Merge branch 'main' into patch-2

Author: chrisda

.openpublishing.redirection.teams.json

@@ -3014,6 +3014,11 @@
             "source_path": "teams/virtual-folder/teams/index.md",
             "redirect_url": "/powershell/module/microsoftteams/",
             "redirect_document_id": true
+        },
+        {
+            "source_path": "teams/virtual-folder/MicrosoftTeams/Set-CsGroupPolicyAssignment.md",
+            "redirect_url": "/powershell/module/microsoftteams/",
+            "redirect_document_id": false
         }
     ]
 }

exchange/docs-conceptual/exchange-online-powershell-v2.md

@@ -228,13 +228,15 @@ The module is supported in the following versions of macOS:
 - **macOS 13 Ventura or later**:
 
   |Module version|PowerShell version|
-  |3.5.0 or later|7.4.0|
+  |---|---|
+  |3.5.0 or later|7.4.0 or later|
 
   PowerShell 7.4.0 is the minimum supported version of PowerShell 7 in macOS 13 or later. Module versions 3.0.0 to 3.4.0 are also supported.
 
 - **macOS 12 Monterey** and **mac OS 11 Big Sur**:
 
   |Module version|PowerShell version|
+  |---|---|
   |3.5.0 or later|7.4.x|
   |3.0.0 to 3.4.0|7.2.0 to 7.3.7 (or later)|
   |2.0.4 and 2.0.5|7.0.3 to 7.1.5 (or later)|
@@ -294,7 +296,7 @@ The module is officially supported in the following distributions of Linux:
 
   |Module version|PowerShell version|
   |---|---|
-  |3.5.0 or later|7.4.x or later|
+  |3.5.0 or later|7.4.0 or later|
   |3.0.0 to 3.4.0|7.2.0 to 7.3.7 (or later)|
 
 - **Ubuntu 20.04 LTS**

exchange/exchange-ps/ExchangePowerShell/Add-RoleGroupMember.md

@@ -59,7 +59,7 @@ This example finds all the mailboxes that are part of the Sales department and a
 
 After you verify the correct members are added to the role group, remove the WhatIf switch and run the command again.
 
-For more information about pipelining and the WhatIf parameter, see the following topics:
+For more information about pipelining and the WhatIf parameter, see the following articles:
 
 - [About Pipelines](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_pipelines)
 - [WhatIf, Confirm and ValidateOnly switches](https://learn.microsoft.com/exchange/whatif-confirm-and-validateonly-switches-exchange-2013-help)

exchange/exchange-ps/ExchangePowerShell/Enable-ExchangeCertificate.md

@@ -53,9 +53,9 @@ The Enable-ExchangeCertificate cmdlet enables certificates by updating the metad
 
 After you run the Enable-ExchangeCertificate cmdlet, you might need to restart Internet Information Services (IIS). In some scenarios, Exchange might continue to use the previous certificate for encrypting and decrypting the cookie that's used for Outlook on the web (formerly known as Outlook Web App) authentication. We recommend restarting IIS in environments that use Layer 4 load balancing.
 
-There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) services. You need to understand how these factors might affect your overall configuration. For more information, see [Digital certificates and encryption in Exchange Server](https://learn.microsoft.com/Exchange/architecture/client-access/certificates).
+There are many factors to consider when you configure certificates for Transport Layer Security (TLS) services. You need to understand how these factors might affect your overall configuration. For more information, see [Digital certificates and encryption in Exchange Server](https://learn.microsoft.com/Exchange/architecture/client-access/certificates).
 
-Secure Sockets Layer (SSL) is being replaced by Transport Layer Security (TLS) as the protocol that's used to encrypt data sent between computer systems. They're so closely related that the terms "SSL" and "TLS" (without versions) are often used interchangeably. Because of this similarity, references to "SSL" in Exchange topics, the Exchange admin center, and the Exchange Management Shell have often been used to encompass both the SSL and TLS protocols. Typically, "SSL" refers to the actual SSL protocol only when a version is also provided (for example, SSL 3.0). For more information, see [Exchange Server TLS configuration best practices](https://learn.microsoft.com/Exchange/exchange-tls-configuration).
+TLS replaced Secure Sockets Layer (SSL) as the protocol used to encrypt data sent between computer systems. In the past, "TLS" and "SSL" were often used interchangeably. Any reference to SSL in Exchange documentation actually means TLS, unless a version number is also included (for example, SSL 3.0). For more information, see [Exchange Server TLS configuration best practices](https://learn.microsoft.com/Exchange/exchange-tls-configuration).
 
 You need to be assigned permissions before you can run this cmdlet. Although this article lists all parameters for the cmdlet, you might not have access to some parameters if they aren't included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
@@ -124,7 +124,7 @@ Accept wildcard characters: False
 The Services parameter specifies the Exchange services that the certificate is enabled for. Valid values are:
 
 - Federation: Don't use this command to enable a certificate for federation. Creating or modifying a federation trust enables or modifies how certificates are used for federation. You manage the certificates that used for federation trusts with the New-FederationTrust and Set-FederationTrust cmdlets.
-- IIS: By default, when you enable a certificate for IIS, the "require SSL" setting is configured on the default web site in IIS. To prevent this change, use the DoNotRequireSsl switch.
+- IIS: By default, when you enable a certificate for IIS, the "Require SSL" setting is configured on the default web site in IIS. To prevent this change, use the DoNotRequireSsl switch.
 - IMAP: Don't enable a wildcard certificate for the IMAP4 service. Instead, use the Set-ImapSettings cmdlet to configure the FQDN that clients use to connect to the IMAP4 service.
 - POP: Don't enable a wildcard certificate for the POP3 service. Instead, use the Set-PopSettings cmdlet to configure the FQDN that clients use to connect to the POP3 service.
 - SMTP: When you enable a certificate for SMTP, you're prompted to replace the default Exchange self-signed certificate that's used to encrypt SMTP traffic between internal Exchange. Typically, you don't need to replace the default certificate with a certificate from a commercial CA for the purpose of encrypting internal SMTP traffic. If you want to replace the default certificate without the confirmation prompt, use the Force switch.
@@ -194,9 +194,9 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
 
-The DoNotRequireSsl switch prevents the command from enabling the "require SSL" setting on the default web site when you enable the certificate for IIS. You don't need to specify a value with this switch.
+The DoNotRequireSsl switch prevents the command from enabling the "Require SSL" setting on the default web site when you enable the certificate for IIS. You don't need to specify a value with this switch.
 
-If you don't use this switch, and you use the Services parameter to enable the certificate for IIS, the command enables the "require SSL" setting for the default web site in IIS.
+If you don't use this switch, and you use the Services parameter to enable the certificate for IIS, the command enables the "Require SSL" setting for the default web site in IIS.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/ExchangePowerShell/Enable-OutlookAnywhere.md

@@ -63,21 +63,21 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 
 ### Example 1
 ```powershell
-Enable-OutlookAnywhere -Server:Server01 -ExternalHostname:mail.contoso.com -ClientAuthenticationMethod:Ntlm -SSLOffloading:$true
+Enable-OutlookAnywhere -Server Server01 -ExternalHostname mail.contoso.com -ClientAuthenticationMethod Ntlm -SSLOffloading $true
 ```
 
-This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, both Basic and NTLM authentication are used, and SSL offloading is set to $true.
+This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, both Basic and NTLM authentication are used, and the SSLOffloading parameter is set to $true.
 
 ### Example 2
 ```powershell
-Enable-OutlookAnywhere -DefaultAuthenticationMethod:Ntlm -ExternalHostname:mail.contoso.com -SSLOffloading:$false
+Enable-OutlookAnywhere -DefaultAuthenticationMethod Ntlm -ExternalHostname mail.contoso.com -SSLOffloading $false
 ```
 
 This example enables Outlook Anywhere on the server that has the Client Access role installed. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is specified as mail.contoso.com, and the DefaultAuthenticationMethod parameter is set to NTLM.
 
 ### Example 3
 ```powershell
-Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSlOffloading:$false -ClientAuthenticationMethod:Basic -ExternalHostname:mail.contoso.com
+Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSlOffloading $false -ClientAuthenticationMethod Basic -ExternalHostname mail.contoso.com
 ```
 
 This example enables the Exchange Client Access server for Outlook Anywhere. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is set to mail.contoso.com, the IISAuthenticationMethods parameter is set to NTLM, and the ClientAuthenticationMethod parameter is set to Basic.
@@ -156,7 +156,16 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010
 
-The SSLOffloading parameter specifies whether the Client Access server requires Secure Sockets Layer (SSL). This value should be set only to $true when an SSL hardware solution is running in front of the Client Access server.
+The SSLOffloading parameter specifies whether a network device accepts Transport Layer Security (TLS) connections and decrypts them before proxying the connections to the Outlook Anywhere virtual directory on the Exchange server. Valid values are:
+
+- $true: Outlook Anywhere clients using TLS don't maintain an TLS connection along the entire network path to the Exchange server. A network device in front of the server decrypts the TLS connections and proxies the unencrypted (HTTP) client connections to the Outlook Anywhere virtual directory. The network segment where HTTP is used should be a secured network.
+- $false: Outlook Anywhere clients using TLS maintain an TLS connection along the entire network path to the Exchange server. Only TLS connections are allowed to the Outlook Anywhere virtual directory. This value is the default.
+
+This parameter configures the "Require SSL" setting on the Outlook Anywhere virtual directory. When you set this parameter to $true, "Require SSL" is disabled. When you set this parameter to $false, "Require SSL" is enabled. However, it might take several minutes before the change is visible in IIS Manager.
+
+You need to use the value $true for this parameter if you don't require TLS connections for internal or external Outlook Anywhere clients.
+
+The value of this parameter is related to the values of the ExternalClientsRequireSsl and InternalClientsRequireSsl parameters.
 
 ```yaml
 Type: Boolean
@@ -216,7 +225,7 @@ Accept wildcard characters: False
 The ExtendedProtectionFlags parameter is used to customize the options you use if you're using Extended Protection for Authentication. The possible values are:
 
 - None: Default setting.
-- Proxy: Specifies that a proxy is terminating the SSL channel. A Service Principal Name (SPN) must be registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.
+- Proxy: Specifies that a proxy is terminating the TLS channel. A Service Principal Name (SPN) must be registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.
 - ProxyCoHosting: Specifies that both HTTP and HTTPS traffic might be accessing the Client Access server and that a proxy is located between at least some of the clients and the Client Access server.
 - AllowDotlessSPN: Specifies whether you want to support valid SPNs that aren't in the fully qualified domain name (FQDN) format, for example ContosoMail. You specify valid SPNs with the ExtendedProtectionSPNList parameter. This option makes extended protection less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
 - NoServiceNameCheck: Specifies that the SPN list isn't checked to validate a channel binding token. This option makes Extended Protection for Authentication less secure. We generally don't recommend this setting.
@@ -260,13 +269,13 @@ Accept wildcard characters: False
 
 > Applicable: Exchange Server 2010
 
-The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by default. The available settings are:
+The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
 
-- None Extended Protection for Authentication isn't used. Connections between the client and Exchange don't use Extended Protection for Authentication on this virtual directory. This is the default setting.
-- Allow Extended Protection for Authentication is used for connections between the client and Exchange on this virtual directory if both the client and server support Extended Protection for Authentication. Connections that don't support Extended Protection for Authentication on the client and server work, but might not be as secure as a connection using Extended Protection for Authentication.
-- Require Extended Protection for Authentication is used for all connections between clients and Exchange servers for this virtual directory. If either the client or server doesn't support Extended Protection for Authentication, the connection between the client and server will fail. If you set this option, you must also set a value for the ExtendedProtectionSPNList parameter.
+- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
+- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
+- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
 
-**Note**: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
+**Note**: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
 
 To learn more about Extended Protection for Authentication, see [Understanding Extended Protection for Authentication](https://learn.microsoft.com/previous-versions/office/exchange-server-2010/ff459225(v=exchg.141)).
 
@@ -292,7 +301,7 @@ You might want to enable both Basic and NTLM authentication if you're using the
 
 When you configure this setting using the IIS interface, you can enable as many authentication methods as you want.
 
-For more information about configuring this parameter with multiple values, see the example later in this topic.
+For more information about configuring this parameter with multiple values, see the example later in this article.
 
 ```yaml
 Type: MultiValuedProperty

exchange/exchange-ps/ExchangePowerShell/Export-ActivityExplorerData.md

@@ -15,7 +15,7 @@ title: Export-ActivityExplorerData
 ## SYNOPSIS
 This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell).
 
-Use the Export-ActivityExplorerData cmdlet to export activities from Data classification \> Activity Explorer in the Microsoft 365 Purview compliance portal.
+Use the Export-ActivityExplorerData cmdlet to export activities from Data classification \> Activity Explorer in the Microsoft 365 Purview compliance portal. Activity explorer reports on up to 30 days worth of data.
 
 For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
 

exchange/exchange-ps/ExchangePowerShell/Get-AdminAuditLogConfig.md

@@ -38,7 +38,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 Get-AdminAuditLogConfig | Format-List
 ```
 
-This example displays the administrator audit logging settings. The output of the Get-AdminAuditLogConfig cmdlet is piped to the Format-List cmdlet. For more information about piping and the Format-List cmdlet, see the following topics:
+This example displays the administrator audit logging settings. The output of the Get-AdminAuditLogConfig cmdlet is piped to the Format-List cmdlet. For more information about piping and the Format-List cmdlet, see the following articles:
 
 - [About Pipelines](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_pipelines)
 - [Working with command output](https://learn.microsoft.com/exchange/working-with-command-output-exchange-2013-help)

exchange/exchange-ps/ExchangePowerShell/Get-FederationInformation.md

@@ -92,7 +92,7 @@ Accept wildcard characters: False
 
 The Force switch hides warning or confirmation messages. You don't need to specify a value with this switch.
 
-A confirmation prompt warns you if the host name in the Autodiscover endpoint of the domain doesn't match the Secure Sockets Layer (SSL) certificate presented by the endpoint and the host name isn't specified in the TrustedHostnames parameter.
+A confirmation prompt warns you if the host name in the Autodiscover endpoint of the domain doesn't match the Transport Layer Security (TLS) certificate presented by the endpoint and the host name isn't specified in the TrustedHostnames parameter.
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/ExchangePowerShell/Get-LogonStatistics.md

@@ -47,7 +47,7 @@ The Get-LogonStatistics cmdlet retrieves logon information about currently activ
 
 Users who log on to their mailboxes using Microsoft Office Outlook Web App aren't continually connected to the Mailbox server. An Outlook Web App client connects to the server, performs tasks, and then disconnects from the server. Therefore, you might see few or no logon statistics for Outlook Web App, even if users are logged on with this client.
 
-You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you might not have access to some parameters if they aren't included in the permissions assigned to you. To see what permissions you need, see the "Recipient Provisioning Permissions" section in the Mailbox Permissions topic.
+You need to be assigned permissions before you can run this cmdlet. Although this article lists all parameters for the cmdlet, you might not have access to some parameters if they aren't included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
 ## EXAMPLES