Merge branch 'master' into OGP-chrisda

Author: chrisda

exchange/docs-conceptual/connect-to-exchange-online-powershell.md

@@ -42,30 +42,35 @@ To use the older Exchange Online Remote PowerShell Module to connect to Exchange
 > [!TIP]
 > Having problems? Ask in the [Exchange Online](https://go.microsoft.com/fwlink/p/?linkId=267542) forum.
 
-## Connect to Exchange Online PowerShell using MFA and modern authentication
+## Connect to Exchange Online PowerShell using modern authentication with or without MFA
 
-If your account uses multi-factor authentication, use the steps in this section. Otherwise, skip to the [Connect to Exchange Online PowerShell using modern authentication](#connect-to-exchange-online-powershell-using-modern-authentication) section.
+These connection instructions use modern authentication and work with or without multi-factor authentication (MFA).
 
-**Note**: For other sign in methods that are available in PowerShell 7, see the [PowerShell 7 log in experiences](#powershell-7-log-in-experiences) section later in this topic.
+For other sign in methods that are available in PowerShell 7, see the [PowerShell 7 log in experiences](#powershell-7-log-in-experiences) section later in this topic.
 
 1. In a PowerShell window, load the EXO V2 module by running the following command:
 
    ```powershell
    Import-Module ExchangeOnlineManagement
    ```
 
-   **Note**: If you've already [installed the EXO V2 module](exchange-online-powershell-v2.md#install-and-maintain-the-exo-v2-module), the previous command will work as written.
+   **Notes**:
+
+   - If you've already [installed the EXO V2 module](exchange-online-powershell-v2.md#install-and-maintain-the-exo-v2-module), the previous command will work as written.
+   - You might be able to skip this step and run **Connect-ExchangeOnline** without loading the module first.
 
 2. The command that you need to run uses the following syntax:
 
    ```powershell
-   Connect-ExchangeOnline -UserPrincipalName <UPN> [-ExchangeEnvironmentName <Value>] [-DelegatedOrganization <String>] [-PSSessionOption $ProxyOptions]
+   Connect-ExchangeOnline -UserPrincipalName <UPN> [-ShowBanner:$false] [-ExchangeEnvironmentName <Value>] [-DelegatedOrganization <String>] [-PSSessionOption $ProxyOptions]
    ```
 
    - _\<UPN\>_ is your account in user principal name format (for example, `[email protected]`).
    - When you use the _ExchangeEnvironmentName_ parameter, you don't need use the _ConnectionUri_ or _AzureADAuthorizationEndPointUrl_ parameters. For more information, see the parameter descriptions in [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline).
    - The _DelegatedOrganization_ parameter specifies the customer organization that you want to manage as an authorized Microsoft Partner. For more information, see [Partners](/office365/servicedescriptions/office-365-platform-service-description/partners).
    - If you're behind a proxy server, run this command first: `$ProxyOptions = New-PSSessionOption -ProxyAccessType <Value>`, where \<Value\> is `IEConfig`, `WinHttpConfig`, or `AutoDetect`. Then, use the _PSSessionOption_ parameter with the value `$ProxyOptions`. For more information, see [New-PSSessionOption](/powershell/module/microsoft.powershell.core/new-pssessionoption).
+   - You can often omit the _UserPrincipalName_ parameter in the next step to enter both the username and password after you run the **Connect-ExchangeOnline** command. If it doesn't work, then you need to use the _UserPrincipalName_ parameter.
+   - If you aren't using MFA, you can often use the _Credential_ parameter instead of the _UserPrincipalName_ parameter. First, run the command `$Credential = Get-Credential`, enter your username and password, and then use the variable name for the _Credential_ parameter (`-Credential $Credential`). If it doesn't work, then you need to use the _UserPrincipalName_ parameter.
 
    **This example connects to Exchange Online PowerShell in a Microsoft 365 or Microsoft 365 GCC organization**:
 
@@ -97,84 +102,20 @@ If your account uses multi-factor authentication, use the steps in this section.
    Connect-ExchangeOnline -UserPrincipalName [email protected] -DelegatedOrganization adatum.onmicrosoft.com
    ```
 
-For detailed syntax and parameter information, see [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline).
+3. In the sign-in window that opens, enter your password, and then click **Sign in**.
 
-> [!NOTE]
-> Be sure to disconnect the remote PowerShell session when you're finished. If you close the PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command.
+   ![Enter your password in the Sign in to your account window](media/connect-exo-password-prompt.png)
 
-```powershell
-Disconnect-ExchangeOnline
-```
+4. **MFA only**: A verification code is generated and delivered based on the response option that's configured for your account (for example, a text message or the Microsoft Authenticator app on your device).
 
-## Connect to Exchange Online PowerShell using modern authentication
+   In the verification window that opens, enter the verification code, and then click **Verify**.
 
-If your account doesn't use multi-factor authentication, use the steps in this section.
-
-**Note**: For other sign in methods that are available in PowerShell 7, see the [PowerShell 7 log in experiences](#powershell-7-log-in-experiences) section later in this topic.
-
-1. In a PowerShell window, load the EXO V2 module by running the following command:
-
-   ```powershell
-   Import-Module ExchangeOnlineManagement
-   ```
-
-   **Note**: If you've already [installed the EXO V2 module](exchange-online-powershell-v2.md#install-and-maintain-the-exo-v2-module), the previous command will work as written.
-
-2. Run the following command:
-
-   > [!NOTE]
-   > You can skip this step and omit the _Credential_ parameter in the next step to be prompted to enter the username and password after you run the **Connect-ExchangeOnline** command. If you omit the _Credential_ parameter and include the _UserPrincipalName_ parameter in the next step, you're only prompted to enter the password after you run the **Connect-ExchangeOnline** command.
-
-   ```powershell
-   $UserCredential = Get-Credential
-   ```
-
-   In the credentials prompt, enter your work or school account and password.
-
-3. The last command that you need to run uses the following syntax:
-
-   ```powershell
-   Connect-ExchangeOnline [-Credential $UserCredential] [-ShowBanner:$false] [-ExchangeEnvironmentName <Value>] [-DelegatedOrganization <String>] [-PSSessionOption $ProxyOptions]
-   ```
-
-   - When you use the _ExchangeEnvironmentName_ parameter, you don't need use the _ConnectionUri_ or _AzureADAuthorizationEndPointUrl_ parameters. For more information, see the parameter descriptions in [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline).
-   - The _DelegatedOrganization_ parameter specifies the customer organization that you want to manage as an authorized Microsoft Partner. For more information, see [Partners](/office365/servicedescriptions/office-365-platform-service-description/partners).
-   - If you're behind a proxy server, store the output of the [New-PSSessionOption](/powershell/module/microsoft.powershell.core/new-pssessionoption) cmdlet in a variable (for example, `$ProxyOptions = New-PSSessionOption -ProxyAccessType <Value> [-ProxyAuthentication <Value>] [-ProxyCredential <Value>]`). Then, use the variable (`$ProxyOptions`) as the value for the _PSSessionOption_ parameter.
-
-   **Connect to Exchange Online PowerShell in a Microsoft 365 or Microsoft 365 GCC organization**:
-
-   ```powershell
-   Connect-ExchangeOnline -Credential $UserCredential
-   ```
-
-   **Connect to Exchange Online PowerShell in an Office 365 Germany organization**:
-
-   ```powershell
-   Connect-ExchangeOnline -Credential $UserCredential -ExchangeEnvironmentName O365GermanyCloud
-   ```
-
-   **Connect to Exchange Online PowerShell in an Office 365 operated by 21Vianet organization**:
-
-   ```powershell
-   Connect-ExchangeOnline -Credential $UserCredential -ExchangeEnvironmentName O365China
-   ```
-
-   **Connect to Exchange Online PowerShell in a Microsoft 365 GCC High organization**:
-
-   ```powershell
-   Connect-ExchangeOnline -Credential $UserCredential -ExchangeEnvironmentName O365USGovGCCHigh
-   ```
-
-   **Connect to Exchange Online PowerShell in a Microsoft 365 DoD organization**:
-
-   ```powershell
-   Connect-ExchangeOnline -Credential $UserCredential -ExchangeEnvironmentName O365USGovDoD
-   ```
+   ![Enter your verification code in the Sign in to your account window](media/connect-exo-mfa-verify-prompt.png)
 
 For detailed syntax and parameter information, see [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline).
 
 > [!NOTE]
-> Be sure to disconnect the remote PowerShell session when you're finished. If you close the PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command:
+> Be sure to disconnect the remote PowerShell session when you're finished. If you close the PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command.
 
 ```powershell
 Disconnect-ExchangeOnline

exchange/docs-conceptual/exchange-online-powershell-v2.md

@@ -130,18 +130,20 @@ All versions of the EXO V2 module are supported in Windows PowerShell 5.1. Power
 The EXO V2 module is supported in the following versions of Windows:
 
 - Windows 10
-- Windows 8.1<sup>3</sup>
+- Windows 8.1<sup>4</sup>
 - Windows Server 2019
 - Windows Server 2016
-- Windows Server 2012 or Windows Server 2012 R2<sup>3</sup>
+- Windows Server 2012 or Windows Server 2012 R2<sup>4</sup>
 - Windows 7 Service Pack 1 (SP1)<sup>1,</sup><sup>2,</sup><sup>3</sup>
 - Windows Server 2008 R2 SP1<sup>1,</sup><sup>2,</sup><sup>3</sup>
 
 <sup>1</sup> This version of Windows has reached its end of support, and is now supported only in Azure virtual machines.
 
-<sup>2</sup> Windows PowerShell 5.1 on this version of Windows requires the Microsoft .NET Framework 4.5 or later and the Windows Management Framework 5.1. For more information, see [Windows Management Framework 5.1](https://aka.ms/wmf5download).
+<sup>2</sup> This version of Windows doesn't support version 2.0.4 or later of the EXO V2 module. Only version 2.0.3 or earlier is supported.
 
-<sup>3</sup> PowerShell 7 on this version of Windows requires the [Windows 10 Universal C Runtime (CRT)](https://www.microsoft.com/download/details.aspx?id=50410).
+<sup>3</sup> Windows PowerShell 5.1 on this version of Windows requires the Microsoft .NET Framework 4.5 or later and the Windows Management Framework 5.1. For more information, see [Windows Management Framework 5.1](https://aka.ms/wmf5download).
+
+<sup>4</sup> PowerShell 7 on this version of Windows requires the [Windows 10 Universal C Runtime (CRT)](https://www.microsoft.com/download/details.aspx?id=50410).
 
 ### Prerequisites for the EXO V2 module
 

exchange/docs-conceptual/media/connect-exo-mfa-verify-prompt.png

@@ -133,9 +133,26 @@ Accept wildcard characters: False
 ```
 
 ### -Owner
-The Owner parameter specifies the owner of the Active Directory object. If the name of the owner contains spaces, enclose the name in quotation marks (").
+The Owner parameter specifies the owner of the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter:
 
-The Owner parameter can only be used with the Identity parameter and no other parameters.
+- Mailbox users
+- Mail users
+- Security groups
+
+You can use any value that uniquely identifies the user or group. For example:
+
+- Name
+- Alias
+- Distinguished name (DN)
+- Canonical DN
+- Domain\\Username
+- Email address
+- GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+You can't use this parameter with the AccessRights or User parameters.
 
 ```yaml
 Type: SecurityPrincipalIdParameter
@@ -151,7 +168,26 @@ Accept wildcard characters: False
 ```
 
 ### -User
-The User parameter specifies the user that the permissions are being granted to on the object. If the name contains spaces, enclose the name in quotation marks (").
+The User parameter specifies who gets the permissions on the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter:
+
+- Mailbox users
+- Mail users
+- Security groups
+
+You can use any value that uniquely identifies the user or group. For example:
+
+- Name
+- Alias
+- Distinguished name (DN)
+- Canonical DN
+- Domain\\Username
+- Email address
+- GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+You can't use this parameter with the Owner parameter.
 
 ```yaml
 Type: SecurityPrincipalIdParameter
@@ -180,7 +216,7 @@ Accept wildcard characters: False
 ```
 
 ### -AccessRights
-The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:
+The AccessRights parameter specifies the rights that you want to add for the user on the Active Directory object. Valid values include:
 
 - AccessSystemSecurity
 - CreateChild
@@ -202,6 +238,10 @@ The AccessRights parameter specifies the rights needed to perform the operation.
 - GenericAll
 - Synchronize
 
+You can specify multiple values separated by commas.
+
+You can't use this parameter with the Owner parameter.
+
 ```yaml
 Type: ActiveDirectoryRights[]
 Parameter Sets: AccessRights, Instance

exchange/docs-conceptual/media/connect-exo-password-prompt.png

@@ -139,7 +139,7 @@ Accept wildcard characters: False
 ```
 
 ### -AccessRights
-The AccessRights parameter specifies the permission that you want to assign to the user on the mailbox. Valid values are:
+The AccessRights parameter specifies the permission that you want to add for the user on the mailbox. Valid values are:
 
 - ChangeOwner
 - ChangePermission
@@ -150,6 +150,8 @@ The AccessRights parameter specifies the permission that you want to assign to t
 
 You can specify multiple values separated by commas.
 
+You can't use this parameter with the Owner parameter.
+
 ```yaml
 Type: MailboxRights[]
 Parameter Sets: AccessRights
@@ -195,14 +197,28 @@ Accept wildcard characters: False
 ```
 
 ### -Owner
-The Owner parameter specifies the owner of the mailbox object. The default mailbox owner is NT AUTHORITY\\SELF.
+The Owner parameter specifies the owner of the mailbox object. You can specify the following types of users or groups (security principals) for this parameter:
+
+- Mailbox users
+- Mail users
+- Security groups
 
-The owner that you specify for this parameter must be a user or security group (a security principal that can have permissions assigned). You can use any value that uniquely identifies the owner. For example: For example:
+You can use any value that uniquely identifies the user or group. For example:
 
 - Name
+- Alias
 - Distinguished name (DN)
 - Canonical DN
+- Domain\\Username
+- Email address
 - GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+The default mailbox owner is NT AUTHORITY\\SELF.
+
+You can't use this parameter with the AccessRights or User parameters.
 
 ```yaml
 Type: SecurityPrincipalIdParameter
@@ -218,14 +234,26 @@ Accept wildcard characters: False
 ```
 
 ### -User
-The User parameter specifies the user that you're assigning the permission to.
+The User parameter specifies who gets the permissions on the mailbox. You can specify the following types of users or groups (security principals) for this parameter:
+
+- Mailbox users
+- Mail users
+- Security groups
 
-The user that you specify for this parameter must be a user or security group (a security principal that can have permissions assigned). You can use any value that uniquely identifies the user. For example: For example:
+You can use any value that uniquely identifies the user or group. For example:
 
 - Name
+- Alias
 - Distinguished name (DN)
 - Canonical DN
+- Domain\\Username
+- Email address
 - GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+You can't use this parameter with the Owner parameter.
 
 ```yaml
 Type: SecurityPrincipalIdParameter
@@ -330,7 +358,7 @@ Accept wildcard characters: False
 ### -GroupMailbox
 This parameter is available only in the cloud-based service.
 
-The GroupMailbox switch is required to modify Group Mailboxes in Exchange Online. You don't need to specify a value with this switch.
+The GroupMailbox switch is required to add permissions to a Microsoft 365 Group mailbox. You don't need to specify a value with this switch.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Add-ADPermission.md

@@ -109,7 +109,7 @@ Accept wildcard characters: False
 ```
 
 ### -AccessRights
-The AccessRights parameter specifies the rights that are being added. Valid values include:
+The AccessRights parameter specifies the rights that you want to add for the administrator on the public folder. Valid values include:
 
 - None The administrator has no rights to modify public folder attributes.
 - ModifyPublicFolderACL The administrator has the right to modify client access permissions for the specified folder.
@@ -122,6 +122,10 @@ The AccessRights parameter specifies the rights that are being added. Valid valu
 - ViewInformationStore The administrator has the right to view public folder properties.
 - AllExtendedRights The administrator has the right to modify all public folder properties.
 
+You can specify multiple values separated by commas.
+
+You can't use this parameter with the Owner parameter.
+
 ```yaml
 Type: MultiValuedProperty
 Parameter Sets: Identity
@@ -165,7 +169,26 @@ Accept wildcard characters: False
 ```
 
 ### -Owner
-The Owner parameter specifies the NT Owner access control list (ACL) on the object. Valid values are the user principal name (UPN), domain\\user, or alias.
+The Owner parameter specifies the owner of the public folder object. You can specify the following types of users or groups (security principals) for this parameter:
+
+- Mailbox users
+- Mail users
+- Security groups
+
+You can use any value that uniquely identifies the user or group. For example:
+
+- Name
+- Alias
+- Distinguished name (DN)
+- Canonical DN
+- Domain\\Username
+- Email address
+- GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+You can't use this parameter with the AccessRights or User parameters.
 
 ```yaml
 Type: SecurityPrincipalIdParameter
@@ -181,7 +204,26 @@ Accept wildcard characters: False
 ```
 
 ### -User
-The User parameter specifies the UPN, domain\\user, or alias of the user for whom rights are being added.
+The User parameter specifies who gets the admin permissions on the public folder. You can specify the following types of users or groups:
+
+- Mailbox users
+- Mail users
+- Security groups
+
+You can use any value that uniquely identifies the user or group. For example:
+
+- Name
+- Alias
+- Distinguished name (DN)
+- Canonical DN
+- Domain\\Username
+- Email address
+- GUID
+- LegacyExchangeDN
+- SamAccountName
+- User ID or user principal name (UPN)
+
+You can't use this parameter with the Owner parameter.
 
 ```yaml
 Type: SecurityPrincipalIdParameter