Merge branch 'master' into patch-228

Author: chrisda

exchange/docs-conceptual/app-only-auth-powershell-v2.md

@@ -17,7 +17,7 @@ ROBOTS: NOINDEX, NOFOLLOW
 description: "Learn about using the Exchange Online V2 module in scripts and other long-running tasks with Modern Authentication and app-only authentication."
 ---
 
-# App-only authentication in the EXO V2 module
+# App-only authentication for unattended scripts in the EXO V2 module
 
 > [!NOTE]
 > This feature is currently in Public Preview, and is available in the Preview release of Exchange Online PowerShell V2 Module.
@@ -31,7 +31,7 @@ Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -Al
 To update from an earlier version of the of the EXO V2 module, run the following command:
 
 ```powershell
-Update-Module -Name ExchangeOnlineManagement -AllowPrerelease
+Update-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease
 ```
 
 Auditing and reporting scenarios in Exchange Online often involve scripts that run unattended. In most cases, these unattended scripts access Exchange Online PowerShell using Basic authentication (a username and password). Even when the connection to Exchange Online PowerShell uses Modern authentication, the credentials are stored in a local file or a secret vault that's access at run-time.
@@ -43,13 +43,13 @@ The following examples show how to use the Exchange Online PowerShell V2 module
 - Connect using a local certificate:
 
   ```powershell
-  Connect-ExchangeOnline -CertificateFilePath "C:\Users\johndoe\Desktop\automation-cert.pfx" -AppID "alpha-beta-gamma-123456" -Organization "contosoelectronics.onmicrosoft.com"
+  Connect-ExchangeOnline -CertificateFilePath "C:\Users\johndoe\Desktop\automation-cert.pfx" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
   ```
 
 - Connect using a certificate thumbprint:
 
   ```powershell
-  Connect-ExchangeOnline -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "alpha-beta-gamma-123456" -Organization "contosoelectronics.onmicrosoft.com"
+  Connect-ExchangeOnline -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"
   ```
 
   When you use the _CertificateThumbPrint_ parameter, the certificate needs to be installed on the computer where you are running the command. The certificate should be installed in the user certificate store.
@@ -92,7 +92,10 @@ For a detailed visual flow bout creating applications in Azure AD, see <https://
 
    - Create and configure a self-signed X.509 certificate, which will be used to authenticate your Application against Azure AD, while requesting the app-only access token.
 
-   - This is similar to generating a password for user accounts. The certificate can be self-signed as well. See the [Appendix](#appendix) section later in this topic for instructions for generating certificates in PowerShell.
+   - This is similar to generating a password for user accounts. The certificate can be self-signed as well. See the [Appendix](#step-3-generate-a-self-signed-certificate) section later in this topic for instructions for generating certificates in PowerShell.
+   
+     > [!NOTE]
+     > Cryptography: Next Generation (CNG) certificates are not supported for app-only authentication with Exchange. CNG certificates are created by default in modern Windows versions. You must use a certificate from a CSP key provider. The [Appendix](#step-3-generate-a-self-signed-certificate) section covers two supported methods to create a CSP certificate.
 
 4. Assign RBAC roles
 
@@ -103,7 +106,7 @@ For a detailed visual flow bout creating applications in Azure AD, see <https://
    - Security reader
    - Security administrator
    - Helpdesk administrator
-   - Exchange Service administrator
+   - Exchange administrator
    - Global Reader
 
 ## Appendix

exchange/docs-conceptual/connect-to-exchange-online-powershell.md

@@ -1,5 +1,5 @@
 ---
-title: "Connect to Exchange Online PowerShell"
+title: "Connect to Exchange Online PowerShell with Basic authentication"
 ms.author: chrisda
 author: chrisda
 manager: dansimp
@@ -12,13 +12,10 @@ ms.collection: Strat_EX_Admin
 ms.custom:
 ms.assetid: c8bea338-6c1a-4bdf-8de0-7895d427ee5b
 search.appverid: MET150
-description: "Learn how to use remote PowerShell to connect to Exchange Online."
+description: "Learn how to use remote PowerShell to connect to Exchange Online with Basic authentication."
 ---
 
-# Connect to Exchange Online PowerShell
-
-> [!NOTE]
-> Since Basic Auth Deprecation has been announced and this method uses Basic Authentication on Server Side, 
+# Connect to Exchange Online PowerShell with Basic authentication
 
 Exchange Online PowerShell allows you to manage your Exchange Online settings from the command line. You use Windows PowerShell on your local computer to create a remote PowerShell session to Exchange Online. It's a simple three-step process where you enter your Microsoft 365 credentials, provide the required connection settings, and then import the Exchange Online cmdlets into your local Windows PowerShell session so that you can use them.
 

exchange/docs-conceptual/exchange-online-powershell-v2.md

@@ -1,5 +1,5 @@
 ---
-title: Exchange Online PowerShell V2
+title: Exchange Online PowerShell with Modern Authentication using V2 Module
 ms.author: chrisda
 author: chrisda
 manager: dansimp
@@ -13,10 +13,10 @@ ms.collection: Strat_EX_Admin
 ms.custom:
 ms.assetid:
 search.appverid: MET150
-description: "Learn how to download and use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell."
+description: "Learn how to install and use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell with Modern Authentication."
 ---
 
-# Use the Exchange Online PowerShell V2 module
+# Use the Exchange Online PowerShell with Modern Authentication using V2 module
 
 The Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module) enables admins to connect to their Exchange Online environment in Microsoft 365 to retrieve data, create new objects, update existing objects, remove objects as well as configure Exchange Online and its features.
 

exchange/exchange-ps/exchange/Get-MailboxAuditBypassAssociation.md

@@ -15,7 +15,7 @@ monikerRange: "exchserver-ps-2010 || exchserver-ps-2013 || exchserver-ps-2016 ||
 ## SYNOPSIS
 This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
 
-Use the Get-MailboxAuditBypassAssociation cmdlet to retrieve user or computer accounts configured to bypass mailbox audit logging.
+Use the Get-MailboxAuditBypassAssociation cmdlet to retrieve information about the AuditBypassEnabled property value for user accounts (on-premises Exchange and the cloud) and computer accounts (on-premises Exchange only). You use the [Set-MailboxAuditBypassAssociation](https://docs.microsoft.com/powershell/module/exchange/set-mailboxauditbypassassociation) cmdlet to enable this property to bypass mailbox audit logging.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 
@@ -27,59 +27,67 @@ Get-MailboxAuditBypassAssociation [[-Identity] <MailboxAuditBypassAssociationIdP
 ```
 
 ## DESCRIPTION
-When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user or computer account to any mailbox isn't logged. By bypassing trusted user or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs.
+When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user account or computer account to any mailbox isn't logged. By bypassing trusted user accounts or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs.
 
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES
 
 ### Example 1
 ```powershell
-Get-MailboxAuditBypassAssociation -ResultSize unlimited
+Get-MailboxAuditBypassAssociation -ResultSize unlimited | Format-Table Name,AuditBypassEnabled
 ```
 
-This example retrieves all user or computer accounts configured for mailbox audit logging bypass.
+This example returns all accounts and whether they are configured or not configured for mailbox audit logging bypass.
 
 ### Example 2
 ```powershell
 Get-MailboxAuditBypassAssociation -Identity "Svc-MyApplication"
 ```
 
-This example retrieves the mailbox audit bypass association for the Svc-MyApplication account.
+This example returns the status of the AuditBypassEnabled property for the Svc-MyApplication account.
 
-## PARAMETERS
+### Example 3
+```powershell
+$MBX = Get-MailboxAuditBypassAssociation -ResultSize unlimited
+$MBX | where {$_.AuditBypassEnabled -eq $true} | Format-Table Name,AuditBypassEnabled
+```
 
-### -DomainController
-This parameter is available only in on-premises Exchange.
+This example returns all accounts that are configured for mailbox audit logging bypass.
 
-The DomainController parameter specifies the ___domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the ___domain controller by its fully qualified ___domain name (FQDN). For example, dc01.contoso.com.
+## PARAMETERS
+
+### -Identity
+The Identity parameter specifies the user account or computer account where you want to view the value of the AuditBypassEnabled property.
 
 ```yaml
-Type: Fqdn
+Type: MailboxAuditBypassAssociationIdParameter
 Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
 
 Required: False
-Position: Named
+Position: 1
 Default value: None
-Accept pipeline input: False
+Accept pipeline input: True
 Accept wildcard characters: False
 ```
 
-### -Identity
-The Identity parameter specifies a user or computer account to retrieve audit logging bypass association for.
+### -DomainController
+This parameter is available only in on-premises Exchange.
+
+The DomainController parameter specifies the ___domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the ___domain controller by its fully qualified ___domain name (FQDN). For example, dc01.contoso.com.
 
 ```yaml
-Type: MailboxAuditBypassAssociationIdParameter
+Type: Fqdn
 Parameter Sets: (All)
 Aliases:
-Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
+Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019
 
 Required: False
-Position: 1
+Position: Named
 Default value: None
-Accept pipeline input: True
+Accept pipeline input: False
 Accept wildcard characters: False
 ```
 

exchange/exchange-ps/exchange/Import-ContactList.md

@@ -72,7 +72,7 @@ Accept wildcard characters: False
 ```
 
 ### -CSVData
-The CSVData parameter specifies the .csv file you want to import. Use the following syntax for this parameter: ([System.IO.File]::ReadAllBytes("\<file name and path\>")). For example, ([System.IO.File]::ReadAllBytes("C:\\My Documents\\Contacts.csv")).
+The CSVData parameter specifies the .csv file you want to import. Use the following syntax for this parameter: `([System.IO.File]::ReadAllBytes("<file name and path>"))`. For example, `([System.IO.File]::ReadAllBytes("C:\My Documents\Contacts.csv"))`.
 
 ```yaml
 Type: Byte[]

exchange/exchange-ps/exchange/New-Label.md

@@ -22,7 +22,7 @@ For information about the parameter sets in the Syntax section below, see [Excha
 ## SYNTAX
 
 ```
-New-Label [-Name] <String> -DisplayName <String>
+New-Label [-Name] <String> -DisplayName <String> -Tooltip <String>
  [-AdvancedSettings <PswsHashtable>]
  [-ApplyContentMarkingFooterAlignment <Microsoft.Office.CompliancePolicy.Tasks.FlattenLabelActionUtils+ContentAlignment>]
  [-ApplyContentMarkingFooterEnabled <System.Boolean>]
@@ -74,7 +74,6 @@ New-Label [-Name] <String> -DisplayName <String>
  [-SiteAndGroupProtectionBlockAccess <System.Boolean>]
  [-SiteAndGroupProtectionEnabled <System.Boolean>]
  [-SiteAndGroupProtectionPrivacy <Microsoft.Office.CompliancePolicy.PolicyConfiguration.AccessType>]
- [-Tooltip <String>]
  [-WhatIf]
  [<CommonParameters>]
 ```
@@ -125,6 +124,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Tooltip
+The ToolTip parameter specifies the default tooltip and sensitivity label description that's seen by users. It the value contains spaces, enclose the value in quotation marks (").
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Office 365 Security & Compliance Center
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -AdvancedSettings
 The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting. For more information, see [How to configure advanced settings for the client by using Security & Compliance Center PowerShell](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations#how-to-configure-advanced-settings-for-the-client-by-using-office-365-security--compliance-center-powershell).
 
@@ -1087,22 +1102,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Tooltip
-The ToolTip parameter specifies the default tooltip and sensitivity label description that's seen by users. It the value contains spaces, enclose the value in quotation marks (").
-
-```yaml
-Type: String
-Parameter Sets: (All)
-Aliases:
-Applicable: Office 365 Security & Compliance Center
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -WhatIf
 The WhatIf switch doesn't work in Office 365 Security & Compliance Center PowerShell.
 

exchange/exchange-ps/exchange/New-MigrationBatch.md

@@ -359,7 +359,9 @@ Accept wildcard characters: False
 ### -CSVData
 The CSVData parameter specifies the CSV file that contains information about the user mailboxes to be moved or migrated. The required attributes in the header row of the CSV file vary depending on the type of migration. For more information, see [CSV files for mailbox migration](https://docs.microsoft.com/exchange/csv-files-for-mailbox-migration-exchange-2013-help).
 
-Use the following format for the value of this parameter: ([System.IO.File]::ReadAllBytes(\<path of the CSV migration file\>)). For example: -CSVData ([System.IO.File]::ReadAllBytes("C:\\Users\\Administrator\\Desktop\\MigrationBatch\_1.csv"))
+Use the following format for the value of this parameter: `([System.IO.File]::ReadAllBytes(<path of the CSV migration file>))`. For example: `-CSVData ([System.IO.File]::ReadAllBytes("C:\Users\Administrator\Desktop\MigrationBatch\_1.csv"))`.
+
+**Note**: This parameter doesn't validate the availability of the mailboxes based on RBAC scope. All mailboxes that are specified in the CSV file will be migrated, even if they are outside of the RBAC scope (for example, an OU) that gives the admin permissions to migrate mailboxes.
 
 ```yaml
 Type: Byte[]

exchange/exchange-ps/exchange/New-PublicFolderMigrationRequest.md

@@ -177,7 +177,7 @@ Accept wildcard characters: False
 ### -CSVData
 The CSVData parameter specifies the mapping file output generated by the PublicFoldertoMailboxMapGenerator.ps1 script. Use this parameter for local migrations.
 
-A valid value for this parameter requires you to read the file to a byte-encoded object using the Get-Content cmdlet. For example, \(\[Byte\[\]\]\(Get-Content -Encoding Byte -Path "C:\\My Documents\\\<filename\>" -ReadCount 0\)\).
+A valid value for this parameter requires you to read the file to a byte-encoded object using the Get-Content cmdlet. For example, `([Byte[]](Get-Content -Encoding Byte -Path "C:\My Documents\<filename>" -ReadCount 0))`.
 
 You can't use this parameter with the CSVStream parameter, but you need to use it if you don't use CSVStream parameter.
 

exchange/exchange-ps/exchange/Set-Label.md

@@ -50,10 +50,10 @@ You need to be assigned permissions in the Security & Compliance Center before y
 
 ### Example 1
 ```powershell
-Set-Label -Identity General -LocaleSettings '{"localeKey":"DisplayName","Settings":[{"Key":"en-us","Value":"English display name"},{"Key":"de-de","Value":"Deutscher Anzeigename"},{"Key":"es-es","Value":"Nombre para mostrar en Español"}]}'
+Set-Label -Identity "Label1" -LocaleSettings '{"localeKey":"DisplayName","Settings":[{"Key":"en-us","Value":"English display name"},{"Key":"de-de","Value":"Deutscher Anzeigename"},{"Key":"es-es","Value":"Nombre para mostrar en Español"}]}','{"localeKey":"tooltip","Settings":[{"Key":"en-us","Value":"This is an example label"},{"Key":"de-de","Value":"Dies ist ein Beispieletikett"},{"Key":"es-es","Value":"Esta es una etiqueta de ejemplo"}]}'
 ```
 
-This example sets the localized label name for "General" in different languages (English, German, and Spanish).
+This example sets the localized label name for "Label1" in different languages (English, German, and Spanish).
 
 ## PARAMETERS
 

exchange/exchange-ps/exchange/Set-MigrationBatch.md

@@ -252,7 +252,9 @@ Accept wildcard characters: False
 ### -CSVData
 This parameter is available only in on-premises Exchange.
 
-The CSVData parameter specifies the CSV file that contains information about the user mailboxes to be moved or migrated. The required attributes in the header row of the CSV file vary depending on the type of migration. Use the following format for the value of this parameter: ([System.IO.File]::ReadAllBytes(\<path of the CSV migration file\>)). For example: -CSVData ([System.IO.File]::ReadAllBytes("C:\\Users\\Administrator\\Desktop\\MigrationBatch\_1.csv"))
+The CSVData parameter specifies the CSV file that contains information about the user mailboxes to be moved or migrated. The required attributes in the header row of the CSV file vary depending on the type of migration. Use the following format for the value of this parameter: `([System.IO.File]::ReadAllBytes(<path of the CSV migration file>))`. For example: `-CSVData ([System.IO.File]::ReadAllBytes("C:\Users\Administrator\Desktop\MigrationBatch\_1.csv"))`.
+
+**Note**: This parameter doesn't validate the availability of the mailboxes based on RBAC scope. All mailboxes that are specified in the CSV file will be migrated, even if they are outside of the RBAC scope (for example, an OU) that gives the admin permissions to migrate mailboxes.
 
 ```yaml
 Type: Byte[]