brianvan2
diff --git a/‎exchange/exchange-ps/exchange/Get-ComplianceSearchAction.md
Lines changed: 17 additions & 1 deletion b/‎exchange/exchange-ps/exchange/Get-ComplianceSearchAction.md
Lines changed: 17 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Get-MailDetailATPReport.md
Lines changed: 21 additions & 31 deletions b/‎exchange/exchange-ps/exchange/Get-MailDetailATPReport.md
Lines changed: 21 additions & 31 deletions
diff --git a/‎sharepoint/sharepoint-ps/sharepoint-online/Set-SPOMigrationPackageAzureSource.md
Lines changed: 4 additions & 4 deletions b/‎sharepoint/sharepoint-ps/sharepoint-online/Set-SPOMigrationPackageAzureSource.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎skype/skype-ps/skype/Disable-CsOnlineSipDomain.md
Lines changed: 20 additions & 7 deletions b/‎skype/skype-ps/skype/Disable-CsOnlineSipDomain.md
Lines changed: 20 additions & 7 deletions
diff --git a/‎skype/skype-ps/skype/Enable-CsOnlineSipDomain.md
Lines changed: 18 additions & 4 deletions b/‎skype/skype-ps/skype/Enable-CsOnlineSipDomain.md
Lines changed: 18 additions & 4 deletions
@@ -97,6 +97,16 @@ The Identity parameter specifies the compliance search action that you want to v
 - Name: The compliance search action name uses the syntax `"Compliance Search Name\_Action"`. For example, `"Case 1234\_Preview"`.
 - JobRunId (GUID)
 
+You can't use this parameter with the Export, Preview, or Purge parameters.
+
+When you use the Identity parameter, more details are returned in the results. For example:
+
+- In the Results line, the values of the Item count, Total size, and Details properties are populated.
+- Location lines are added to the results.
+- The NumBinding property value is populated.
+- The affected location properties (for example, ExchangeLocation) are populated.
+- The CaseName property value is populated.
+
 ```yaml
 Type: ComplianceSearchActionIdParameter
 Parameter Sets: Identity
@@ -113,7 +123,7 @@ Accept wildcard characters: False
 ### -Case
 This parameter is available only in the cloud-based service.
 
-This parameter is reserved for internal Microsoft use.
+The Case parameter filters the results by the name of the specified case. If the value contains spaces, enclose the value in quotation marks.
 
 ```yaml
 Type: String
@@ -165,6 +175,8 @@ Accept wildcard characters: False
 ### -Export
 The Export switch filters the results by Export compliance search actions. You don't need to specify a value with this switch.
 
+You can't use this switch with the Identity, Preview, or Purge parameters.
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: Export
@@ -197,6 +209,8 @@ Accept wildcard characters: False
 ### -Preview
 The Preview switch filters the results by Preview compliance search actions.
 
+You can't use this switch with the Export, Identity, or Purge parameters.
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: Preview
@@ -213,6 +227,8 @@ Accept wildcard characters: False
 ### -Purge
 The Purge switch filters the results by Purge compliance search actions.
 
+You can't use this switch with the Export, Identity, or Preview parameters.
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: Purge
 
@@ -146,37 +146,27 @@ Accept wildcard characters: False
 ### -EventType
 The EventType parameter filters the report by the event type. Valid values are:
 
-Email phishing EventTypes:
-
-- Advanced phish filter (Indicates a message caught by the machine learning model.)
-- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
-- Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
-- ATP-generated URL reputation\* (Indicates a message with a known malicious URL caught Defender for Office 365.)
-- Domain impersonation\* (Indicates a message impersonating a domain protected by an anti-phish policy.)
-- Brand impersonation (Indicates a message caught by phish filters as impersonating a known brand.)
-- EOP URL Reputation (Indicates a message with a known malicious URL caught by EOP.)
-- General phish filter (Indicates a message caught by basic phish protection.)
-- Malicious URL reputation (Indicates a message with a known malicious URL caught by phish filters.)
-- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
-- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
-
-Email malware EventTypes:
-
-- Anti-malware engine\* (Indicates a message caught by the anti-malware engine.)
-- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
-- ATP-generated file reputation\* (Indicates a message with a known malicious file blocked Defender for Office 365.)
-- ATP Safe Attachments\* (Indicates a message with a malicious attachment blocked Defender for Office 365.)
-- ATP Safe Links\* (Indicates when a malicious link is blocked Defender for Office 365.)
-- File Detonation\* (Indicates a message with a malicious attachment blocked by the detonation service.)
-- Malware ZAP (Indicates a message with malware detected and auto-purged after delivery.)
-- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
-
-Content malware EventTypes:
-
-- AtpDocumentMalware\* (Indicates malicious content detected by Safe Attachments.)
-- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires Defender for Office 365 or E5.)
-
-\* Requires Defender for Office 365 (included in Microsoft 365 E5 or in an add-in subscription).
+- Advanced filter
+- Anti-malware engine
+- Campaign
+- File Detonation
+- File Reputation
+- File detonation reputation
+- Fingerprint matching
+- General filter
+- Impersonation brand
+- Impersonation domain
+- Impersonation user
+- Message passed
+- Mixed analysis detection
+- Spoof DMARC
+- Spoof external domain
+- Spoof intra-org
+- URL detonation
+- URL detonation reputation
+- URL malicious reputation
+
+**Note**: Some values values correspond to features that are only available in Defender for Office 365 (plan 1 and plan 2 or plan 2 only).
 
 You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`.
 
 
@@ -63,15 +63,15 @@ This cmdlet returns a Microsoft.Online.SharePoint.Migration. MigrationPackageAzu
 
 ## EXAMPLES
 
-### -----------------------EXAMPLE 1-----------------------------
+### EXAMPLE 1
 
 ```powershell
 $azurelocations = Set-SPOMigrationPackageAzureSource -SourcePath \\fileserver\share\folder1 -OutputPackagePath d:\MigrationPackages\Folder1_TgtPkg -FileContainerUri migration-files -PackageContainerUri migration-package -AccountName migrationstore -AccountKey "nmcXQ+1NctB7BlRVm+8+qWUn6GUFIH7E5ZQPThcjg8SfFWTJ34HthyOEoROwxHYIajpOYxYDt7qUwSEBQlLWoA=="
 ```
 
 This example creates migration package containers in Azure storage using the supplied account credentials, uploads the package files into them, snapshots the files and lastly returns the connection strings to a PowerShell variable.
 
-### -----------------------EXAMPLE 2-----------------------------
+### EXAMPLE 2
 
 ```powershell
 Set-SPOMigrationPackageAzureSource -SourcePath \\fileserver\share\folder1 -OutputPackagePath d:\MigrationPackages\Folder1_TgtPkg -MigrationPackageAzureLocations $azurelocations -AccountName migrationstore -AccountKey "nmcXQ+1NctB7BlRVm+8+qWUn6GUFIH7E5ZQPThcjg8SfFWTJ34HthyOEoROwxHYIajpOYxYDt7qUwSEBQlLWoA==" -NoUpload
@@ -147,7 +147,7 @@ Accept wildcard characters: False
 
 ### -EncryptionParameters
 
-PARAMVALUE: EncryptionParameters
+An EncryptionParameters object. See [New-SPOMigrationEncryptionParameters](https://docs.microsoft.com/powershell/module/sharepoint-online/new-spomigrationencryptionparameters) for more information.
 
 ```yaml
 Type: EncryptionParameters
@@ -196,7 +196,7 @@ Accept wildcard characters: False
 
 ### -MigrationSourceLocations
 
-PARAMVALUE: MigrationPackageLocation
+Possible Source locations to migrate.
 
 ```yaml
 Type: MigrationPackageLocation
 
@@ -13,11 +13,12 @@ ms.reviewer: rogupta
 # Disable-CsOnlineSipDomain
 
 ## SYNOPSIS
+
 This cmdlet prevents provisioning of users in Skype for Business Online for the specified domain. This cmdlet allows organizations with multiple on-premises deployments of Skype For Business Server or Lync Server to safely synchronize users from multiple forests into a single Office 365 tenant.
 
 ## SYNTAX
 
-```
+```powershell
 Disable-CsOnlineSipDomain -Domain <String> [-Force] [-Confirm] [<CommonParameters>]
 ```
 
@@ -31,24 +32,31 @@ This cmdlet enables organizations with *multiple on-premises deployments of Skyp
 This cmdlet facilitates consolidation of multiple Skype for Business Server deployments into a single Office 365 tenant. Consolidation can be achieved by moving one deployment at a time into Office 365, **provided the following key requirements are met**:
 
 - There must be at most 1 O365 tenant involved. Consolidation in scenarios with >1 O365 tenant is not supported.
+
 - At any given time, only 1 on-premises SfB forest can be in hybrid mode (Shared Sip Address Space) with Office 365. All other on-premises SfB forests must remain on-premises. (They presumably are federated with each other.) 
+
 - If 1 deployment is in hybrid mode, all sip domains from any other SfB forests must be disabled using this cmdlet before they can be synchronized into the tenant with Azure AD Connect. Users in all SfB forests other than the hybrid forest must remain on-premises.
+
 - Organizations must fully migrate each SfB forest individually into the O365 tenant using hybrid mode (Shared Sip Address Space), and then detach the "hybrid" deployment, *before* moving on to migrate the next on-premises SfB deployment. 
 
 
 This cmdlet may also be useful for organizations with on-premises deployments of Skype for Business Server that have not properly configured Azure AD Connect. If the organization does not sync msRTCSIP-DeploymentLocator for its users, then Skype for Business Online will attempt to provision online any users with an assigned Skype for Business license, despite there being users on-premises. While the correct fix is to update the configuration for Azure AD Connect to sync those attributes, using Disable-CsOnlineSipDomain can also mitigate the problem until that configuration change can be made. If this cmdlet is run, any users that were previously provisioned online in that domain will be de-provisioned in Skype for Business Online.
 
-**IMPORTANT**
-This cmdlet should not be run for domains that contain users hosted in Skype for Business Online. Any users in a sip domain that are already provisioned *online* will cease to function if you disable the online sip domain:
+> [!IMPORTANT]
+> This cmdlet should not be run for domains that contain users hosted in Skype for Business Online. Any users in a sip domain that are already provisioned *online* will cease to function if you disable the online sip domain:
+> 
+> - Their SIP addresses will be removed.
+> - All contacts and meetings for these users hosted in Skype for Business Online will be deleted.
+> - These users will no longer be able to login to the Skype for Business Online environment.
+> - If these users use Teams, they will no longer be able to inter-operate with Skype for Business users, nor will they be able to federate with any users in other organizations.
 
-- Their SIP addresses will be removed.
-- All contacts and meetings for these users hosted in Skype for Business Online will be deleted.
-- These users will no longer be able to login to the Skype for Business Online environment.
-- If these users use Teams, they will no longer be able to inter-operate with Skype for Business users, nor will they be able to federate with any users in other organizations.
+> [!NOTE]
+> If the Tenant is disabled for Regionally Hosted Meetings in Skype for Business Online, Online SIP Domains must be disabled in all regions. You must execute this cmdlet in each region that is added in Allowed Data Location.  
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
 Disable-CsOnlineSipDomain -Domain Fabrikam.com
 ```
@@ -58,6 +66,7 @@ The cmdlet above disables the online sip domain Fabrikam.com. This would be usef
 ## PARAMETERS
 
 ### -Domain
+
 The SIP domain to be disabled for online provisioning in Skype for Business Online.
 
 ```yaml
@@ -73,6 +82,7 @@ Accept wildcard characters: False
 ```
 
 ### -Confirm
+
 Prompts you for confirmation before running the cmdlet.
 
 ```yaml
@@ -88,6 +98,7 @@ Accept wildcard characters: False
 ```
 
 ### -Force
+
 Suppresses all confirmation prompts that might occur when running the command.
 
 ```yaml
@@ -104,6 +115,7 @@ Accept wildcard characters: False
 
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
 For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
@@ -116,6 +128,7 @@ For more information, see [about_CommonParameters](https://go.microsoft.com/fwli
 ### None
 
 ## NOTES
+
 This cmdlet is for advanced scenarios only. Organizations that are pure online or have only 1 on-premises deployment need not run this cmdlet.
 
 ## RELATED LINKS
 
@@ -13,30 +13,39 @@ ms.reviewer: rogupta
 # Enable-CsOnlineSipDomain
 
 ## SYNOPSIS
+
 This cmdlet enables provisioning of users in Skype for Business Online for the specified domain. This cmdlet is only necessary to run if you previously disabled a domain using Disable-CsOnlineSipDomain. Enable-CsOnlineSipDomain is used to facilitate consolidation of separate Skype for Business deployments into a single Office 365 tenant.
 
 ## SYNTAX
 
-```
+```powershell
 Enable-CsOnlineSipDomain -Domain <String> [-Force] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
+
 This cmdlet enables online provisioning of users in the specified SIP domain. In conjunction with Disable-CsOnlineSipDomain, this cmdlet allows organizations to consolidate *multiple on-premises deployments of Skype for Business Server (or Lync Server)* into a single Office 365 tenant. Consolidation can be achieved by moving one deployment at a time into Office 365, provided the following key requirements are met:
 
 - There must be at most 1 O365 tenant involved. Consolidation for scenarios with > 1 O365 tenant is not supported. 
+
 - At any given time, only 1 on-premises SfB forest can be in hybrid mode (Shared Sip Address Space) with Office 365. All other on-premises SfB forests must remain on-premises. (They presumably are federated with each other.) 
+
 - If 1 deployment is in hybrid mode, all online SIP domains from any other SfB forests must be disabled before they can be synchronized into the tenant with Azure AD Connect. Users in all SfB forests other than the hybrid forest must remain on-premises. 
+
 - Organizations must fully migrate (e.g move all users to the cloud) each SfB forest individually into the O365 tenant using hybrid mode (Shared Sip Address Space), and then detach the "hybrid" deployment, *before* moving on to migrate the next on-premises SfB deployment. 
 
 Before running this cmdlet for any SIP domain in a Skype for Business Server deployment, you must complete migration of any other existing hybrid SfB deployment that is in progress. All users in an existing hybrid deployment must be moved to the cloud, and that existing hybrid deployment must be detached from Office 365, as described in this article: [Disable hybrid to complete migration to the cloud](https://docs.microsoft.com/skypeforbusiness/hybrid/cloud-consolidation-disabling-hybrid).
 
-**IMPORTANT**
-If you have more than one on-premises deployment of Skype for Business Server, you *must* ensure SharedSipAddressSpace is disabled in all other Skype for Business Server deployments except the deployment containing the SIP domain that is being enabled. 
+> [!IMPORTANT]
+> If you have more than one on-premises deployment of Skype for Business Server, you *must* ensure SharedSipAddressSpace is disabled in all other Skype for Business Server deployments except the deployment containing the SIP domain that is being enabled. 
+
+> [!NOTE]
+> If the Tenant is enabled for Regionally Hosted Meetings in Skype for Business Online, Online SIP Domains must be Enabled in all regions. You must execute this cmdlet in each region that is added in Allowed Data Location for Skype for Business.  
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
 Enable-CsOnlineSipDomain -Domain contoso.com
 ```
@@ -46,6 +55,7 @@ Enables the domain contoso.com for online provisioning in Skype for Business Onl
 ## PARAMETERS
 
 ### -Domain
+
 The SIP domain to be enabled for online provisioning in Skype for Business Online.
 
 ```yaml
@@ -61,6 +71,7 @@ Accept wildcard characters: False
 ```
 
 ### -Confirm
+
 Prompts you for confirmation before running the cmdlet.
 
 ```yaml
@@ -76,6 +87,7 @@ Accept wildcard characters: False
 ```
 
 ### -Force
+
 Suppresses all confirmation prompts that might occur when running the command.
 
 ```yaml
@@ -91,7 +103,9 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, 
+-OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
 For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS