlanes":["CopilotExperiences","Browser"],"SensitiveTypeIds":["All"],"IsIngestionEnabled":true}' –Locations '[{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]},{"Workload":"Applications","Location":"49baeafd-1a6b-4c58-be55-75ae6d1dff6a","LocationSource":"PurviewConfig","LocationType":"Group","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]}]'
+New-FeatureConfiguration -Name "Collection policy for supported Copilots" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText","DownloadText"],"EnforcementPlanes":["CopilotExperiences","Browser"],"SensitiveTypeIds":["All"],"IsIngestionEnabled":true}' -Locations '[{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]},{"Workload":"Applications","Location":"49baeafd-1a6b-4c58-be55-75ae6d1dff6a","LocationSource":"PurviewConfig","LocationType":"Group","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]}]'
 ```
 
-This example creates an enabled collection policy named "Collection policy for supported Copilots" that:
-- Includes UploadText & DownloadText activity for all supported classifiers
-- Captures all AI prompts
-- Includes Microsoft Copilot & Copilot Experiences locations, both scoped to all users & groups
+This example creates an enabled collection policy named "Collection policy for supported Copilots" with the following settings:
+
+- Includes UploadText and DownloadText activity for all supported classifiers.
+- Captures all AI prompts.
+- Includes Microsoft Copilot and Copilot Experiences locations, both scoped to all users and groups.
 
 ### Example 2
 ```powershell
-New-FeatureConfiguration -Name "Scoped browser collection policy for Microsoft Copilot" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText"],"EnforcementPlanes":["Browser"],"SensitiveTypeIds":["All"],"ExcludedSensitiveTypeIds":["50b8b56b-4ef8-44c2-a924-03374f5831ce","8548332d-6d71-41f8-97db-cc3b5fa544e6"],"IsIngestionEnabled":false}' –Locations '[{"Workload":"Applications","Location":"52655","LocationDisplayName":null,"LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}],"Exclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"Contoso Executives","Name":"Executives@contoso.com"}]}]'
+New-FeatureConfiguration -Name "Scoped browser collection policy for Microsoft Copilot" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText"],"EnforcementPlanes":["Browser"],"SensitiveTypeIds":["All"],"ExcludedSensitiveTypeIds":["50b8b56b-4ef8-44c2-a924-03374f5831ce","8548332d-6d71-41f8-97db-cc3b5fa544e6"],"IsIngestionEnabled":false}' -Locations '[{"Workload":"Applications","Location":"52655","LocationDisplayName":null,"LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}],"Exclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"Contoso Executives","Name":"Executives@contoso.com"}]}]'
 ```
 
-This example creates an enabled collection policy named "Scoped browser collection policy for Microsoft Copilot" that:
-- Includes UploadText activity for all supported classifiers except "All Full Names" and "All Physical Addresses"
-- Includes Microsoft Copilot location, for all users & groups except the "Contoso Executives Group"
+This example creates an enabled collection policy named "Scoped browser collection policy for Microsoft Copilot" with the following settings:
+
+- Includes UploadText activity for all supported classifiers except "All Full Names" and "All Physical Addresses."
+- Includes Microsoft Copilot location, for all users and groups except the "Contoso Executives Group."
 
 ### Example 3
 ```powershell
-New-FeatureConfiguration -Name "Scoped collection policies for browser and devices" -FeatureScenario KnowYourData -Mode Disable -ScenarioConfig '{"Activities":["UploadText","filecreated","filedeleted","filemodified"],"EnforcementPlanes":["Devices","Browser"],"SensitiveTypeIds":["a44669fe-0d48-453d-a9b1-2cc83f2cba77","cb353f78-2b72-4c3c-8827-92ebe4f69fdf"],"FileExtensions":["pdf"],"IsIngestionEnabled":false}' –Locations '[{"Workload":"EndpointDevices","Location":"","Inclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"All Company","Name":"allcompany@contoso.com"}],"Exclusions":[{"Type":"IndividualResource","Identity":"a828f25a-cede-4d0e-97e6-b0b0c913732a","DisplayName":"Alex Wilber","Name":"alex@contoso.com"}]},{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"IndividualResource","Identity":"84f9af2e-b224-4cb8-b9cd-bc531bb07a48","DisplayName":"Adele Vance","Name":"adele@contoso.com"}]}]'
+New-FeatureConfiguration -Name "Scoped collection policies for browser and devices" -FeatureScenario KnowYourData -Mode Disable -ScenarioConfig '{"Activities":["UploadText","filecreated","filedeleted","filemodified"],"EnforcementPlanes":["Devices","Browser"],"SensitiveTypeIds":["a44669fe-0d48-453d-a9b1-2cc83f2cba77","cb353f78-2b72-4c3c-8827-92ebe4f69fdf"],"FileExtensions":["pdf"],"IsIngestionEnabled":false}' -Locations '[{"Workload":"EndpointDevices","Location":"","Inclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"All Company","Name":"allcompany@contoso.com"}],"Exclusions":[{"Type":"IndividualResource","Identity":"a828f25a-cede-4d0e-97e6-b0b0c913732a","DisplayName":"Alex Wilber","Name":"alex@contoso.com"}]},{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"IndividualResource","Identity":"84f9af2e-b224-4cb8-b9cd-bc531bb07a48","DisplayName":"Adele Vance","Name":"adele@contoso.com"}]}]'
 ```
 
-This example creates a disabled collection policy named "Scoped collection policies for browser and devices" that:
-- Includes UploadText (for browser) and filecreated, filedeleted, and filemodified activities (for devices)
-- Includes "U.S. Social Security Number (SSN)" and "ABA Routing Number" classifiers only
-- Detects files on devices with "pdf" file extension only
-- Includes devices location, scoped to the "All company" group, excluding the user "Alex Wilber"
-- Includes Microsoft Copilot location, scoped only to the user "Adele Vance"
+This example creates a disabled collection policy named "Scoped collection policies for browser and devices" with the following settings:
+
+- Includes UploadText (for browser) and filecreated, filedeleted, and filemodified activities (for devices).
+- Includes "U.S. Social Security Number (SSN)" and "ABA Routing Number" classifiers only.
+- Detects files on devices with "pdf" file extension only.
+- Includes devices location, scoped to the "All company" group, excluding the user "Alex Wilber."
+- Includes Microsoft Copilot location, scoped only to the user "Adele Vance."
 
 ## PARAMETERS
 
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-MapiVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-MapiVirtualDirectory.md
index 07ece50dd8..3bd5e7ea23 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-MapiVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-MapiVirtualDirectory.md
@@ -143,13 +143,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-OabVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-OabVirtualDirectory.md
index 404dfc08d3..85ad82d280 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-OabVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-OabVirtualDirectory.md
@@ -146,13 +146,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection fails. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-OwaVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-OwaVirtualDirectory.md
index ff622e5137..69784f57fd 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-OwaVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-OwaVirtualDirectory.md
@@ -202,13 +202,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication works, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-PowerShellVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-PowerShellVirtualDirectory.md
index 97ba828d67..392e4d2b70 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-PowerShellVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-PowerShellVirtualDirectory.md
@@ -179,13 +179,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-TeamsProtectionPolicy.md b/exchange/exchange-ps/ExchangePowerShell/New-TeamsProtectionPolicy.md
index 0968adb205..e5f94f4883 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-TeamsProtectionPolicy.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-TeamsProtectionPolicy.md
@@ -68,9 +68,6 @@ Accept wildcard characters: False
 
 ### -Confirm
 
-> Applicable: Exchange Online
-
-
 > Applicable: Exchange Online
 
 The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
diff --git a/exchange/exchange-ps/ExchangePowerShell/New-WebServicesVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/New-WebServicesVirtualDirectory.md
index aa4f2ed159..cc03dcddbd 100644
--- a/exchange/exchange-ps/ExchangePowerShell/New-WebServicesVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/New-WebServicesVirtualDirectory.md
@@ -250,13 +250,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-ActiveSyncVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-ActiveSyncVirtualDirectory.md
index b5391e054f..0e8a3d7fb1 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-ActiveSyncVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-ActiveSyncVirtualDirectory.md
@@ -287,13 +287,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-AutodiscoverVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-AutodiscoverVirtualDirectory.md
index 5e418435a4..51e0f74970 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-AutodiscoverVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-AutodiscoverVirtualDirectory.md
@@ -221,13 +221,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-EcpVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-EcpVirtualDirectory.md
index 348cee1a55..d5bdd018f5 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-EcpVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-EcpVirtualDirectory.md
@@ -263,13 +263,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-MapiVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-MapiVirtualDirectory.md
index 373255b618..be2021477e 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-MapiVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-MapiVirtualDirectory.md
@@ -185,13 +185,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-OabVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-OabVirtualDirectory.md
index ff2ce2d76a..d3090a0041 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-OabVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-OabVirtualDirectory.md
@@ -188,13 +188,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-OutlookAnywhere.md b/exchange/exchange-ps/ExchangePowerShell/Set-OutlookAnywhere.md
index 8bdcf47eef..f92d1be857 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-OutlookAnywhere.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-OutlookAnywhere.md
@@ -248,13 +248,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
@@ -448,8 +448,8 @@ Accept wildcard characters: False
 
 The SSLOffloading parameter specifies whether a network device accepts Transport Layer Security (TLS) connections and decrypts them before proxying the connections to the Outlook Anywhere virtual directory on the Exchange server. Valid values are:
 
-- $true: Outlook Anywhere clients using TLS don't maintain an TLS connection along the entire network path to the Exchange server. A network device in front of the server decrypts the TLS connections and proxies the unencrypted (HTTP) client connections to the Outlook Anywhere virtual directory. The network segment where HTTP is used should be a secured network. This value is the default.
-- $false: Outlook Anywhere clients using TLS maintain an TLS connection along the entire network path to the Exchange server. Only TLS connections are allowed to the Outlook Anywhere virtual directory.
+- $true: Outlook Anywhere clients using TLS don't maintain an TLS connection along the entire network path to the Exchange server. A network device in front of the server decrypts the TLS connections and proxies the unencrypted (HTTP) client connections to the Outlook Anywhere virtual directory. The network segment where HTTP is used should be a secured network.
+- $false: Outlook Anywhere clients using TLS maintain an TLS connection along the entire network path to the Exchange server. Only TLS connections are allowed to the Outlook Anywhere virtual directory. This value is the default.
 
 This parameter configures the "Require SSL" setting on the Outlook Anywhere virtual directory. When you set this parameter to $true, "Require SSL" is disabled. When you set this parameter to $false, "Require SSL" is enabled. However, it might take several minutes before the change is visible in IIS Manager.
 
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-OwaVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-OwaVirtualDirectory.md
index f94913bd56..82722af630 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-OwaVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-OwaVirtualDirectory.md
@@ -1021,13 +1021,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-PowerShellVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-PowerShellVirtualDirectory.md
index fd72d56bb0..5dea03cc09 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-PowerShellVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-PowerShellVirtualDirectory.md
@@ -205,13 +205,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-TeamsProtectionPolicy.md b/exchange/exchange-ps/ExchangePowerShell/Set-TeamsProtectionPolicy.md
index ce6a7a824e..597b84ea11 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-TeamsProtectionPolicy.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-TeamsProtectionPolicy.md
@@ -157,9 +157,6 @@ Accept wildcard characters: False
 
 ### -WhatIf
 
-> Applicable: Exchange Online
-
-
 > Applicable: Exchange Online
 
 The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-WebServicesVirtualDirectory.md b/exchange/exchange-ps/ExchangePowerShell/Set-WebServicesVirtualDirectory.md
index 9d2991fca5..40940a40fc 100644
--- a/exchange/exchange-ps/ExchangePowerShell/Set-WebServicesVirtualDirectory.md
+++ b/exchange/exchange-ps/ExchangePowerShell/Set-WebServicesVirtualDirectory.md
@@ -245,13 +245,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None: Extended Protection for Authentication isn't be used on the virtual directory. This value is the default.
-- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication work, but might not be as secure as connections that use Extended Protection for Authentication.
-- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy TLS channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 ```yaml
 Type: ExtendedProtectionTokenCheckingMode