Merge branch 'master' into patch-11

Author: VesaJuvonen

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -14,7 +14,7 @@ ms.custom:
 ms.assetid:
 search.appverid: MET150
 ROBOTS: NOINDEX, NOFOLLOW
-description: "Learn about using the Exchange Online V2 module in scripts and other long-running tasks with Modern Authentication and app-only authentication."
+description: "Learn about using the Exchange Online V2 module in scripts and other long-running tasks with modern authentication and app-only authentication."
 ---
 
 # App-only authentication for unattended scripts in the EXO V2 module
@@ -34,7 +34,7 @@ To update from an earlier version of the of the EXO V2 module, run the following
 Update-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease
 ```
 
-Auditing and reporting scenarios in Exchange Online often involve scripts that run unattended. In most cases, these unattended scripts access Exchange Online PowerShell using Basic authentication (a username and password). Even when the connection to Exchange Online PowerShell uses Modern authentication, the credentials are stored in a local file or a secret vault that's access at run-time.
+Auditing and reporting scenarios in Exchange Online often involve scripts that run unattended. In most cases, these unattended scripts access Exchange Online PowerShell using Basic authentication (a username and password). Even when the connection to Exchange Online PowerShell uses modern authentication, the credentials are stored in a local file or a secret vault that's access at run-time.
 
 Because storing user credentials locally is not a safe practice, we're releasing this feature to support authentication for unattended scripts (automation) scenarios using AzureAD applications and self-signed certificates.
 

exchange/docs-conceptual/connect-to-exchange-online-powershell.md

@@ -21,7 +21,7 @@ Exchange Online PowerShell allows you to manage your Exchange Online settings fr
 
 > [!NOTE]
 > 
-> - We're eventually going to [disable Basic authentication in Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508), and the connection method described in this topic uses Basic authentication. We recommend that you use the [Exchange Online PowerShell V2 module](exchange-online-powershell-v2.md) to connect to Exchange Online PowerShell, because it uses Modern authentication in all scenarios.
+> - We're eventually going to [disable Basic authentication in Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508), and the connection method described in this topic uses Basic authentication. We recommend that you use the [Exchange Online PowerShell V2 module](exchange-online-powershell-v2.md) to connect to Exchange Online PowerShell, because it uses modern authentication in all scenarios.
 > 
 > - The Exchange Online PowerShell V2 module works with multi-factor authentication (MFA). For MFA connection instructions using the older Exchange Online Remote PowerShell Module, see [Connect to Exchange Online PowerShell using multi-factor authentication](mfa-connect-to-exchange-online-powershell.md).
 > 

exchange/docs-conceptual/exchange-online-powershell-v2.md

@@ -1,5 +1,5 @@
 ---
-title: Exchange Online PowerShell with Modern Authentication using V2 Module
+title: Exchange Online PowerShell with modern authentication using V2 Module
 ms.author: chrisda
 author: chrisda
 manager: dansimp
@@ -13,10 +13,10 @@ ms.collection: Strat_EX_Admin
 ms.custom:
 ms.assetid:
 search.appverid: MET150
-description: "Learn how to install and use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell with Modern Authentication."
+description: "Learn how to install and use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell with modern authentication."
 ---
 
-# Use the Exchange Online PowerShell with Modern Authentication using V2 module
+# Use the Exchange Online PowerShell with modern authentication using V2 module
 
 The Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module) enables admins to connect to their Exchange Online environment in Microsoft 365 to retrieve data, create new objects, update existing objects, remove objects as well as configure Exchange Online and its features.
 
@@ -32,7 +32,7 @@ Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath <Path to store lo
 
 The Exchange Online PowerShell V2 module contains a small set of new cmdlets that are optimized for bulk data retrieval scenarios (think: thousands and thousands of objects). Until you create a session to connect to your Exchange Online organization, you'll only see these new cmdlets in the module. After you connect to your Exchange Online organization, you'll see all of the older remote PowerShell cmdlets.
 
-The EXO V2 module use Modern authentication for all cmdlets. You can't use Basic authentication in the EXO V2 module; however, you still need to configure the Basic authentication setting in WinRM as described later in this topic.
+The EXO V2 module use modern authentication for all cmdlets. You can't use Basic authentication in the EXO V2 module; however, you still need to configure the Basic authentication setting in WinRM as described later in this topic.
 
 The new cmdlets in the EXO V2 module are meant to replace their older, less efficient equivalents. However, the original cmdlets are still available in the EXO V2 module for backwards compatibility **after** you create a session to connect to your Exchange Online organization.
 

exchange/docs-conceptual/toc.yml

@@ -26,7 +26,7 @@
   - name: Exchange Online PowerShell
     href: exchange-online-powershell.md
     items:
-    - name: Connect to Exchange Online PowerShell
+    - name: Connect to Exchange Online PowerShell - Basic auth
       href: connect-to-exchange-online-powershell.md
       items:
       - name: Connect to Exchange Online PowerShell using multi-factor authentication
@@ -42,14 +42,14 @@
         href: filter-properties.md
       - name: Filterable properties for the RecipientFilter parameter
         href: recipientfilter-properties.md
-  - name: Exchange Online PowerShell V2
+  - name: Exchange Online PowerShell V2 - modern auth
     href: exchange-online-powershell-v2.md
     items:
     - name: Property sets in V2 cmdlets
       href: cmdlet-property-sets.md
     - name: Filters in the V2 module
       href: filters-v2.md
-    - name: App-only authentication
+    - name: App-only authentication for unattended scripts
       href: app-only-auth-powershell-v2.md
   - name: Security & Compliance Center PowerShell
     href: scc-powershell.md

exchange/exchange-ps/exchange/Get-PhishFilterPolicy.md

@@ -26,7 +26,6 @@ For information about the parameter sets in the Syntax section below, see [Excha
 ```
 Get-PhishFilterPolicy [[-Identity] <HostedConnectionFilterPolicyIdParameter>]
  [-AllowedToSpoof <String>]
- [-ConfidenceLevel <ConfidenceLevel>]
  [-DecisionSetBy <DecisionSetBy>]
  [-Detailed]
  [-SpoofAllowBlockList]
@@ -114,32 +113,11 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ConfidenceLevel
-The ConfidenceLevel parameter filters the results by the specified confidence level. Valid values are:
-
--Low
--High
-
-You can only see the ConfidenceLevel value in the results when you include the Detailed switch in the command.
-
-```yaml
-Type: ConfidenceLevel
-Parameter Sets: (All)
-Aliases:
-Applicable: Exchange Online, Exchange Online Protection
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -DecisionSetBy
 The DecisionSetBy parameter filters the results by who allowed or blocked the spoofed sender. Valid values are:
 
--Admin
--SpoofProtection
+- Admin
+- SpoofProtection
 
 ```yaml
 Type: DecisionSetBy
@@ -159,8 +137,8 @@ The Detailed switch specifies whether to return detailed information in the resu
 
 Specifically, this switch returns the following additional properties:
 
-- ConfidenceLevel
-- DomainPairsCountInCategory
+- ConfidenceLevel: Level of signals indicated by spoof intelligence that these domains may be suspicious, based on historical sending patterns and the reputation score of the domains.
+- DomainPairsCountInCategory: The spoofed domains displayed are separated into two categories: suspicious domain pairs and non-suspicious domain pairs. For more information, see [this topic](https://docs.microsoft.com/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Get-RecoverableItems.md

@@ -58,7 +58,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 
 ### Example 1
 ```powershell
-Get-RecoverableItems -Identity [email protected] -Subject -SubjectContains "FY17 Accounting" -FilterItemType IPM.Note -FilterStartTime "2/1/2018 12:00:00 AM" -FilterEndTime "2/5/2018 11:59:59 PM"
+Get-RecoverableItems -Identity [email protected] -SubjectContains "FY17 Accounting" -FilterItemType IPM.Note -FilterStartTime "2/1/2018 12:00:00 AM" -FilterEndTime "2/5/2018 11:59:59 PM"
 ```
 
 This example returns all of the available recoverable deleted messages with the specified subject in the mailbox [email protected] for the specified date/time range.

exchange/exchange-ps/exchange/New-AuthenticationPolicy.md

@@ -329,7 +329,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthActiveSync
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthActiveSync switch specifies whether to allow only Modern authentication with Exchange ActiveSync in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthActiveSync switch specifies whether to allow only modern authentication with Exchange ActiveSync in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with Exchange ActiveSync:
 
@@ -339,7 +339,7 @@ This switch disables the following legacy authentication methods with Exchange A
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -357,7 +357,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthAutodiscover
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthAutodiscover switch specifies whether to allow only Modern authentication with Autodiscover in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthAutodiscover switch specifies whether to allow only modern authentication with Autodiscover in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with Autodiscover:
 
@@ -367,7 +367,7 @@ This switch disables the following legacy authentication methods with Autodiscov
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -385,7 +385,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthImap
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthImap switch specifies whether to allow only Modern authentication with IMAP in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthImap switch specifies whether to allow only modern authentication with IMAP in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with IMAP:
 
@@ -395,7 +395,7 @@ This switch disables the following legacy authentication methods with IMAP:
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -413,7 +413,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthMapi
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthMapi switch specifies whether to allow only Modern authentication with MAPI in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthMapi switch specifies whether to allow only modern authentication with MAPI in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with MAPI:
 
@@ -423,7 +423,7 @@ This switch disables the following legacy authentication methods with MAPI:
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -441,7 +441,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthOfflineAddressBook
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthOfflineAddressBook switch specifies whether to allow only Modern authentication with Offline Address Books in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthOfflineAddressBook switch specifies whether to allow only modern authentication with Offline Address Books in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with Offline Address Books:
 
@@ -451,7 +451,7 @@ This switch disables the following legacy authentication methods with Offline Ad
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -469,7 +469,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthPop
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthPop switch specifies whether to allow only Modern authentication with POP in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthPop switch specifies whether to allow only modern authentication with POP in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with POP:
 
@@ -479,7 +479,7 @@ This switch disables the following legacy authentication methods with POP:
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -497,7 +497,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthRpc
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthRpc switch specifies whether to allow only Modern authentication with RPC in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthRpc switch specifies whether to allow only modern authentication with RPC in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with RPC:
 
@@ -507,7 +507,7 @@ This switch disables the following legacy authentication methods with RPC:
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter
@@ -525,7 +525,7 @@ Accept wildcard characters: False
 ### -BlockLegacyAuthWebServices
 This parameter is available only in on-premises Exchange.
 
-The BlockLegacyAuthWebServices switch specifies whether to allow only Modern authentication with Exchange Web Services (EWS) in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
+The BlockLegacyAuthWebServices switch specifies whether to allow only modern authentication with Exchange Web Services (EWS) in Exchange 2019 CU2 or later hybrid environments. You don't need to specify a value with this switch.
 
 This switch disables the following legacy authentication methods with EWS:
 
@@ -535,7 +535,7 @@ This switch disables the following legacy authentication methods with EWS:
 
 - Windows authentication (NTLM and Kerberos)
 
-Before you disable the legacy authentication methods for this protocol, verify that hybrid Modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support Modern authentication.
+Before you disable the legacy authentication methods for this protocol, verify that hybrid modern authentication is enabled and working in your Exchange hybrid environment, and that your email clients support modern authentication.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/New-CaseHoldPolicy.md

@@ -146,15 +146,13 @@ The ExchangeLocation parameter specifies the mailboxes to include in the policy.
 
 - A distribution group or mail-enabled security group (all mailboxes that are currently members of the group).
 
-To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example:
+To specify a mailbox or distribution group, you can use the following values:
 
 - Name
 
-- Distinguished name (DN)
+- SMTP address
 
-- Email address
-
-- GUID
+- Azure AD ObjectId (You can use the [Get-AzureADUser](https://docs.microsoft.com/powershell/module/azuread/get-azureaduser?view=azureadps-2.0) cmdlet to obtain this value.)
 
 To enter multiple values, use the following syntax: \<value1\>,\<value2\>,...\<valueX\>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "\<value1\>","\<value2\>",..."\<valueX\>".