brianvan2
diff --git a/‎exchange/exchange-ps/exchange/Add-MailboxFolderPermission.md
Lines changed: 2 additions & 2 deletions b/‎exchange/exchange-ps/exchange/Add-MailboxFolderPermission.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎exchange/exchange-ps/exchange/Add-PublicFolderClientPermission.md
Lines changed: 13 additions & 13 deletions b/‎exchange/exchange-ps/exchange/Add-PublicFolderClientPermission.md
Lines changed: 13 additions & 13 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md
Lines changed: 6 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md
Lines changed: 6 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md
Lines changed: 6 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md
Lines changed: 6 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md
Lines changed: 8 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md
Lines changed: 8 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-DlpDetailReport.md
Lines changed: 4 additions & 0 deletions b/‎exchange/exchange-ps/exchange/Get-DlpDetailReport.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-DlpDetectionsReport.md
Lines changed: 11 additions & 0 deletions b/‎exchange/exchange-ps/exchange/Get-DlpDetectionsReport.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailATPReport.md
Lines changed: 4 additions & 3 deletions b/‎exchange/exchange-ps/exchange/Get-MailDetailATPReport.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailDlpPolicyReport.md
Lines changed: 9 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailDetailDlpPolicyReport.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailMalwareReport.md
Lines changed: 9 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailDetailMalwareReport.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailSpamReport.md
Lines changed: 23 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailDetailSpamReport.md
Lines changed: 23 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailTransportRuleReport.md
Lines changed: 8 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailDetailTransportRuleReport.md
Lines changed: 8 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md
Lines changed: 22 additions & 30 deletions b/‎exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md
Lines changed: 22 additions & 30 deletions
diff --git a/‎exchange/exchange-ps/exchange/Get-MailTrafficPolicyReport.md
Lines changed: 11 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailTrafficPolicyReport.md
Lines changed: 11 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailTrafficReport.md
Lines changed: 37 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-MailTrafficReport.md
Lines changed: 37 additions & 1 deletion
@@ -115,10 +115,10 @@ The roles that are available, along with the permissions that they assign, are d
 - Contributor: CreateItems, FolderVisible
 - Editor: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
 - None: FolderVisible
-- NonEditingAuthor: CreateItems, FolderVisible, ReadItems
+- NonEditingAuthor: CreateItems, DeleteOwnedItems, FolderVisible, ReadItems
 - Owner: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems
-- PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
 - PublishingAuthor: CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
+- PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
 - Reviewer: FolderVisible, ReadItems
 
 The following roles apply specifically to calendar folders:
 
@@ -75,28 +75,28 @@ You can specify individual folder permissions or roles, which are combinations o
 
 The following individual permissions are available:
 
-- ReadItems: The user has the right to read items within the specified public folder.
 - CreateItems: The user has the right to create items within the specified public folder.
-- EditOwnedItems: The user has the right to edit the items that the user owns in the specified public folder.
+- CreateSubfolders: The user has the right to create subfolders in the specified public folder.
+- DeleteAllItems: The user has the right to delete all items in the specified public folder.
 - DeleteOwnedItems: The user has the right to delete items that the user owns in the specified public folder.
 - EditAllItems: The user has the right to edit all items in the specified public folder.
-- DeleteAllItems: The user has the right to delete all items in the specified public folder.
-- CreateSubfolders: The user has the right to create subfolders in the specified public folder.
-- FolderOwner: The user is the owner of the specified public folder. The user has the right to view and move the public folder and create subfolders. The user can't read items, edit items, delete items, or create items.
+- EditOwnedItems: The user has the right to edit the items that the user owns in the specified public folder.
 - FolderContact: The user is the contact for the specified public folder.
+- FolderOwner: The user is the owner of the specified public folder. The user has the right to view and move the public folder and create subfolders. The user can't read items, edit items, delete items, or create items.
 - FolderVisible: The user can view the specified public folder, but can't read or edit items within the specified public folder.
+- ReadItems: The user has the right to read items within the specified public folder.
 
 In addition to access rights, you can create rights based upon roles, which includes multiple access rights. This parameter accepts the following values for roles:
 
-- None: FolderVisible
-- Owner: CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
-- PublishingEditor: CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
-- Editor: CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
-- PublishingAuthor: CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
-- Author: CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
-- NonEditingAuthor: CreateItems, ReadItems, FolderVisible
-- Reviewer: ReadItems, FolderVisible
+- Author: CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
 - Contributor: CreateItems, FolderVisible
+- Editor: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
+- None: FolderVisible
+- NonEditingAuthor: CreateItems, DeleteOwnedItems, FolderVisible, ReadItems
+- Owner: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems
+- PublishingAuthor: CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
+- PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
+- Reviewer: FolderVisible, ReadItems
 
 ```yaml
 Type: MultiValuedProperty
 
@@ -117,7 +117,12 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. The event type you specify must correspond to the report. For example, you can only specify "Anti-malware engine" or "Advanced Threat Protection" events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- Advanced Threat Protection
+- Advanced Threat Protection clean
+- Anti-malware engine
+- Anti-malware engine clean
 
 You can specify multiple values separated by commas.
 
 
@@ -132,7 +132,12 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. The event type you specify must correspond to the report. For example, you can only specify "Anti-malware engine" or "Advanced Threat Protection" events for malware reports.
+The EventType parameter filters the report by the event type.  Valid values are:
+
+- Advanced Threat Protection
+- Advanced Threat Protection clean
+- Anti-malware engine
+- Anti-malware engine clean
 
 You can specify multiple values separated by commas.
 
 
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+This cmdlet will be deprecated. Use the **Get-MailTrafficATPReport** cmdlet instead.
+
 Use the Get-AdvancedThreatProtectionTrafficReport cmdlet to view the results of Safe Attachments and Safe Links actions in your cloud-based organization for the last 90 days.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
@@ -177,7 +179,12 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- AdvancedProtectionMalware
+- AtpGoodMail
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify Microsoft Defender for Office 365 (formerly known as Advanced Threat Protection or ATP) event types for Defender for Office 365 reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -171,11 +171,15 @@ Accept wildcard characters: False
 The EventType parameter filters the report by the event type. Valid values are:
 
 - DLPActionHits
+- DLPActionUndo
+- DLPMessages
 - DLPPolicyFalsePositive
 - DLPPolicyHits
 - DLPPolicyOverride
 - DLPRuleHits
 
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify DLP event types for DLP reports.
+
 You can specify multiple values separated by commas.
 
 ```yaml
 
@@ -160,12 +160,23 @@ Accept wildcard characters: False
 ### -EventType
 The EventType parameter filters the report by the event type. Valid values are:
 
+- DataRetentions
 - DLPActionHits
+- DLPActionUndo
+- DLPByIncidentIdActionHits
+- DLPByIncidentIdMessages
+- DLPByIncidentIdPolicyFalsePositive
+- DLPByIncidentIdPolicyHits
+- DLPByIncidentIdPolicyOverride
+- DLPByIncidentIdRuleHits
+- DLPMessages
 - DLPPolicyFalsePositive
 - DLPPolicyHits
 - DLPPolicyOverride
 - DLPRuleHits
 
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify DLP event types for DLP reports.
+
 You can specify multiple values separated by commas.
 
 ```yaml
 
@@ -147,16 +147,17 @@ Accept wildcard characters: False
 The EventType parameter filters the report by the event type. Valid values are:
 
 - Advanced filter
-- Anti-malware engine
+- Anti-malware Engine
 - Campaign
-- File Detonation
-- File Reputation
+- File detonation
 - File detonation reputation
+- File reputation
 - Fingerprint matching
 - General filter
 - Impersonation brand
 - Impersonation domain
 - Impersonation user
+- Mailbox intelligence impersonation
 - Message passed
 - Mixed analysis detection
 - Spoof DMARC
 
@@ -140,7 +140,15 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- DLPActionHits
+- DLPPolicyFalsePositive
+- DLPPolicyHits
+- DLPPolicyOverride
+- DLPRuleHits
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify DLP event types for DLP reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+This cmdlet will be deprecated. Use the **Get-MailDetailATPReport** cmdlet instead.
+
 Use the Get-MailDetailMalwareReport cmdlet to view the details of messages that contained malware for the last 10 days.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
@@ -123,7 +125,13 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- AdvancedProtectionMalware
+- AtpGoodMail
+- Malware
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware events types for malware reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+This cmdlet will be deprecated. Use the **Get-MailDetailATPReport** cmdlet instead.
+
 Use the Get-MailDetailSpamReport cmdlet to view the details of spam messages for the last 10 days.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
@@ -122,7 +124,27 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- BCL0 to BCL9
+- NonSpam_AdditionalSpamFilterPassed
+- NonSpam_BulkPassed
+- NonSpam_ContentScanPassed
+- NonSpam_ETRPassed
+- NonSpam_IntraOrg
+- NonSpam_IPAllowed
+- NonSpam_SafeSender
+- Spam_AdditionalSpamFiltered
+- Spam_BulkFiltered
+- Spam_ContentScanFiltered
+- Spam_ETRFiltered
+- Spam_SenderBlocked
+- SpamContentFiltered
+- SpamDBEBFilter
+- SpamEnvelopeBlock
+- SpamIPBlock
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify spam event types for spam reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -123,7 +123,14 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- EncryptionManual
+- EncryptionPolicy
+- TransportRuleActionHits
+- TransportRuleHits
+
+ To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify rule event types for rule reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -174,36 +174,28 @@ Accept wildcard characters: False
 ### -EventType
 The EventType parameter filters the report by the event type. Valid values are:
 
-- Message passed (Indicates a good message.)
-
-Email phishing EventTypes:
-
-- Advanced phish filter (Indicates a message caught by the machine learning model.)
-- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
-- Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
-- Dmarc (Indicates a message for which the sender was marked as not authenticated by DMARC.)
-- Domain impersonation\* (Indicates a message impersonating a domain protected by an anti-phish policy.)
-- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
-- Brand impersonation (Indicates a message caught by phish filters as impersonating a known brand.)
-- General phish filter (Indicates a message caught by basic phish protection.)
-- Malicious URL reputation (Indicates a message with a known malicious URL caught by phish filters.)
-- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
-
-Email malware EventTypes:
-
-- Anti-malware engine (Indicates a message caught by the anti-malware engine.)
-- ATP Safe Attachments\* (Indicates a message with a malicious attachment blocked by Defender for Office 365.)
-- ATP Safe Links\* (Indicates when a malicious link is blocked by Defender for Office 365.)
-- ZAP (Indicates a message with malware detected and auto-purged after delivery.)
-- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
-- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
-
-Content malware EventTypes:
-
-- AtpDocumentMalware\* (Indicates malicious content detected by Safe Attachments.)
-- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires Defender for Office 365 or E5.)
-
-\* Requires Defender for Office 365 (included in Microsoft 365 E5 or in an add-in subscription).
+- Advanced filter
+- Anti-malware Engine
+- Campaign
+- File detonation
+- File detonation reputation
+- File reputation
+- Fingerprint matching
+- General filter
+- Impersonation brand
+- Impersonation domain
+- Impersonation user
+- Mailbox intelligence impersonation
+- Message passed
+- Mixed analysis detection
+- Spoof DMARC
+- Spoof external domain
+- Spoof intra-org
+- URL detonation
+- URL detonation reputation
+- URL malicious reputation
+
+**Note**: Some values values correspond to features that are only available in Defender for Office 365 (plan 1 and plan 2 or plan 2 only).
 
 You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`.
 
 
@@ -178,7 +178,17 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- DLPActionHits
+- DLPPolicyFalsePositive
+- DLPPolicyHits
+- DLPPolicyOverride
+- DLPRuleHits
+- TransportRuleActionHits
+- TransportRuleHits
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify policy event types for policy reports.
 
 You can specify multiple values separated by commas.
 
 
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+This cmdlet will be deprecated. Use the **Get-MailFlowStatusReport** and **Get-MailTrafficATPReport** cmdlets instead.
+
 Use the Get-MailTrafficReport cmdlet to view details about message traffic in your organization for the last 90 days.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
@@ -220,7 +222,41 @@ Accept wildcard characters: False
 ```
 
 ### -EventType
-The EventType parameter filters the report by the event type. To view the complete list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type you specify must correspond to the report. For example, you can only specify malware filter events for malware reports.
+The EventType parameter filters the report by the event type. Valid values are:
+
+- AdvancedProtectionMalware
+- AtpGoodMail
+- BCL0 to BCL9
+- DLPMessages
+- EncryptionManual
+- EncryptionPolicy
+- Expire
+- GoodMail
+- Malware
+- NonSpam_AdditionalSpamFilterPassed
+- NonSpam_AllowList
+- NonSpam_BulkPassed
+- NonSpam_ContentScanPassed
+- NonSpam_ETRPassed
+- NonSpam_IntraOrg
+- NonSpam_IPAllowed
+- NonSpam_SafeSender
+- Receive
+- SpamContentFiltered
+- SpamDBEBFilter
+- SpamEnvelopeBlock
+- SpamIPBlock
+- Spam_AdditionalSpamFiltered
+- Spam_BlockList
+- Spam_BulkFiltered
+- Spam_ContentScanFiltered
+- Spam_ETRFiltered
+- Spam_SenderBlocked
+- SpoofMail
+- SpoofMailCompAuthResult
+- TransportRuleMessages
+
+To view the potential list of valid values for this parameter, run the command: `Get-MailFilterListReport -SelectionTarget EventTypes`. The event type must correspond to the report.
 
 You can specify multiple values separated by commas.