Sasriv
diff --git a/‎exchange/exchange-ps/exchange/encryption-and-certificates/Set-IRMConfiguration.md
Lines changed: 105 additions & 62 deletions b/‎exchange/exchange-ps/exchange/encryption-and-certificates/Set-IRMConfiguration.md
Lines changed: 105 additions & 62 deletions
diff --git a/‎exchange/exchange-ps/exchange/mailboxes/Set-CalendarProcessing.md
Lines changed: 1 addition & 1 deletion b/‎exchange/exchange-ps/exchange/mailboxes/Set-CalendarProcessing.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/policy-and-compliance-audit/Search-UnifiedAuditLog.md
Lines changed: 1 addition & 1 deletion b/‎exchange/exchange-ps/exchange/policy-and-compliance-audit/Search-UnifiedAuditLog.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/policy-and-compliance-dlp/New-DlpSensitiveInformationType.md
Lines changed: 1 addition & 1 deletion b/‎exchange/exchange-ps/exchange/policy-and-compliance-dlp/New-DlpSensitiveInformationType.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/policy-and-compliance-dlp/Set-DlpSensitiveInformationType.md
Lines changed: 1 addition & 1 deletion b/‎exchange/exchange-ps/exchange/policy-and-compliance-dlp/Set-DlpSensitiveInformationType.md
Lines changed: 1 addition & 1 deletion
@@ -20,14 +20,15 @@ For information about the parameter sets in the Syntax section below, see Exchan
 ## SYNTAX
 
 ```
-Set-IRMConfiguration [-AutomaticServiceUpdateEnabled <$true | $false>] [-ClientAccessServerEnabled <$true | $false>]
- [-Confirm] [-DomainController <Fqdn>] [-EDiscoverySuperUserEnabled <$true | $false>]
- [-ExternalLicensingEnabled <$true | $false>] [-Force] [-InternalLicensingEnabled <$true | $false>]
- [-JournalReportDecryptionEnabled <$true | $false>] [-LicensingLocation <MultiValuedProperty>]
- [-PublishingLocation <Uri>] [-RefreshServerCertificates] [-SearchEnabled <$true | $false>]
- [-ServiceLocation <Uri>] [-TransportDecryptionSetting <Disabled | Optional | Mandatory>] [-WhatIf]
- [-RMSOnlineKeySharingLocation <Uri>] [-AzureRMSLicensingEnabled <$true | $false>]
- [-SimplifiedClientAccessEnabled <$true | $false>] [<CommonParameters>]
+Set-IRMConfiguration [-AutomaticServiceUpdateEnabled <$true | $false>] [-AzureRMSLicensingEnabled <$true | $false>]
+ [-ClientAccessServerEnabled <$true | $false>] [-Confirm] [-DecryptAttachmentForEncryptOnly <$true | $false>]
+ [-DecryptAttachmentFromPortal <$true | $false>] [-DomainController <Fqdn>]
+ [-EDiscoverySuperUserEnabled <$true | $false>] [-ExternalLicensingEnabled <$true | $false>] [-Force]
+ [-InternalLicensingEnabled <$true | $false>] [-JournalReportDecryptionEnabled <$true | $false>]
+ [-LicensingLocation <MultiValuedProperty>] [-PublishingLocation <Uri>] [-RefreshServerCertificates]
+ [-RMSOnlineKeySharingLocation <Uri>] [-SearchEnabled <$true | $false>] [-ServiceLocation <Uri>]
+ [-SimplifiedClientAccessEnabled <$true | $false>]
+ [-TransportDecryptionSetting <Disabled | Optional | Mandatory>] [-WhatIf] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -81,6 +82,27 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AzureRMSLicensingEnabled
+This parameter is available only in the cloud-based service.
+
+The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management. Valid values are:
+
+- $true: The Exchange Online organization can connect directly to Azure Rights Management. This enables Office 365 Message Encryption.
+
+- $false: The Exchange Online organization can't connect directly to Azure Rights Management. Do not configure this value unless you're directed to do so by Microsoft Customer Service and Support.
+
+```yaml
+Type: $true | $false
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ClientAccessServerEnabled
 The ClientAccessServerEnabled parameter specifies whether to enable IRM for Outlook on the web (formerly known as Outlook Web App) and Exchange ActiveSync. Valid values are:
 
@@ -157,6 +179,48 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DecryptAttachmentForEncryptOnly
+This parameter is available only in the cloud-based service.
+
+The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using new Office 365 Message Encryption capabilities. Valid values are:
+
+- $true: The recipients will have unrestricted rights on attachments sent using Encrypt-Only policy.
+
+- $false: The recipients will not have unrestricted rights on attachments sent using Encrypt-Only policy.
+
+```yaml
+Type: $true | $false
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DecryptAttachmentFromPortal
+This parameter is available only in the cloud-based service.
+
+The DecryptAttachmentFromPortal parameter specifies whether Office attachments are protected for recipients outside of Office 365 when Encrypt-only policy is used for sending mails using new Office 365 Message Encryption capabilities. Use this option when you don't need to retain the original protection for the attachment upon download. Valid values are:
+
+- $true: The recipients will have permissions to download Encrypt-only attachments without protection.
+
+- $false: The recipients will continue to have Encrypt-only attachments protected even after download.
+
+```yaml
+Type: $true | $false
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExternalLicensingEnabled
 The ExternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to external recipients. Valid values are:
 
@@ -282,29 +346,10 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -SearchEnabled
-The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web. Valid values are:
-
-- $true: Searching IRM-encrypted messages in Outlook on the web is enabled. This is the default value.
-
-- $false: Searching IRM-encrypted messages in Outlook on the web is disabled.
-
-```yaml
-Type: $true | $false
-Parameter Sets: (All)
-Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -ServiceLocation
+### -RMSOnlineKeySharingLocation
 This parameter is available only in the cloud-based service.
 
-The ServiceLocation parameter specifies the AD RMS service URL.
+The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization.
 
 ```yaml
 Type: Uri
@@ -318,17 +363,15 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -TransportDecryptionSetting
-The TransportDecryptionSetting parameter specifies the transport decryption configuration. Valid values are:
-
-- Disabled: Transport decryption is disabled for internal and external messages.
+### -SearchEnabled
+The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web. Valid values are:
 
-- Mandatory: Messages that can't be decrypted are rejected with a non-delivery report (also known as an NDR or bounce message).
+- $true: Searching IRM-encrypted messages in Outlook on the web is enabled. This is the default value.
 
-- Optional: Messages are decrypted if possible, but are delivered even if decryption fails. This is the default value.
+- $false: Searching IRM-encrypted messages in Outlook on the web is disabled.
 
 ```yaml
-Type: Disabled | Optional | Mandatory
+Type: $true | $false
 Parameter Sets: (All)
 Aliases:
 Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
@@ -339,28 +382,34 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -WhatIf
-The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
+### -ServiceLocation
+This parameter is available only in the cloud-based service.
+
+The ServiceLocation parameter specifies the AD RMS service URL.
 
 ```yaml
-Type: SwitchParameter
+Type: Uri
 Parameter Sets: (All)
-Aliases: wi
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
+Aliases:
+Applicable: Exchange Online
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -RMSOnlineKeySharingLocation
+### -SimplifiedClientAccessEnabled
 This parameter is available only in the cloud-based service.
 
-The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization.
+The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web. Valid values are:
+
+- $true: The Protect button is enabled in Outlook on the web.
+
+- $false: The Protect button is disabled in Outlook on the web. This is the default value.
 
 ```yaml
-Type: Uri
+Type: $true | $false
 Parameter Sets: (All)
 Aliases:
 Applicable: Exchange Online
@@ -371,41 +420,35 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -AzureRMSLicensingEnabled
-This parameter is available only in the cloud-based service.
+### -TransportDecryptionSetting
+The TransportDecryptionSetting parameter specifies the transport decryption configuration. Valid values are:
 
-The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management. Valid values are:
+- Disabled: Transport decryption is disabled for internal and external messages.
 
-- $true: The Exchange Online organization can connect directly to Azure Rights Management. This enables Office 365 Message Encryption.
+- Mandatory: Messages that can't be decrypted are rejected with a non-delivery report (also known as an NDR or bounce message).
 
-- $false: The Exchange Online organization can't connect directly to Azure Rights Management. Do not configure this value unless you're directed to do so by Microsoft Customer Service and Support.
+- Optional: Messages are decrypted if possible, but are delivered even if decryption fails. This is the default value.
 
 ```yaml
-Type: $true | $false
+Type: Disabled | Optional | Mandatory
 Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Online
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -SimplifiedClientAccessEnabled
-This parameter is available only in the cloud-based service.
-
-The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web. Valid values are:
-
-- $true: The Protect button is enabled in Outlook on the web.
-
-- $false: The Protect button is disabled in Outlook on the web. This is the default value.
+### -WhatIf
+The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
 
 ```yaml
-Type: $true | $false
+Type: SwitchParameter
 Parameter Sets: (All)
-Aliases:
-Applicable: Exchange Online
+Aliases: wi
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
 Required: False
 Position: Named
 Default value: None
 
@@ -223,7 +223,7 @@ Aliases:
 Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Online
 Required: False
 Position: Named
-Default value: None
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
@@ -11,7 +11,7 @@ monikerRange: "exchonline-ps"
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the Search-UnifiedAuditLog cmdlet to search the unified audit log. This log contains events from Exchange Online, SharePoint Online, OneDrive for Business, Azure Active Directory, Microsoft Teams, Power BI, Sway, and other Office 365 services. You can search for all events in a specified date rage, or you can filter the results based on specific criteria, such as the user who performed the action, the action, or the target object.
+Use the Search-UnifiedAuditLog cmdlet to search the unified audit log. This log contains events from Exchange Online, SharePoint Online, OneDrive for Business, Azure Active Directory, Microsoft Teams, Power BI, Sway, and other Office 365 services. You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the user who performed the action, the action, or the target object.
 
 For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
 
 
@@ -32,7 +32,7 @@ You need to be assigned permissions in the Office 365 Security & Compliance Cent
 
 ### -------------------------- Example 1 --------------------------
 ```
-$Employee_Template = Get-Content "C:\My Documents\Contoso Employee Template.docx" -Encoding byte; $Employee_Fingerprint = New-DlpFingerprint -FileData $Employee_Template -Description "Contoso Employee Template"; $Customer_Template = Get-Content "D:\Data\Contoso Customer Template.docx" -Encoding byte; $Customer_Fingerprint = New-DlpFingerprint -FileData $Customer_Template -Description "Contoso Customer Template"; New-DlpSensitiveInformationType -Name "Contoso Employee-Customer Confidential" -Fingerprints $Employee_Fingerprint,$Customer_Fingerprint -Description "Message contains Contoso employee or customer information."
+$Employee_Template = Get-Content "C:\My Documents\Contoso Employee Template.docx" -Encoding byte -ReadCount 0; $Employee_Fingerprint = New-DlpFingerprint -FileData $Employee_Template -Description "Contoso Employee Template"; $Customer_Template = Get-Content "D:\Data\Contoso Customer Template.docx" -Encoding byte; $Customer_Fingerprint = New-DlpFingerprint -FileData $Customer_Template -Description "Contoso Customer Template"; New-DlpSensitiveInformationType -Name "Contoso Employee-Customer Confidential" -Fingerprints $Employee_Fingerprint[0],$Customer_Fingerprint[0] -Description "Message contains Contoso employee or customer information."
 ```
 
 This example creates a new sensitive information type rule named "Contoso Employee-Customer Confidential" that uses the document fingerprints of the files C:\\My Documents\\Contoso Employee Template.docx and D:\\Data\\Contoso Customer Template.docx.
 
@@ -46,7 +46,7 @@ This example removes the existing Spanish translation from the sensitive informa
 
 ### -------------------------- Example 3 --------------------------
 ```
-$Benefits_Template = Get-Content "C:\My Documents\Contoso Benefits Template.docx" -Encoding byte; $Benefits_Fingerprint = New-DlpFingerprint -FileData $Benefits_Template -Description "Contoso Benefits Template"; $Contoso_Confidential = Get-DlpSensitiveInformationType "Contoso Confidential"; $Array = [System.Collections.ArrayList]($Contoso_Confidential.Fingerprints); $Array.Add($Benefits_FingerPrint); Set-DlpSensitiveInformationType $Contoso_Confidential.Identity -FingerPrints $Array
+$Benefits_Template = Get-Content "C:\My Documents\Contoso Benefits Template.docx" -Encoding byte -ReadCount 0; $Benefits_Fingerprint = New-DlpFingerprint -FileData $Benefits_Template -Description "Contoso Benefits Template"; $Contoso_Confidential = Get-DlpSensitiveInformationType "Contoso Confidential"; $Array = [System.Collections.ArrayList]($Contoso_Confidential.Fingerprints); $Array.Add($Benefits_FingerPrint[0]); Set-DlpSensitiveInformationType $Contoso_Confidential.Identity -FingerPrints $Array
 ```
 
 This example modifies the existing sensitive information type rule named "Contoso Confidential" by adding a new document fingerprint for the file C:\\My Documents\\Contoso Benefits Template.docx without affecting any existing document fingerprints that are already defined.