Merge branch 'master' into patch-3

Author: chrisda

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -50,7 +50,10 @@ The following examples show how to use the Exchange Online PowerShell V2 module
   When you use the _Certificate_ parameter, the certificate does not need to be installed on the computer where you are running the command. This parameter is applicable for scenarios where the certificate object is stored remotely and fetched at runtime during script execution.
 
 > [!TIP]
-> In the **Connect-ExchangeOnline** commands, be sure to use an `.onmicrosoft.com` domain in the  _Organization_ parameter value. Otherwise, you might encounter cryptic permission issues when you run commands in the app context.
+>
+> - In the **Connect-ExchangeOnline** commands, be sure to use an `.onmicrosoft.com` domain in the  _Organization_ parameter value. Otherwise, you might encounter cryptic permission issues when you run commands in the app context.
+>
+> - App-only authentication does not support delegation. Unattended scripting in delegation scenarios is supported with the Secure App Model. For more information, go [here](https://docs.microsoft.com/powershell/partnercenter/multi-factor-auth#exchange).
 
 ## How does it work?
 

exchange/exchange-ps/exchange/Add-UnifiedGroupLinks.md

@@ -34,9 +34,7 @@ Microsoft 365 Groups are group objects that are available across Microsoft 365 s
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
->
- [!NOTE]
-> Only members can be owners of a group, so you must first add a user as member before adding it as an owner.
+**Note**: Only members can be owners of a group, so you must first add a user as member before adding it as an owner.
 
 ## EXAMPLES
 

exchange/exchange-ps/exchange/Get-ExchangeCertificate.md

@@ -53,9 +53,9 @@ By default, this cmdlet returns the following certificate properties in the summ
 - Services: The Exchange services that the certificate is assigned to by using the Enable-ExchangeCertificate cmdlet. Values are None, Federation, IIS, IMAP, POP, SMTP, UM, and UMCallRouter. You'll see the value None in certificates that aren't used with Exchange (for example, the `WMSvc-<ServerName>` certificate that's used for the IIS Web Management Service).
 - Subject: Contains the X.500 value in the certificate's Subject Name field. The important part is the CN= value.
 
-If you append | Format-List to the command, the cmdlet returns these additional certificate properties:
+If you append ` | Format-List` to the command, the cmdlet returns these additional certificate properties:
 
-- AccessRules: The host names or FQDNs in the certificate's Subject Alternative Name field.
+- AccessRules: Typically, this value is multiple instances of the value System.Security.AccessControl.CryptoKeyAccessRule separated by commas.
 - CertificateDomains: The host names or FQDNs in the certificate's Subject Alternative Name field.
 - HasPrivateKey: Whether or not the certificate contains a private key.
 - IsSelfSigned: Whether or not the certificate is self-signed (not issued by a certification authority).
@@ -125,29 +125,54 @@ This example shows which certificate Exchange will select for the domain name ma
 
 ## PARAMETERS
 
-### -DomainController
-The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.
+### -Thumbprint
+The Thumbprint parameter specifies the thumbprint value of the certificate that you want to view.
 
-The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data.
+The Thumbprint parameter, not the Identity parameter, is the positional parameter for this cmdlet. Therefore, when you specify a thumbprint value by itself, the command uses that value for the Thumbprint parameter.
 
 ```yaml
-Type: Fqdn
-Parameter Sets: (All)
+Type: String
+Parameter Sets: Thumbprint
 Aliases:
 Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
 
 Required: False
-Position: Named
+Position: 1
+Default value: None
+Accept pipeline input: True
+Accept wildcard characters: False
+```
+
+### -Identity
+The Identity parameter specifies the certificate that you want to view. Valid values are:
+
+- `ServerNameOrFQDN\Thumbprint`
+- `Thumbprint`
+
+You can't use this parameter with the Server parameter.
+
+The Thumbprint parameter, not the Identity parameter, is the positional parameter for this cmdlet. Therefore, when you specify a thumbprint value by itself, the command uses that value for the Thumbprint parameter.
+
+```yaml
+Type: ExchangeCertificateIdParameter
+Parameter Sets: Identity
+Aliases:
+Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+
+Required: False
+Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -DomainName
-The DomainName parameter filters the results by the fully qualified domain name (FQDN) or server name values in the Subject Name or the Subject Alternative Name fields. You can specify multiple values separated by commas.
+### -DomainController
+The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.
+
+The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data.
 
 ```yaml
-Type: MultiValuedProperty
+Type: Fqdn
 Parameter Sets: (All)
 Aliases:
 Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
@@ -159,24 +184,17 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Identity
-The Identity parameter specifies the certificate that you want to view. Valid values are:
-
-- `ServerNameOrFQDN\Thumbprint`
-- `Thumbprint`
-
-You can't use this parameter with the Server parameter.
-
-The Thumbprint parameter, not the Identity parameter, is the positional parameter for this cmdlet. Therefore, when you specify a thumbprint value by itself, the command uses that value for the Thumbprint parameter.
+### -DomainName
+The DomainName parameter filters the results by the fully qualified domain name (FQDN) or server name values in the Subject Name or the Subject Alternative Name fields. You can specify multiple values separated by commas.
 
 ```yaml
-Type: ExchangeCertificateIdParameter
-Parameter Sets: Identity
+Type: MultiValuedProperty
+Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
 
 Required: False
-Position: 1
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -223,24 +241,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Thumbprint
-The Thumbprint parameter specifies the thumbprint value of the certificate that you want to view.
-
-The Thumbprint parameter, not the Identity parameter, is the positional parameter for this cmdlet. Therefore, when you specify a thumbprint value by itself, the command uses that value for the Thumbprint parameter.
-
-```yaml
-Type: String
-Parameter Sets: Thumbprint
-Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
-
-Required: False
-Position: 1
-Default value: None
-Accept pipeline input: True
-Accept wildcard characters: False
-```
-
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
 

exchange/exchange-ps/exchange/Get-M365DataAtRestEncryptionPolicy.md

@@ -33,7 +33,7 @@ Get-M365DataAtRestEncryptionPolicy [[-Identity] <DataEncryptionPolicyIdParameter
 ## DESCRIPTION
 M365 data-at-rest encryption policy cmdlets are accessible to compliance administrator role as part of the Exchange Online infrastructure. For more information, see [Overview of M365 Customer Key at the tenant level](https://docs.microsoft.com/microsoft-365/compliance/customer-key-tenant-level#get-policy-details).
 
-You can create and assign a data-at-rest encryption policy at the tenant level by using the appropriate M365DataAtRestEncryptionPolicy cmdlets in Exchange Online PowerShell.
+You can create and assign a Microsoft 365 data-at-rest encryption policy at the tenant level by using the appropriate M365DataAtRestEncryptionPolicy cmdlets in Exchange Online PowerShell.
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
@@ -44,7 +44,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 Get-M365DataAtRestEncryptionPolicy
 ```
 
-This example returns a summary list of all data-at-rest encryption policies.
+This example returns a summary list of all Microsoft 365 data-at-rest encryption policies.
 
 ### Example 2
 ```powershell
@@ -56,7 +56,7 @@ This example returns detailed information about the policy named Contoso Corpora
 ## PARAMETERS
 
 ### -Identity
-The Identity parameter specifies the data-at-rest encryption policy that you want to view. You can use any value that uniquely identifies the policy. For example:
+The Identity parameter specifies the Microsoft 365 data-at-rest encryption policy that you want to view. You can use any value that uniquely identifies the policy. For example:
 
 - Name
 - Distinguished name (DN)

exchange/exchange-ps/exchange/Get-M365DataAtRestEncryptionPolicyAssignment.md

@@ -27,7 +27,7 @@ Get-M365DataAtRestEncryptionPolicyAssignment [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-This cmdlet lists the policy that's currently assigned to the tenant.
+This cmdlet lists the Microsoft 365 data-at-rest encryption policy that's currently assigned to the tenant.
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
@@ -38,14 +38,14 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 Get-M365DataAtRestEncryptionPolicyAssignment
 ```
 
-This example returns a summary list of all data-at-rest encryption policy assignments.
+This example returns a summary list of all Microsoft 365 data-at-rest encryption policy assignments.
 
 ### Example 2
 ```powershell
 Get-M365DataAtRestEncryptionPolicyAssignment | Format-List
 ```
 
-This example returns detailed information for all data-at-rest encryption policy assignments.
+This example returns detailed information for all Microsoft 365 data-at-rest encryption policy assignments.
 
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).

exchange/exchange-ps/exchange/Get-RecoverableItems.md

@@ -246,30 +246,16 @@ The SourceFolder parameter specifies where to search for deleted items in the ma
 
 - DeletedItems: The Deleted Items folder.
 - RecoverableItems: The Recoverable Items\Deletions folder. This folder contains items that have been deleted from the Deleted Items folder (soft-deleted items).
-- PurgedItems: (Cloud only) The Recoverable Items\Purges folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items).
+- PurgedItems: The Recoverable Items\Purges folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items).
 
 If you don't use this parameter, the command will search all of these folders.
 
 ```yaml
 Type: RecoverableItemsFolderType
-Parameter Sets: OnPremises
-Aliases:
-Accepted values: DeletedItems | RecoverableItems
-Applicable: Exchange Server 2016, Exchange Server 2019
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-```yaml
-Type: RecoverableItemsFolderType
-Parameter Sets: Cloud
+Parameter Sets: (All)
 Aliases:
 Accepted values: DeletedItems | RecoverableItems | PurgedItems
-Applicable: Exchange Online
+Applicable: Exchange Server 2016, Exchange Server 2019, Exchange Online
 
 Required: False
 Position: Named

exchange/exchange-ps/exchange/New-Label.md

@@ -140,7 +140,7 @@ Accept wildcard characters: False
 ```
 
 ### -AdvancedSettings
-The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting. For more information, see [How to configure advanced settings for the client by using Security & Compliance Center PowerShell](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations#how-to-configure-advanced-settings-for-the-client-by-using-office-365-security--compliance-center-powershell).
+The AdvancedSettings parameter enables client-specific features and capabilities for a sensitivity label. The settings that you configure with this parameter are supported only by the Azure Information Protection unified labeling client and not by Office apps that support built-in labeling. For more information how to configure these advanced settings, see [Custom configurations for the Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations).
 
 ```yaml
 Type: PswsHashtable

exchange/exchange-ps/exchange/New-LabelPolicy.md

@@ -85,7 +85,7 @@ Accept wildcard characters: False
 ```
 
 ### -AdvancedSettings
-The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label policy. The settings that you configure with this parameter only affect apps that are designed for the setting. For more information, see [How to configure advanced settings for the client by using Security & Compliance Center PowerShell](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations#how-to-configure-advanced-settings-for-the-client-by-using-office-365-security--compliance-center-powershell).
+The AdvancedSettings parameter enables client-specific features and capabilities for the sensitivity label policy. The settings that you configure with this parameter are supported only by the Azure Information Protection unified labeling client and not by Office apps that support built-in labeling. For more information how to configure these advanced settings, see [Custom configurations for the Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations).
 
 ```yaml
 Type: PswsHashtable

exchange/exchange-ps/exchange/New-M365DataAtRestEncryptionPolicy.md

@@ -33,21 +33,23 @@ New-M365DataAtRestEncryptionPolicy [-Name] <String> -AzureKeyIDs <MultiValuedPro
 ```
 
 ## DESCRIPTION
+Use the New-M365DataAtRestEncryptionPolicy cmdlet to create a new Microsoft 365 data-at-rest encryption policy. For more information, see [Overview of M365 Customer Key  at the tenant level](https://docs.microsoft.com/microsoft-365/compliance/customer-key-tenant-level#get-policy-details).
+
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-New-M365DataAtRestEncryptionPolicy -Name "US Mailboxes" -AzureKeyIDs "https://contoso.vault.azure.net/keys/key1/",https://contoso.vault.azure.net/keys/key2/" -Description "Root key for mailboxes located in US territories"
+New-M365DataAtRestEncryptionPolicy -Name "Default_Policy" -AzureKeyIDs "https://contosoWestUSvault01.vault.azure.net/keys/Key_01","https://contosoEastUSvault01.vault.azure.net/keys/Key_02" -Description "Tenant default policy"
 ```
 
-This example creates a data-at-rest encryption policy named US Mailboxes with the specified Azure Key Vault keys and description.
+This example creates a Microsoft 365 data-at-rest encryption policy named Default_Policy with the specified Azure Key Vault keys and description.
 
 ## PARAMETERS
 
 ### -Name
-The Name parameter specifies a unique name for the data-at-rest encryption policy. If the value contains spaces, enclose the value in quotation marks (").
+The Name parameter specifies a unique name for the Microsoft 365 data-at-rest encryption policy. If the value contains spaces, enclose the value in quotation marks (").
 
 ```yaml
 Type: String

exchange/exchange-ps/exchange/Restore-RecoverableItems.md

@@ -308,16 +308,16 @@ The SourceFolder parameter specifies where to search for deleted items in the ma
 
 - DeletedItems: The Deleted Items folder.
 - RecoverableItems: The Recoverable Items\Deletions folder. This folder contains items that have been deleted from the Deleted Items folder (soft-deleted items).
-- PurgedItems: (Cloud only) The Recoverable Items\Purges folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items).
+- PurgedItems: The Recoverable Items\Purges folder. This folder contains items that have been purged from the Recoverable Items folder (hard-deleted items).
 
 If you don't use this parameter, the command will search all of these folders.
 
 ```yaml
 Type: RecoverableItemsFolderType
-Parameter Sets: OnPremises
+Parameter Sets: (All)
 Aliases:
-Accepted values: DeletedItems | RecoverableItems
-Applicable: Exchange Server 2016, Exchange Server 2019
+Accepted values: DeletedItems | RecoverableItems | PurgedItems
+Applicable: Exchange Server 2016, Exchange Server 2019, Exchange Online
 
 Required: False
 Position: Named