tdslinden
diff --git a/‎README.md
Lines changed: 6 additions & 5 deletions b/‎README.md
Lines changed: 6 additions & 5 deletions
diff --git a/‎exchange/exchange-ps/exchange/client-access-servers/New-MapiVirtualDirectory.md
Lines changed: 121 additions & 12 deletions b/‎exchange/exchange-ps/exchange/client-access-servers/New-MapiVirtualDirectory.md
Lines changed: 121 additions & 12 deletions
diff --git a/‎exchange/exchange-ps/exchange/client-access-servers/Set-MapiVirtualDirectory.md
Lines changed: 86 additions & 3 deletions b/‎exchange/exchange-ps/exchange/client-access-servers/Set-MapiVirtualDirectory.md
Lines changed: 86 additions & 3 deletions
diff --git a/‎exchange/exchange-ps/exchange/client-access/Test-OutlookConnectivity.md
Lines changed: 3 additions & 2 deletions b/‎exchange/exchange-ps/exchange/client-access/Test-OutlookConnectivity.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎exchange/exchange-ps/exchange/devices/Set-ActiveSyncOrganizationSettings.md
Lines changed: 9 additions & 1 deletion b/‎exchange/exchange-ps/exchange/devices/Set-ActiveSyncOrganizationSettings.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/email-addresses-and-address-books/Get-EmailAddressPolicy.md
Lines changed: 6 additions & 4 deletions b/‎exchange/exchange-ps/exchange/email-addresses-and-address-books/Get-EmailAddressPolicy.md
Lines changed: 6 additions & 4 deletions
@@ -2,17 +2,18 @@
 
 # Overview
 This repository holds reference content of Office PowerShell cmdlets for help purpose. The expert knowledge around Office PowerShell is distributed among customers, MVPs, partners, product teams, support, and other community members. Consumers have various preferences when consuming knowledge such as a website, PowerShell Get-Help, Windows app, iOS app, Android app, and others. The following diagram illustrates the point.
+
 ![Contribution and Consumption model for Office PowerShell reference content](images/contrib-consumption-model.png)
 
-# Learn How To Contribute
+## Learn How To Contribute
 Anyone who is interested can contribute to the Microsoft Office PowerShell reference topics.
 Your contributions will go directly into the Microsoft Office products and show up in Get-Help for the given Office cmdlet.
 
 > Notice that if you are looking into contributing for the **PnP PowerShell cmdlets**, their documentation is automatically generated from the code, and you should be submitting your change towards the original code at https://github.com/SharePoint/PnP-powershell. See, for example, how the attributes are used in the code for the [Get-PnPList](https://github.com/SharePoint/PnP-PowerShell/blob/master/Commands/Lists/GetList.cs) cmdlet.
 
-# Quick Start
+## Quick Start
 
-## Contribute using the GitHub website
+### Contribute using the GitHub website
 
 [![Image of Quick Start video](images/edit_video_capture.jpg)](https://support.office.com/en-us/article/edit-powershell-cmdlet-in-github-dcd20227-3764-48ce-ad6e-763af8b48daf?ui=en-US&rs=en-US&ad=US)
 
@@ -42,9 +43,9 @@ Looking for more in-depth content? Check out the following:
 * [Using more advanced tools with the PowerShell GitHub repo](repo_docs/ADVANCED.md)
 * [Creating content for brand new cmdlets](repo_docs/NEW_CMDLETS.md)
 
-# Microsoft Open Source Code of Conduct
+## Microsoft Open Source Code of Conduct
 
-## Contributing
+### Contributing
 
 This project welcomes contributions and suggestions. Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
 
@@ -21,8 +21,19 @@ For information about the parameter sets in the Syntax section below, see Exchan
 ## SYNTAX
 
 ```
-New-MapiVirtualDirectory [-Confirm] [-DomainController <Fqdn>] [-ExternalUrl <Uri>] [-IISAuthenticationMethods <MultiValuedProperty>] [-InternalUrl <Uri>] [-Server <ServerIdParameter>] [-WhatIf] [-WebSiteName <String>]
- [<CommonParameters>]
+New-MapiVirtualDirectory
+ [-Confirm]
+ [-DomainController <Fqdn>]
+ [-ExtendedProtectionFlags <MultiValuedProperty>]
+ [-ExtendedProtectionSPNList <MultiValuedProperty>]
+ [-ExtendedProtectionTokenChecking <None | Allow | Require>]
+ [-ExternalUrl <Uri>]
+ [-IISAuthenticationMethods <MultiValuedProperty>]
+ [-InternalUrl <Uri>]
+ [-Role <ClientAccess | Mailbox>]
+ [-Server <ServerIdParameter>]
+ [-WebSiteName <String>]
+ [-WhatIf] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -77,6 +88,81 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ExtendedProtectionFlags
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionFlags parameter specifies custom settings for Extended Protection for Authentication on the virtual directory. Valid values are:
+
+- None: This is the default setting.
+
+- AllowDotlessSPN: Required if you want to use Service Principal Name (SPN) values that don't contain FQDNs (for example, HTTP/ContosoMail instead of HTTP/mail.contoso.com). You specify SPNs with the ExtendedProtectionSPNList parameter. This setting makes Extended Protection for Authentication less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
+
+- NoServiceNameCheck: The SPN list isn't checked to validate a channel binding token. This setting makes Extended Protection for Authentication less secure. We generally don't recommend this setting.
+
+- Proxy: A proxy server is responsible for terminating the SSL channel. To use this setting, you need to register an SPN by using the ExtendedProtectionSPNList parameter.
+
+- ProxyCoHosting: HTTP and HTTPS traffic may be accessing the virtual directory, and a proxy server is located between at least some of the clients and the Client Access services on the Exchange server.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExtendedProtectionSPNList
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the virtual directory. Valid values are:
+
+- $null: This is the default value.
+
+- Single SPN or comma delimited list of valid SPNs: The SPN value format is \<protocol\>/\<FQDN\>. For example, HTTP/mail.contoso.com. To add an SPN that's not an FQDN (for example, HTTP/ContosoMail), you also need to use the AllowDotlessSPN value for the ExtendedProtectionFlags parameter.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExtendedProtectionTokenChecking
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+
+- None: Extended Protection for Authentication isn't be used on the virtual directory. This is the default value.
+
+- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication will work, but may not be as secure as connections that use Extended Protection for Authentication.
+
+- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+
+Note:
+
+If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+
+```yaml
+Type: None | Allow | Require
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExternalUrl
 The ExternalURL parameter specifies the URL that's used to connect to the virtual directory from outside the firewall.
 
@@ -142,6 +228,29 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Role
+This parameter is available only in Exchange 2013.
+
+The Role parameter species the configuration for the virtual directory. Valid values are:
+
+- ClientAccess: Configure the virtual directory for the Client Access (frontend) services on the Mailbox server.
+
+- Mailbox: Configure the virtual directory for the backend services on the Mailbox server.
+
+Client connections are proxied from the Client Access services to the backend services on local or remote Mailbox servers. Clients don't connect directly to the backend services.
+
+```yaml
+Type: ClientAccess | Mailbox
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Server
 The Server parameter specifies the Exchange server that hosts the virtual directory. You can use any value that uniquely identifies the server. For example:
 
@@ -165,29 +274,29 @@ Accept pipeline input: True
 Accept wildcard characters: False
 ```
 
-### -WhatIf
-The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
+### -WebSiteName
+The WebSiteName parameter specifies the name of the IIS website under which the virtual directory is created. You don't need to use this parameter to create the virtual directory under the default website.
 
 ```yaml
-Type: SwitchParameter
+Type: String
 Parameter Sets: (All)
-Aliases: wi
-Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+Aliases:
+Applicable: Exchange Server 2016, Exchange Server 2019
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -WebSiteName
-The WebSiteName parameter specifies the name of the IIS website under which the virtual directory is created. You don't need to use this parameter to create the virtual directory under the default website.
+### -WhatIf
+The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
 
 ```yaml
-Type: String
+Type: SwitchParameter
 Parameter Sets: (All)
-Aliases:
-Applicable: Exchange Server 2016, Exchange Server 2019
+Aliases: wi
+Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
 Required: False
 Position: Named
 Default value: None
 
@@ -21,9 +21,17 @@ For information about the parameter sets in the Syntax section below, see Exchan
 ## SYNTAX
 
 ```
-Set-MapiVirtualDirectory [-Identity] <VirtualDirectoryIdParameter> [-ApplyDefaults <$true | $false>] [-Confirm]
- [-DomainController <Fqdn>] [-ExternalUrl <Uri>] [-IISAuthenticationMethods <MultiValuedProperty>] [-InternalUrl <Uri>] [-WhatIf]
- [<CommonParameters>]
+Set-MapiVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
+ [-ApplyDefaults <$true | $false>]
+ [-Confirm]
+ [-DomainController <Fqdn>]
+ [-ExtendedProtectionFlags <MultiValuedProperty>]
+ [-ExtendedProtectionSPNList <MultiValuedProperty>]
+ [-ExtendedProtectionTokenChecking <None | Allow | Require>]
+ [-ExternalUrl <Uri>]
+ [-IISAuthenticationMethods <MultiValuedProperty>]
+ [-InternalUrl <Uri>]
+ [-WhatIf] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -120,6 +128,81 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ExtendedProtectionFlags
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionFlags parameter specifies custom settings for Extended Protection for Authentication on the virtual directory. Valid values are:
+
+- None: This is the default setting.
+
+- AllowDotlessSPN: Required if you want to use Service Principal Name (SPN) values that don't contain FQDNs (for example, HTTP/ContosoMail instead of HTTP/mail.contoso.com). You specify SPNs with the ExtendedProtectionSPNList parameter. This setting makes Extended Protection for Authentication less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
+
+- NoServiceNameCheck: The SPN list isn't checked to validate a channel binding token. This setting makes Extended Protection for Authentication less secure. We generally don't recommend this setting.
+
+- Proxy: A proxy server is responsible for terminating the SSL channel. To use this setting, you need to register an SPN by using the ExtendedProtectionSPNList parameter.
+
+- ProxyCoHosting: HTTP and HTTPS traffic may be accessing the virtual directory, and a proxy server is located between at least some of the clients and the Client Access services on the Exchange server.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExtendedProtectionSPNList
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the virtual directory. Valid values are:
+
+- $null: This is the default value.
+
+- Single SPN or comma delimited list of valid SPNs: The SPN value format is \<protocol\>/\<FQDN\>. For example, HTTP/mail.contoso.com. To add an SPN that's not an FQDN (for example, HTTP/ContosoMail), you also need to use the AllowDotlessSPN value for the ExtendedProtectionFlags parameter.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExtendedProtectionTokenChecking
+This parameter is available only in Exchange 2013.
+
+The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:
+
+- None: Extended Protection for Authentication isn't be used on the virtual directory. This is the default value.
+
+- Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication will work, but may not be as secure as connections that use Extended Protection for Authentication.
+
+- Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.
+
+Note:
+
+If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+
+```yaml
+Type: None | Allow | Require
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Server 2013
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExternalUrl
 The ExternalURL parameter specifies the URL that's used to connect to the virtual directory from outside the firewall.
 
 
@@ -89,9 +89,10 @@ Running the Test-OutlookConnectivity cmdlet validates an Outlook connection defi
 
 The Test-OutlookConnectivity cmdlet runs the same process as the monitoring probes. The Microsoft Exchange Health Manager (MSExchangeHM) service must be running and have created the Outlook probes on the machine that will be tested. You need to select one of the Outlook probe identities to run the test. Use the Get-MonitoringItemIdentity (https://go.microsoft.com/fwlink/p/?LinkId=510841) cmdlet to see what probes are active.
 
-This example lists the probes running in the backend services on a Mailbox server.
+This example lists the probes running in the backend services on a Mailbox server: `Get-MonitoringItemIdentity -Server MailboxServer1 -Identity outlook.protocol | ?{$_.Name -like '*probe'}`.
 
-This example lists the probes running in the client access services on a Mailbox server.
+
+This example lists the probes running in the client access services on a Mailbox server: `Get-MonitoringItemIdentity -Server MailboxServer1 -Identity outlook | ?{$_.Name -like '*probe'}`.
 
 For more information on probes and the monitoring framework, see Managed Availability (https://go.microsoft.com/fwlink/p/?LinkId=510838), Managed Availability and Server Health (https://go.microsoft.com/fwlink/p/?LinkId=510839), and Customizing Managed Availability (https://go.microsoft.com/fwlink/p/?LinkId=510840)
 
 
@@ -111,7 +111,15 @@ Accept wildcard characters: False
 ```
 
 ### -DefaultAccessLevel
-The DefaultAccessLevel parameter specifies the access level for new devices. Valid values are Allow,Block or Quarantine. The default value is Allow.
+The DefaultAccessLevel parameter specifies the access level for new and existing device partnerships. Valid values are:
+
+- Allow (This is the default value)
+
+- Block
+
+- Quarantine
+
+If you change this value from Allow to Block or Quarantine, all existing connected devices are immediately affected, unless the devices are subject to device access rules or individual allow or block list entries.
 
 ```yaml
 Type: Allow | Block | Quarantine
 
@@ -21,8 +21,10 @@ For information about the parameter sets in the Syntax section below, see Exchan
 ## SYNTAX
 
 ```
-Get-EmailAddressPolicy [[-Identity] <EmailAddressPolicyIdParameter>] [-DomainController <Fqdn>]
- [-IncludeMailboxSettingOnlyPolicy] [<CommonParameters>]
+Get-EmailAddressPolicy [[-Identity] <EmailAddressPolicyIdParameter>]
+ [-DomainController <Fqdn>]
+ [-IncludeMailboxSettingOnlyPolicy]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -87,9 +89,9 @@ Accept wildcard characters: False
 ### -IncludeMailboxSettingOnlyPolicy
 This parameter is available or functional only in Exchange Server 2010.
 
-The IncludeMailboxSettingOnlyPolicy parameter retrieves Microsoft Exchange Server 2003  address policies that contain only mailbox management configuration. Microsoft Exchange Server 2010 supports both policies that contain only  address policy settings and policies that contain  address policy settings and mailbox management configuration. Exchange 2010 doesn't support policies that contain only mailbox management configuration, but Exchange 2003 policies that contain only mailbox management configuration are, by default, preserved and not upgraded. The IncludeMailboxSettingOnlyPolicy parameter is required to retrieve these policies.
+The IncludeMailboxSettingOnlyPolicy parameter retrieves Microsoft Exchange Server 2003 address policies that contain only mailbox management configuration. Microsoft Exchange Server 2010 supports both policies that contain only address policy settings and policies that contain address policy settings and mailbox management configuration. Exchange 2010 doesn't support policies that contain only mailbox management configuration, but Exchange 2003 policies that contain only mailbox management configuration are, by default, preserved and not upgraded. The IncludeMailboxSettingOnlyPolicy parameter is required to retrieve these policies.
 
-The attributes of  address policies that contain only mailbox management configuration can't be modified in Exchange 2010. These policies can only be removed.
+The attributes of address policies that contain only mailbox management configuration can't be modified in Exchange 2010. These policies can only be removed.
 
 ```yaml
 Type: SwitchParameter