MicrosoftDocs
diff --git a/‎.openpublishing.publish.config.json
Lines changed: 22 additions & 43 deletions b/‎.openpublishing.publish.config.json
Lines changed: 22 additions & 43 deletions
diff --git a/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 21 additions & 19 deletions b/‎exchange/docs-conceptual/app-only-auth-powershell-v2.md
Lines changed: 21 additions & 19 deletions
@@ -50,9 +50,9 @@
       ]
     },
     {
-      "docset_name": "sharepoint-ps",
-      "build_source_folder": "sharepoint",
-      "build_output_subfolder": "sharepoint-ps",
+      "docset_name": "skype-ps",
+      "build_source_folder": "skype",
+      "build_output_subfolder": "skype-ps",
       "locale": "en-us",
       "monikers": [],
       "moniker_ranges": [],
@@ -66,12 +66,20 @@
       },
       "build_entry_point": "docs",
       "template_folder": "_themes",
-      "version": 0
+      "version": 0,
+      "customized_tasks": {
+        "docset_prebuild": [
+          "_dependentPackages/MAML2Yaml/tools/Run.ps1"
+        ]
+      },
+      "monikerPath": [
+        "mapping/monikerMapping.json"
+      ]
     },
     {
-      "docset_name": "skype-ps",
-      "build_source_folder": "skype",
-      "build_output_subfolder": "skype-ps",
+      "docset_name": "spmt-ps",
+      "build_source_folder": "spmt",
+      "build_output_subfolder": "spmt-ps",
       "locale": "en-us",
       "monikers": [],
       "moniker_ranges": [],
@@ -86,11 +94,6 @@
       "build_entry_point": "docs",
       "template_folder": "_themes",
       "version": 0,
-      "customized_tasks": {
-        "docset_prebuild": [
-          "_dependentPackages/MAML2Yaml/tools/Run.ps1"
-        ]
-      },
       "monikerPath": [
         "mapping/monikerMapping.json"
       ]
@@ -141,28 +144,6 @@
         "mapping/monikerMapping.json"
       ]
     },
-    {
-      "docset_name": "spmt-ps",
-      "build_source_folder": "spmt",
-      "build_output_subfolder": "spmt-ps",
-      "locale": "en-us",
-      "monikers": [],
-      "moniker_ranges": [],
-      "open_to_public_contributors": true,
-      "type_mapping": {
-        "Conceptual": "Content",
-        "ManagedReference": "Content",
-        "RestApi": "Content",
-        "PowershellModule": "Content",
-        "PowershellCmdlet": "Content"
-      },
-      "build_entry_point": "docs",
-      "template_folder": "_themes",
-      "version": 0,
-      "monikerPath": [
-        "mapping/monikerMapping.json"
-      ]
-    },
     {
       "docset_name": "whiteboard-ps",
       "build_source_folder": "whiteboard",
@@ -195,10 +176,7 @@
   "sync_notification_subscribers": [],
   "branches_to_filter": [],
   "git_repository_branch_open_to_public_contributors": "main",
-  "skip_source_output_uploading": false,
   "need_preview_pull_request": true,
-  "enable_incremental_build": false,
-  "contribution_branch_mappings": {},
   "dependent_repositories": [
     {
       "path_to_root": "_themes",
@@ -212,12 +190,16 @@
       "Publish"
     ]
   },
-  "need_generate_pdf_url_template": false,
   "targets": {
     "Pdf": {
       "template_folder": "_themes.pdf"
     }
   },
+  "docs_build_engine": {},
+  "skip_source_output_uploading": false,
+  "enable_incremental_build": false,
+  "contribution_branch_mappings": {},
+  "need_generate_pdf_url_template": false,
   "need_generate_intellisense": false,
   "dependent_packages": [
     {
@@ -227,8 +209,5 @@
       "target_framework": "net45",
       "version": "latest"
     }
-  ],
-  "docs_build_engine": {
-    "name": "docfx_v3"
-  }
-}
+  ]
+}
@@ -2,7 +2,7 @@
 title: App-only authentication in Exchange Online PowerShell and Security & Compliance PowerShell
 ms.author: chrisda
 author: chrisda
-manager: dansimp
+manager: deniseb
 ms.date: 12/12/2023
 ms.audience: Admin
 audience: Admin
@@ -33,7 +33,7 @@ Certificate based authentication (CBA) or app-only authentication as described i
 >
 >   For instructions on how to install or update the module, see [Install and maintain the Exchange Online PowerShell module](exchange-online-powershell-v2.md#install-and-maintain-the-exchange-online-powershell-module). For instructions on how to use the module in Azure automation, see [Manage modules in Azure Automation](/azure/automation/shared-resources/modules).
 >
-> - REST API connections in the Exchange Online PowerShell V3 module require the PowerShellGet and PackageManagement modules. For more information, see [PowerShellGet for REST-based connections in Windows](exchange-online-powershell-v2.md#powershellget-for-rest-based-connections-in-windows).
+> - REST API connections in the Exchange Online PowerShell V3 module require the PowerShellGet and PackageManagement modules. For more information, see [PowerShellGet for REST-based connections in Windows](exchange-online-powershell-v2.md#powershellget-for-rest-api-connections-in-windows).
 >
 >   If the procedures in this article don't work for you, verify that you don't have Beta versions of the PackageManagement or PowerShellGet modules installed by running the following command: `Get-InstalledModule PackageManagement -AllVersions; Get-InstalledModule PowerShellGet -AllVersions`.
 >
@@ -216,15 +216,15 @@ Choose **one** of the following methods in this section to assign API permission
 
    ![Find and select Office 365 Exchange Online on the APIs my organization uses tab.](media/exo-app-only-auth-api-permissions-select-o365-exo.png)
 
-5. On the **What type of permissions does your application require?** flyout that appears, select **Application permissions**.
+4. On the **What type of permissions does your application require?** flyout that appears, select **Application permissions**.
 
-6. In the permissions list that appears, expand **Exchange**, select **Exchange.ManageAsApp**, and then select **Add permissions**.
+5. In the permissions list that appears, expand **Exchange**, select **Exchange.ManageAsApp**, and then select **Add permissions**.
 
    ![Find and select Exchange.ManageAsApp permissions from the Application permission tab.](media/exo-app-only-auth-api-permissions-select-exchange-manageasapp.png)
 
-7. Back on the app **API permissions** page, verify **Office 365 Exchange Online** \> **Exchange.ManageAsApp** is listed and contains the following values:
+6. Back on the app **API permissions** page, verify **Office 365 Exchange Online** \> **Exchange.ManageAsApp** is listed and contains the following values:
    - **Type**: **Application**.
-   - **Admin consent required**: **Yes**. 
+   - **Admin consent required**: **Yes**.
 
    - **Status**: The current incorrect value is **Not granted for \<Organization\>**.
 
@@ -236,11 +236,11 @@ Choose **one** of the following methods in this section to assign API permission
 
      ![Admin consent granted for Exchange.ManageAsApp permissions.](media/exo-app-only-auth-admin-consent-granted.png)
 
-8. For the default **Microsoft Graph** \> **User.Read** entry, select **...** \> **Revoke admin consent**, and then select **Yes** in the confirmation dialog that opens to return **Status** back to the default blank value.
+7. For the default **Microsoft Graph** \> **User.Read** entry, select **...** \> **Revoke admin consent**, and then select **Yes** in the confirmation dialog that opens to return **Status** back to the default blank value.
 
    ![Admin consent removed from default Microsoft Graph User.Read permissions.](media/exo-app-only-auth-admin-consent-removed-from-graph.png)
 
-9. Close the current **API permissions** page (not the browser tab) to return to the **App registrations** page. You use the **App registrations** page in an upcoming step.
+8. Close the current **API permissions** page (not the browser tab) to return to the **App registrations** page. You use the **App registrations** page in an upcoming step.
 
 #### Modify the app manifest to assign API permissions
 
@@ -310,7 +310,7 @@ Choose **one** of the following methods in this section to assign API permission
 
 4. On the **API permissions** page, verify **Office 365 Exchange Online** \> **Exchange.ManageAsApp** is listed and contains the following values:
    - **Type**: **Application**.
-   - **Admin consent required**: **Yes**. 
+   - **Admin consent required**: **Yes**.
 
    - **Status**: The current incorrect value is **Not granted for \<Organization\>** for the **Office 365 Exchange Online** \> **Exchange.ManageAsApp** entry.
 
@@ -412,20 +412,22 @@ The supported Microsoft Entra roles are described in the following table:
 |Role|Exchange Online<br>PowerShell|Security & Compliance<br>PowerShell|
 |---|:---:|:---:|
 |[Compliance Administrator](/entra/identity/role-based-access-control/permissions-reference#compliance-administrator)|✔|✔|
-|[Exchange Administrator](/entra/identity/role-based-access-control/permissions-reference#exchange-administrator)<sup>\*</sup>|✔||
+|[Exchange Administrator](/entra/identity/role-based-access-control/permissions-reference#exchange-administrator)¹|✔||
 |[Exchange Recipient Administrator](/entra/identity/role-based-access-control/permissions-reference#exchange-recipient-administrator)|✔||
-|[Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator)<sup>\*</sup>|✔|✔|
+|[Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator)¹ ²|✔|✔|
 |[Global Reader](/entra/identity/role-based-access-control/permissions-reference#global-reader)|✔|✔|
 |[Helpdesk Administrator](/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator)|✔||
-|[Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator)<sup>\*</sup>|✔|✔|
+|[Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator)¹|✔|✔|
 |[Security Reader](/entra/identity/role-based-access-control/permissions-reference#security-reader)|✔|✔|
 
-> <sup>\*</sup> The Global Administrator and Exchange Administrator roles provide the required permissions for any task in Exchange Online PowerShell. For example:
->
-> - Recipient management.
-> - Security and protection features. For example, anti-spam, anti-malware, anti-phishing, and the associated reports.
->
-> The Security Administrator role does not have the necessary permissions for those same tasks.
+¹ The Global Administrator and Exchange Administrator roles provide the required permissions for any task in Exchange Online PowerShell. For example:
+
+- Recipient management.
+- Security and protection features. For example, anti-spam, anti-malware, anti-phishing, and the associated reports.
+
+The Security Administrator role does not have the necessary permissions for those same tasks.
+
+² Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 For general instructions about assigning roles in Microsoft Entra ID, see [Assign Microsoft Entra roles to users](/entra/identity/role-based-access-control/manage-roles-portal).
 
@@ -481,7 +483,7 @@ For general instructions about assigning roles in Microsoft Entra ID, see [Assig
 >
 >  This method is supported only when you connect to Exchange Online PowerShell or Security & Compliance PowerShell in [REST API mode](exchange-online-powershell-v2.md#rest-api-connections-in-the-exo-v3-module). Security & Compliance PowerShell supports REST API mode in v3.2.0 or later.
 
-For information about creating custom role groups, see [Create role groups in Exchange Online](/exchange/permissions-exo/role-groups#create-role-groups) and [Create Email & collaboration role groups in the Microsoft Defender portal](/microsoft-365/security/office-365-security/mdo-portal-permissions#create-email--collaboration-role-groups-in-the-microsoft-defender-portal). The custom role group that you assign to the application can contain any combination of built-in and custom roles.
+For information about creating custom role groups, see [Create role groups in Exchange Online](/exchange/permissions-exo/role-groups#create-role-groups) and [Create Email & collaboration role groups in the Microsoft Defender portal](/defender-office-365/mdo-portal-permissions#create-email--collaboration-role-groups-in-the-microsoft-defender-portal). The custom role group that you assign to the application can contain any combination of built-in and custom roles.
 
 To assign custom role groups to the application using service principals, do the following steps: