Merge branch 'master' into patch-302

Author: Kateyanne

exchange/docs-conceptual/find-exchange-cmdlet-permissions.md

@@ -20,31 +20,31 @@ You can use PowerShell to find the permissions required to run any Exchange or E
 
 - Estimated time to complete this procedure: less than 5 minutes.
 
-- You can only use PowerShell to perform this procedure.
+- You can only use PowerShell to perform these procedures.
 
-- Basically, you need to be an administrator to complete this procedure. Specifically, you need access to the **Get-ManagementRole** and **Get-ManagementRoleAssignment** cmdlets. By default, access to these cmdlets is granted by the **View-Only Configuration** or **Role Management** roles, which are typically assigned to the **View-Only Organization Management** and **Organization Management** role groups.
+- Basically, you need to be an administrator to complete this procedure. Specifically, you need access to the **Get-ManagementRole** and **Get-ManagementRoleAssignment** cmdlets. By default, access to these cmdlets is granted by the **View-Only Configuration** or **Role Management** roles, which are only assigned to the **View-Only Organization Management** and **Organization Management** role groups by default.
 
-- The procedures in this topic don't work in Security & Compliance Center PowerShell. For more information about permissions in the Security & Compliance Center, see [Permissions in the Security & Compliance Center](https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
-
-- The procedures in this topic don't work in standalone Exchange Online Protection (EOP) PowerShell (Microsoft 365 organizations without Exchange Online mailboxes). For more information about permissions in standalone EOP, see [Feature permissions in EOP](https://docs.microsoft.com/microsoft-365/security/office-365-security/feature-permissions-in-eop).
+- The procedures in this article don't work in Security & Compliance Center PowerShell or standalone Exchange Online Protection (EOP) PowerShell (Microsoft 365 organizations without Exchange Online mailboxes). For more information about permissions in these environments, see the following articles:
+  - [Permissions in the Security & Compliance Center](https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
+  - [Permissions in standalone EOP](https://docs.microsoft.com/microsoft-365/security/office-365-security/feature-permissions-in-eop).
 
 > [!TIP]
 > Having problems? Ask for help in the Exchange forums. Visit the forums at: [Exchange Server](https://go.microsoft.com/fwlink/p/?linkId=60612) or [Exchange Online](https://go.microsoft.com/fwlink/p/?linkId=267542).
 
 ## Use PowerShell to find the permissions required to run a cmdlet
 
-1. Open the PowerShell environment where you want to run the cmdlet.
-
+1. If you haven't already, open the Exchange PowerShell environment that you're interested in:
    - **Exchange Online**: [Connect to Exchange Online PowerShell](connect-to-exchange-online-powershell.md).
-
    - **Exchange Server**: [Open the Exchange Management Shell](open-the-exchange-management-shell.md) or [Connect to Exchange servers using remote PowerShell](connect-to-exchange-servers-using-remote-powershell.md).
 
-2. Run the following command to identify the cmdlet and, optionally, one or more parameters on the cmdlet. Be sure to replace `<Cmdlet>` and optionally, `<Parameter1>,<Parameter2>,...` with the actual cmdlet and parameter names you are interested in. If you specify multiple parameters separated by commas, only the roles that include **all** of the parameters are returned.
+2. Replace `<Cmdlet>` and optionally, `<Parameter1>,<Parameter2>,...` with the values that you want to use, and run the following command:
 
    ```powershell
    $Perms = Get-ManagementRole -Cmdlet <Cmdlet> [-CmdletParameters <Parameter1>,<Parameter2>,...]
    ```
 
+   **Note**: If you specify multiple parameters, only roles that include the cmdlet with **all** of the parameters are returned.
+
 3. Run the following command:
 
    ```powershell
@@ -57,78 +57,95 @@ The results contain the following information:
 
 - **Role**: Indicates the role that gives access to the cmdlet or the combination of cmdlet and parameters. Note that role names that begin with "My" are user roles that allow regular users to operate on objects they own (for example, their own mailbox or their distribution groups).
 
-- **RoleAssigneeType** and **RoleAssigneeName**: These values are inter-related. **RoleAssigneeType** is the type of object that has the role assigned to it, and **RoleAssigneeName** is the name of the object. **RoleAssigneeType** can be a role group, role assignment policy, security group, or user. Typically, administrator roles are assigned to role groups.
+- **RoleAssigneeType** and **RoleAssigneeName**: These values are inter-related:
+  - **RoleAssigneeType** is the type of object that has the role assigned to it. For administrator roles, this value is typically a role group, but it can also be a role assignment policy, a security group, or a user.
+  - **RoleAssigneeName** is the name of the role group, role assignment policy, security group, or user.
 
 ## Troubleshooting
 
 What if there are no results?
 
 - Verify that you entered the cmdlet and parameter names correctly.
 
-- You might have entered too many parameters, and all of the parameters on the cmdlet aren't defined in a single role. Try specifying only the cmdlet name in Step 2, and run Step 3 to verify that the cmdlet is available in your environment. Then, add parameters one at a time to Step 2 before running Step 3.
+- The parameters that you specified are actually available for a cmdlet in a single role. Try specifying only the cmdlet name in the first command before you run the second command. Then, add the parameters one at a time to the first command before you run the second command.
 
-- These possible causes have the same solution:
+Otherwise, no results are likely caused by one of the following conditions:
 
-  - You might have entered a cmdlet or parameters that are defined in a role that isn't assigned to anyone by default.
+- The cmdlet or parameters are defined in a role that isn't assigned to any role groups by default.
+- The cmdlet or parameters aren't available in your environment. For example, you specified an Exchange Online cmdlet or Exchange Online parameters in an on-premises Exchange environment.
 
-  - You might have entered a cmdlet or parameter that isn't available in your environment. For example, when you enter an Exchange Online cmdlet or parameters in an on-premises Exchange 2016 environment.
+To find the roles in your environment (if any) that contain the cmdlet or parameters, replace `<Cmdlet>` and optionally, `<Parameter1>,<Parameter2>,...` with the values that you want to use and run the following command:
 
-  Run the following command to find the role that contains the cmdlet or parameters. Be sure to replace `<Cmdlet>` and optionally, `<Parameter1>,<Parameter2>,...` with the actual cmdlet and parameter names you are interested in. Note that you can use wildcard characters (*) in the cmdlet and parameter names (for example, `*-Mailbox*`).
+```powershell
+Get-ManagementRoleEntry -Identity *\<Cmdlet>  [-Parameters <Parameter1>,<Parameter2>,...]
+```
 
-  ```powershell
-  Get-ManagementRoleEntry -Identity *\<Cmdlet>  [-Parameters <Parameter1>,<Parameter2>,... ]
-  ```
+**Note**: You can use wildcard characters (*) in the cmdlet and parameter names (for example, `*-Mailbox*`).
 
-  - If the command returns an error saying the object couldn't be found, the cmdlet or parameters aren't available in your environment.
+If the command returns an error saying the object couldn't be found, the cmdlet or parameters aren't available in your environment.
 
-  - If the command returns one or more entries for **Name**, **Role**, and **Parameters**, the cmdlet (or parameters on the cmdlet) is available in your environment, but the required role isn't assigned to anyone. To see all roles that aren't assigned to anyone, run the following command:
+If the command returns results, the cmdlet or parameters are available in your environment, but the required role isn't assigned to any role groups. To find roles that aren't assigned to any role groups, run the following command:
 
-    ```powershell
-    $na = Get-ManagementRole ; $na | foreach {If ((Get-ManagementRoleAssignment -Role $_.Name -Delegating $false) -eq $null) {$_.Name}}
-    ```
+```powershell
+$na = Get-ManagementRole; $na | foreach {If ((Get-ManagementRoleAssignment -Role $_.Name -Delegating $false) -eq $null) {$_.Name}}
+```
 
 ## Related procedures
 
-- Management role scopes define where cmdlets can operate (in particular, write scopes).
+### Include management role scopes
+
+Management role scopes (in particular, write scopes) define where cmdlets can operate. For example, the entire organization or only on specific user objects.
+
+To include scope information in the [Use PowerShell to find the permissions required to run a cmdlet](#use-powershell-to-find-the-permissions-required-to-run-a-cmdlet) output, add `*Scope*` to the second command:
+
+```powershell
+$Perms | foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-List Role,RoleAssigneeType,RoleAssigneeName,*Scope*}
+```
+
+For detailed information about management role scopes, see [Understanding management role scopes](https://docs.microsoft.com/exchange/understanding-management-role-scopes-exchange-2013-help).
+
+### Find all roles assigned to a specific user
+
+To see all roles that are assigned to a specific user, replace `<UserIdentity>` with the name, alias, or email address of the user and run the following command:
+
+```powershell
+Get-ManagementRoleAssignment -RoleAssignee <UserIdentity> -Delegating $false | Format-Table -Auto Role,RoleAssigneeName,RoleAssigneeType
+```
 
-  To include scope information in Step 2, substitute the following command:
+For example:
 
-  ```powershell
-  $Perms | foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-List Role,RoleAssigneeType,RoleAssigneeName,*Scope*}
-  ```
+```powershell
+Get-ManagementRoleAssignment -RoleAssignee [email protected] -Delegating $false | Format-Table -Auto Role,RoleAssigneeName,RoleAssigneeType
+```
 
-- To see all roles assigned to a specific user, run the following command:
+**Note**: The _RoleAssignee_ parameter returns both direct role assignments to users (uncommon) and indirect role assignments granted to the user through their membership in role groups.
 
-  ```powershell
-  Get-ManagementRoleAssignment -RoleAssignee <UserIdentity> -Delegating $false | Format-Table -Auto Role,RoleAssigneeName,RoleAssigneeType
-  ```
+### Find all users who have a specific role assigned
 
-  For example:
+To see all users who have a specific role assigned to them, replace `<Role name>` with the name of the role and run the following command:
 
-  ```powershell
-  Get-ManagementRoleAssignment -RoleAssignee [email protected] -Delegating $false | Format-Table -Auto Role,RoleAssigneeName,RoleAssigneeType
-  ```
+```powershell
+Get-ManagementRoleAssignment -Role "<Role name>" -GetEffectiveUsers -Delegating $false | Where-Object {$_.EffectiveUserName -ne "All Group Members"} | Format-Table -Auto EffectiveUserName,Role,RoleAssigneeName,AssignmentMethod
+```
 
-- To see all users who are assigned a specific role, run the following command:
+For example:
 
-  ```powershell
-  Get-ManagementRoleAssignment -Role "<Role name>" -GetEffectiveUsers -Delegating $false | Where-Object {$_.EffectiveUserName -ne "All Group Members"} | Format-Table -Auto EffectiveUserName,Role,RoleAssigneeName,AssignmentMethod
-  ```
+```powershell
+Get-ManagementRoleAssignment -Role "Mailbox Import Export"  -GetEffectiveUsers -Delegating $false | Where-Object {$_.EffectiveUserName -ne "All Group Members"} | Format-Table -Auto EffectiveUserName,Role,RoleAssigneeName,AssignmentMethod
+```
 
-  For example:
+### Find the members of a role group
 
-  ```powershell
-  Get-ManagementRoleAssignment -Role "Mailbox Import Export"  -GetEffectiveUsers -Delegating $false | Where-Object {$_.EffectiveUserName -ne "All Group Members"} | Format-Table -Auto EffectiveUserName,Role,RoleAssigneeName,AssignmentMethod
-  ```
+To see the members of a specific role group, replace `<Role group name>` with the name of the role group and run the following command:
 
-- To see the members of a specific role group, run the following command:
+```powershell
+Get-RoleGroupMember "<Role group name>"
+```
 
-  ```powershell
-  Get-RoleGroupMember "<Role group name>"
-  ```
+For example:
 
-  For example:
+```powershell
+Get-RoleGroupMember "Organization Management"
+```
 
-  ```powershell
-  Get-RoleGroupMember "Organization Management"
-  ```
+**Note**: To see the names of all available role groups, run `Get-RoleGroup`.

exchange/exchange-ps/exchange/New-MailboxImportRequest.md

@@ -482,12 +482,12 @@ Accept wildcard characters: False
 ### -ConflictResolutionOption
 The ConflictResolutionOption parameter specifies what to do if there are multiple matching messages in the target. Valid values are:
 
-- ForceCopy
+- ForceCopy (Exchange 2016 or later)
 - KeepAll
 - KeepLatestItem
-- KeepSourceItem (This is the default value.)
-- KeepTargetItem
-- UpdateFromSource
+- KeepSourceItem (This is the default value)
+- KeepTargetItem (Exchage 2016 or later)
+- UpdateFromSource (Exchange 2016 or later)
 
 ```yaml
 Type: ConflictResolutionOption

exchange/exchange-ps/exchange/New-SafeLinksPolicy.md

@@ -134,7 +134,7 @@ Accept wildcard characters: False
 ### -DeliverMessageAfterScan
 The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are:
 
-- $true: Wait until Safe Links scanning is complete before delivering the message.
+- $true: Wait until Safe Links scanning is complete before delivering the message. Messages that contain malicious links are not delivered.
 - $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.
 
 ```yaml

exchange/exchange-ps/exchange/Set-CASMailbox.md

@@ -834,7 +834,7 @@ This parameter is available only in on-premises Exchange.
 
 The MAPIBlockOutlookVersions parameter blocks access to the mailbox for specific versions of Outlook.
 
-For example, if you specify the value 15.0.4569.1503, only Outlook 2013 Service Pack 1 (SP1) or later clients are allowed to access the mailbox. Earlier versions of Outlook are blocked.
+For example, if you specify the value 15.0.4569, only Outlook 2013 Service Pack 1 (SP1) or later clients are allowed to access the mailbox. Earlier versions of Outlook are blocked.
 
 The default value is blank. To reset this parameter, use the value $null.
 

exchange/exchange-ps/exchange/Set-SafeLinksPolicy.md

@@ -134,7 +134,7 @@ Accept wildcard characters: False
 ### -DeliverMessageAfterScan
 The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are:
 
-- $true: Wait until Safe Links scanning is complete before delivering the message.
+- $true: Wait until Safe Links scanning is complete before delivering the message. Messages that contain malicious links are not delivered.
 - $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.
 
 ```yaml

sharepoint/sharepoint-ps/sharepoint-online/Get-SPOCrossGeoUsers.md

@@ -56,7 +56,10 @@ Returns a single user from SharePoint Online in a multi-geo tenant and validates
 
 ### -ValidDataLocation
 
-PARAMVALUE: $true | $false
+Use this parameter to validate the location of the data. The acceptable values for this parameter are:
+
+- $False
+- $True
 
 ```yaml
 Type: Boolean

sharepoint/sharepoint-ps/sharepoint-online/Set-SPOSite.md

@@ -667,17 +667,14 @@ Accept wildcard characters: False
 
 ### -SharingDomainRestrictionMode
 
-Specifies the external sharing mode for domains.
+Specifies the sharing mode for external domains.
 
-The following values are:
+Possible values are:
+- None - Do not restrict sharing by domain
+- AllowList - Sharing is allowed only with external users that have account on domains specified within -SharingAllowedDomainList
+- BlockList - Sharing is allowed with external users in all domains except in domains specified within -SharingBlockedDomainList
 
-None
-
-AllowList
-
-BlockList
-
-For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business.
+For additional information about how to restrict a domain sharing, see [Restrict sharing of SharePoint and OneDrive content by domain](https://docs.microsoft.com/sharepoint/restricted-domains-sharing).
 
 ```yaml
 Type: SharingDomainRestrictionModes
@@ -729,10 +726,10 @@ The default link type for the site collection
 
 PARAMVALUE: None | AnonymousAccess | Internal | Direct
 
-None - Respect the organization default sharing link type
-AnonymousAccess - Sets the default sharing link for this site to an Anonymous Access or Anyone link
-Internal - Sets the default sharing link for this site to the "organization" link or company shareable link
-Direct - Sets the default sharing link for this site to the "Specific people" link
+- None - Respect the organization default sharing link type
+- AnonymousAccess - Sets the default sharing link for this site to an Anonymous Access or Anyone link
+- Internal - Sets the default sharing link for this site to the "organization" link or company shareable link
+- Direct - Sets the default sharing link for this site to the "Specific people" link
 
 ```yaml
 Type: SharingLinkType
@@ -772,9 +769,9 @@ The default link permission for the site collection
 
 PARAMVALUE: None | View | Edit
 
-None - Respect the organization default link permission
-View - Sets the default link permission for the site to "view" permissions
-Edit - Sets the default link permission for the site to "edit" permissions
+- None - Respect the organization default link permission
+- View - Sets the default link permission for the site to "view" permissions
+- Edit - Sets the default link permission for the site to "edit" permissions
 
 ```yaml
 Type: SharingPermissionType
@@ -794,9 +791,9 @@ Choose whether to override the anonymous or anyone link expiration policy on thi
 
 PARAMVALUE: None | False | True
 
-None - Respect the organization-level policy for anonymous or anyone link expiration
-False - Respect the organization-level policy for anonymous or anyone link expiration
-True - Override the organization-level policy for anonymous or anyone link expiration (can be more or less restrictive)
+- None - Respect the organization-level policy for anonymous or anyone link expiration
+- False - Respect the organization-level policy for anonymous or anyone link expiration
+- True - Override the organization-level policy for anonymous or anyone link expiration (can be more or less restrictive)
 
 ```yaml
 Type: Boolean