+- Backing up a parent site won't back up the channel sites.

+- OneDrive accounts and SharePoint sites that undergoes the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change.

+- must-keep

+For the cloud-only identity model, you can assign Microsoft 365 licenses to user accounts as they're created, depending on how you create them.

+For the hybrid identity model, when Active Directory Domain Services (AD DS) user accounts are synchronized for the first time, they aren't automatically assigned a location or a Microsoft 365 license. **You must configure each user account with a user location prior to or along with assigning a license.**

+With the appropriate set of user accounts that have been assigned licenses, you're now ready to:

+- must-keep

+ Title: "Create SharePoint sites and add users with PowerShell"

+- must-keep

+description: "Summary: Use PowerShell to create new SharePoint sites and then add users and groups to those sites."

+# Create SharePoint sites and add users with PowerShell

+When you use PowerShell for Microsoft 365 to create SharePoint sites and add users, you can quickly and repeatedly perform tasks faster than you can in the Microsoft 365 admin center. You can also perform tasks that aren't possible to perform in the Microsoft 365 admin center.

+## Connect to SharePoint

+The procedures in this article require you to connect to SharePoint. For instructions, see [Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+Create multiple sites using PowerShell and a .csv file that you create using the example code provided and Notepad. For this procedure, you're replacing the placeholder information shown in brackets with your own site- and tenant-specific information. This process lets you create a single file and run a single PowerShell command that uses that file. This makes the actions both repeatable and portable and eliminates many, if not all, errors that can come from typing long commands into the SharePoint Management Shell. There are two parts to this procedure. First you create a .csv file, and then you reference that .csv file using PowerShell, which uses its contents to create the sites.

+ Where *tenant* is the name of your tenant, and *owner* is the user name of the user on your tenant to whom you want to grant the role of primary site admin.

+4. Note the new site collections in the list. Using our example CSV file, you would see the following site collections: **TeamSite01**, **Blog01**, **Project01**, and **Community01**.

+Now youΓÇÖre going to create users and add them to a site collection group. You'll use a .csv file to bulk upload new groups and users.

+1. Return to the SharePoint Management Shell.

+2. At the Windows PowerShell command prompt, type or copy and paste the following line, and press Enter:

+4. At the Windows PowerShell command prompt, type or copy and paste the following, and press Enter:

+5. Wait for the prompt to return before moving on. You'll first see the groups appear as they're created. Then you'll see the group list repeated as users are added.

+[Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)

+[Manage SharePoint site groups with PowerShell](manage-sharepoint-site-groups-with-powershell.md)

+- must-keep

+- **App connectivity**: Estimated connectivity is based on the percentage of successful, synthetic connections between your organization's devices and Exchange Online, and might include issues outside of Microsoft's control. To learn more, see [Microsoft 365 Connectivity Optics](microsoft-365-connectivity-optics.md).

+You'll notice incidents or advisories created for your organization with "Issue origin" in the communication tagged as "Your org." These are notifications individually targeted to your organization with issues that require your attention for mitigation and resolution. For more information about various types of issues that are created and communicated in service health to inform your organization about the potential impact, see the following articles:

+The Exchange licensing scenario checks if the priority account isn't able to sign in due to invalid license issues, which can be addressed by the tenant admin.

+The remaining five scenarios check if your priority accountΓÇÖs mailbox is close to reaching or has reached the limits described in [Exchange Online limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#mailbox-storage-limits).

+### 1. The active user count in the dashboard for each client appears to be low. We have numerous active licenses assigned to users. What does this mean?

+**Security defaults** is a new feature for Microsoft 365 and Office 365 paid or trial subscriptions created after October 21, 2019. These subscriptions have security defaults turned on, which ***requires all of your users to use MFA with the Microsoft Authenticator app***.

+This policy allows you to require MFA based on group membership, rather than trying to configure individual user accounts for MFA when they're assigned or unassigned from these administrator roles.

+- You can't enable security defaults if you have any Conditional Access policies enabled.

+- You can't enable any Conditional Access policies if you have security defaults enabled.

+- must-keep

+With OneDrive geo move, you can move a user's OneDrive to a different geo location. OneDrive geo move is performed by the SharePoint administrator or the Microsoft 365 global administrator. Before you start a OneDrive geo move, be sure to notify the user whose OneDrive is being moved and recommend they close all files during the move. (If the user has a document open using the Office client during the move, then upon move completion the document needs to be saved to the new location.) The move can be scheduled for a future time, if desired.

+During the OneDrive geo move window (about 2-6 hours), the user's OneDrive is set to read-only. The user can still access their files via the OneDrive sync app or their OneDrive site in SharePoint. After OneDrive geo move is complete, the user will be automatically connected to their OneDrive at the destination geo location when they navigate to OneDrive in the Microsoft 365 app launcher. The sync app will automatically begin syncing from the new location.

+- When the move is expected to start and how long it's expected to take

+- File permissions and sharing won't change as a result of the move.

+You can schedule OneDrive site moves in advance (described later in this article). We recommend that you start with a small number of users to validate your workflows and communication strategies. Once you're comfortable with the process, you can schedule moves as follows:

+- The maximum number of list items that can be moved is 1,000,000.

+When using the geo move cmdlets, connect to the SharePoint Service at the user's current OneDrive geo location, using the following syntax:

+This displays all your geo locations and whether the environment is compatible with the destination geo location. If a geo location is incompatible, that means an update is in progress in that location. Try again in a few days.

+If a OneDrive contains a subsite, for example, it can't be moved. You can use the Start-SPOUserAndContentMove cmdlet with the -ValidationOnly parameter to validate if the OneDrive is able to be moved:

+This returns **Success** if the OneDrive is ready to be moved or **Fail** if there's a legal hold or subsite that would prevent the move. Once you validate that the OneDrive is ready to move, you can start the move.

+You can stop the geo move of a user's OneDrive, provided the move isn't in progress or completed by using the cmdlet:

+You can check the status of a OneDrive geo move in or out of the geo that you're connected to by using the ```Get-SPOUserAndContentMoveState``` cmdlet.

+|NotStarted|The move hasn't started|

+The OneDrive sync app will automatically detect and seamlessly transfer syncing to the new OneDrive location once the OneDrive geo move is complete. The user doesn't need to sign-in again or take any other action. (Version 17.3.6943.0625 or later of the sync app required.)

+If a user updates a file while the OneDrive geo move is in progress, the sync app notifies them that file uploads are pending while the move is underway.

+OneNote Win32 client and UWP (Universal) App will automatically detect and seamlessly sync notebooks to the new OneDrive location once OneDrive geo move is complete. The user doesn't need to sign-in again or take any other action. The only visible indicator to the user is notebook sync would fail when OneDrive geo move is in progress. This experience is available on the following OneNote client versions:

+- OneNote Win32 ΓÇô Version 16.0.8326.2096 (and later)

+Upon OneDrive geo move completion, users have access to their OneDrive files on the Teams app. Additionally, files shared via Teams chat from their OneDrive prior to geo move will continue to work after move is complete.

+Followed sites and groups show up in the user's OneDrive regardless of their geo location. Sites and groups hosted in another geo location will open in a separate tab.

+- must-keep

+The Get-MultiGeoRegion cmdlet in Teams displays the following multi-geo related properties:

+The output of the command looks like this:

+- must-keep

+Before you deploy for the first time or migrate to Office 365, you can use the information in these articles to estimate the bandwidth you need and then to test and verify that you have enough bandwidth to deploy or migrate to Office 365.

+Using Office 365 might increase the utilization of your organization's internet circuit. It's important to determine if the amount of bandwidth currently available is enough to handle the estimated increase once Office 365 is fully deployed while leaving at least 20% capacity to handle the busiest of days.

+2. Determine which Office 365 services and features will be available for clients to use. You'll likely have groups of people with different services or usage profiles.

+3. Measure the network use for a pilot group of clients. Ensure the pilot clients are representative of the different profiles of people in the organization and the different geographic locations. You can cross-check your results against our old calculators for [Exchange](https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-the-exchange-client-network-bandwidth-calculator-beta/ba-p/601744) and [Microsoft Teams](/microsoftteams/prepare-network) or the [case study](https://www.microsoft.com/itshowcase/Article/Content/631/Optimizing-network-performance-for-Microsoft-Office-365) we performed on our own network.

+4. Use the measurements from the pilot group to extrapolate the entire organization's needs and retest to validate the estimations before making any changes to your network.

+ **Network tools.** Test and validate your Internet bandwidth to determine download, upload, and latency constraints. These tools will help you determine the capabilities of your network for migration as well as after you're fully deployed.

+1. Want to get started helping your users right away? See [Best practices for using Office 365 on a slow network](https://support.office.com/article/fd16c8d2-4799-4c39-8fd7-045f06640166) for tips on using Office 365, including SharePoint, Exchange Online, and Lync Online, when your network just isn't cooperating. This article links out to loads of content on TechNet and Support.office.com for optimizing your Office 365 experience and includes information on easy ways to customize your web pages and how to set your Internet Explorer settings for the best Office 365 experience.

+1. Read [Office 365 Network Connectivity Principles](./microsoft-365-network-connectivity-principles.md) to understand the connectivity principles for securely managing Office 365 traffic and getting the best possible performance. This article will help you understand the most recent guidance for securely optimizing Office 365 network connectivity.

+1. Improve mail migration performance by carefully managing the schedule for Windows Updates. You can update your client computers in batches and ensure that all client computers are updated before migrating to Office 365 to regulate the use of network bandwidth. For more information, see [Manually update and configure desktops for Office 365 for the latest updates](https://support.microsoft.com/gp/office-2013-365-update).

+1. Office 365 network traffic performs best when it's treated as a trusted Internet service and allowed to bypass much of the traditional filtering and scanning that some organizations place on network traffic to untrusted Internet services. This typically includes removing outbound processing such as proxy user authentication and packet inspection, as well as ensuring local egress to the Internet with the proper Network Address Translation (NAT) and enough bandwidth capacity to handle the increased network requests. Refer to [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a)for additional guidance on configuring your network to handle Office 365 as a trusted Internet service on your network.

+1. Ensure [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a). The additional traffic going to Office 365 results in an increase of outbound proxy connections and an increase in secure traffic over TLS/SSL.

+1. If your outbound proxies require user authentication you might experience slow connectivity or a loss of functionality. Bypassing the authentication requirement for the Office 365 domains can reduce this overhead.

+1. If you have a large number of shared calendars and mailboxes, you might see an increase in the number of connections from Outlook to Exchange. For instance, the Outlook client may open up to two additional connections for each shared calendar in use. In this situation, ensure that the egress proxy can handle the connections, or bypass the proxy for connections to Office 365 for Outlook.

+1. Determine the maximum number of supported devices for a public IP address and how to load balance across multiple IP addresses. For more information, see [NAT support with Office 365](nat-support-with-microsoft-365.md).

+1. If you're inspecting outbound connections from computers on your network, bypassing this filtering to the Office 365 domains will improve connectivity and performance. Additionally, bypassing outbound inspection often removes the need for a single Internet egress and enables local Internet egress for Office 365 destined network requests.

+1. Some customers find internal network settings can affect performance. Settings such as maximum transmission unit (MTU) size, network autonegotiation or autodetection, and suboptimal routes to the Internet are common places to look.

+These articles contain detailed Office 365 network reference information.

+- must-keep

+Do you need to know the steps to take to identify and fix lags, hangs, and slow performance between SharePoint, OneDrive, Exchange Online, or Skype for Business Online, and your client computer? Before you call support, this article can help you troubleshoot Office 365 performance issues and even fix some of the most common issues.

+Microsoft's Network Monitoring tool ([Netmon](https://www.microsoft.com/download/details.aspx?id=4865)) analyzes packets (network traffic) that passes between computers on networks. By using Netmon to trace traffic with Office 365 you can capture, view, and read packet headers, identify intervening devices, check important settings on network hardware, look for dropped packets, and follow the flow of traffic between computers on your corporate network and Office 365. Because the actual body of the traffic is encrypted, that is, it travels on port 443 via SSL/TLS, you can't read the files being sent. Instead, you get an unfiltered trace of the path that the packet takes which can help you track down the problem behavior.

+[HTTPWatch](https://www.httpwatch.com/download/) comes in charged, and a free edition. The free Basic Edition covers everything you need for this test. HTTPWatch monitors network traffic and page load time right from your browser window. HTTPWatch is a plug-in to Microsoft Edge that graphically describes performance. The analysis can be saved and viewed in HTTPWatch Studio.

+> If you use another browser, such as Firefox, Google Chrome, or if you can't install HTTPWatch in Edge, open a new browser window and press F12 on your keyboard. You should see the Developer Tool pop-up at the bottom of your browser. If you use Opera, press CTRL+SHIFT+I for Web Inspector, then click the **Network** tab and complete the testing outlined below. The information will be slightly different, but load times will still be displayed in milliseconds. > HTTPWatch is also very useful for issues with SharePoint page load times.

+HTTPWatch is a browser plug-in, so exposing the tool in the browser is slightly different for each version of Microsoft Edge. Typically, you can find HTTPWatch under the Commands bar in the Microsoft Edge browser. If you don't see the HTTPWatch plug-in in your browser window, check the version of your browser by clicking **Help** \> **About**, or in later versions of Microsoft Edge, click the gear symbol and **About Edge**. To launch the **Commands** bar, right-click the menu bar in Microsoft Edge and click **Commands bar**.

+1. Launch HTTPWatch in an Microsoft Edge browser window. It appears docked to the browser at the bottom of that window. Click **Record**.

+This screenshot is from the Professional version of HTTPWatch. You can open traces taken in the Basic Version on a computer with a Professional version and read it there. Extra information might be available from the trace through that method.

+The date and time is recorded for you. This links your PSR to your Netmon trace and HTTPWatch in time, and helps with precision troubleshooting. The date and time in the PSR record can show that a minute passed between the sign in and browsing of the URL and the partial render of the admin site, for example.

+If you want to pick up skills reading network traces for your Office 365 sites, there's no better teacher than creating traces of page loads regularly and gaining experience reading them. For example, when you have a chance, load an Office 365 service and trace the process. Filter the trace for DNS traffic, or search the FrameData for the name of the service you browsed. Scan the trace to get an idea of the steps that occur when the service loads. This helps you learn what normal page load should look like, and in the case of troubleshooting, particularly around performance, comparing good to bad traces can teach you a lot.

+Netmon traces can have a lot of traffic in them. If you aren't experienced with reading them, it's likely you'll be overwhelmed opening the trace the first time. The first thing to do is separate the signal from the background noise in the trace. You tested against Office 365, and that's the traffic you want to see. If you're used to navigating through traces, you might not need this list.

+- Know the value of the IPv4 or IPv6 address of your client computer. You can get this from the command prompt by typing **IPConfig** and then pressing ENTER. Knowing this address lets you tell at a glance whether the traffic in the trace directly involves your client computer. If there's a known proxy, ping it and get its IP address as well.

+- In a busy trace, locate the Office 365 service that you're using. If you have never or seldom seen your traffic before, this is a helpful step in separating the performance issue from other network noise. There are a few ways to do this. Directly before your test, you can use _ping_ or _PsPing_ against the URL of the specific service (`ping outlook.office365.com` or `psping -4 microsoft-my.sharepoint.com:443`, for example). You can also easily find that ping or PsPing in a Netmon trace (by its process name). That will give you a place to start looking.

+If you're only using Netmon tracing at the time of the problem, that's okay too. To orient yourself, use a filter like `ContainsBin(FrameData, ASCII, "office")` or `ContainsBin(FrameData, ASCII, "outlook")`. You can record your frame number from the trace file. You might also want to scroll the _Frame Summary_ pane all the way to the right and look for the Conversation ID column. There's a number indicated there for the ID of this specific conversation that you can also record and look at in isolation later. Remember to remove this filter before applying any other filtering.

+All parts of the traffic are important and connected, but small portions of the trace contain information important in terms of performance troubleshooting, so we'll focus on those areas. Also, since we've done enough Office 365 performance troubleshooting at Microsoft to compile a Top 10 list of common problems, we'll focus on those issues and how to use the tools we have to root them out next.

+Some common issues you might face and how to find them in your Network trace.

+Found in the SYN - SYN/ACK. Legacy or aging hardware might not take advantage of TCP windows scaling. Without proper TCP windows scaling settings, the default 16-bit buffer in TCP headers fills in milliseconds. Traffic canΓÇÖt continue to send until the client receives an acknowledgment that the original data has been received, causing delays.

+Look for the SYN - SYN/ACK traffic in your network trace. In Netmon, use a filter like `tcp.flags.syn == 1`. This filter is the same in Wireshark.

+When connections are terminated by proxy or firewall devices, the client isn't informed, and an attempt to use Outlook Online will mean a client computer will try, repeatedly, to revive the connection before making a new one. You might see hangs in the product, prompts, or slow performance on page load.

+To track latency in a trace, you'll benefit from having recorded the client computer IP address and the IP address of the DNS server in Office 365. This is for easier trace filtering. If you connect through a proxy, you'll need your client computer IP address, the proxy/egress IP address, and the Office 365 DNS IP address, to make the work easier.

+A ping request sent to outlook.office365.com will tell you the name of the datacenter receiving the request, even if ping *might* not be able to connect to send the trademark consecutive ICMP packets. If you use PsPing (a free tool for download), and specific the port (443) and perhaps to use IPv4 (-4) you'll get an average round-trip-time for packets sent. This will work this for other URLs in the Office 365 services, like `psping -4 yourSite.sharepoint.com:443`. In fact, you can specify a number of pings to get a larger sample for your average, try something like `psping -4 -n 20 yourSite-my.sharepoint.com:443`.

+Here are the steps to take to filter your Netmon to get the IP address (and take a look at DNS Latency). This example uses outlook.office365.com, but may also use the URL of a SharePoint tenant (hithere.sharepoint.com for example).

+3. Open the trace in Netmon and filter for DNS (this filter also works in Wireshark, but is sensitive to case `-- dns`). Since you know the name of the DNS server from your ping you may also filter more speedily in Netmon like this: `DNS AND ContainsBin(FrameData, ASCII, "namnorthwest")`, which looks like this in Wireshark dns and frame contains "namnorthwest".<br/>Open the response packet and, in the Netmon **Frame Details** window, click **DNS** to expand for more information. In the DNS information, you'll find the IP address of the DNS server the request went to in Office 365. You'll need this IP address for the next step (the PsPing tool). Remove the filter, right-click on the DNS Response in Netmon (**Frame Summary** \> **Find Conversations** \> **DNS**) to see the DNS Query and Response side-by-side.

+If you're going to Office 365 through a proxy server, the steps are a little different. First, PsPing to your proxy server to get an average latency value in milliseconds to proxy/egress and back, and then either run PsPing on the proxy, or on a computer with a direct Internet connection to get the missing value (the one to Office 365 and back).

+If you run PsPing on another client computer that has a direct connection to the Internet, that is, without a proxy, you'll have two millisecond values: Client computer to proxy server or egress point, and client computer to Office 365. In this case, subtract the value of client computer to proxy server or egress point from the value of client computer to Office 365, and you'll have the RTT numbers from your client computer to the proxy server or egress point, and from proxy server or egress point to Office 365.

+If Proxy authentication is on, each time you make a new TCP connection to Office 365 to get information, you need to pass through an authentication process behind the scenes. So, for example, when switching from Calendar to Mail in Outlook Online, you'll authenticate. And in SharePoint, if a page displays media or data from multiple sites or locations, you'll authenticate for each different TCP connection that is needed in order to render the data.

+In Outlook Online, you might experience slow load times whenever you switch between Calendar and your mailbox, or slow page loads in SharePoint. However, there are other symptoms not listed here.

+Proxy authentication is a setting on your egress proxy server. If it's causing a performance issue with Office 365, you must consult your networking team.

+Proxy authentication takes place whenever a new TCP session must be spun up, commonly to request files or info from the server, or to supply info. For example, you might see proxy authentication around HTTP GET or HTTP POST requests. If you want to see the frames where you're authenticating requests in your trace, add the 'NTLMSSP Summary' column to Netmon and filter for `.property.NTLMSSPSummary`. To see how long the authentication is taking, add the Time Delta column.

+When looking for instances of Proxy Authentication, be sure to study all frames where there's an NTLM Challenge, or an Authenticate Message is present. If necessary, right-click the specific piece of traffic and Find Conversations \> TCP. Be aware of the Time Delta values in these Conversations.

+A four-second delay in proxy authentication as seen in Wireshark. The **Time delta from previous displayed frame** column was made via right-clicking the field of the same name in the frame details and selecting Add as Column. <br/> 

+If DNS name resolution is taking place overseas, it can add seconds to page loads. Ideally, name resolution happens in under 100 ms. If not, you should do further investigation.

+DNS traffic is based on TCP and UDP requests and responses are clearly marked with an ID that will help to match a specific request with its specific response. You'll see DNS traffic when, for example, SharePoint uses a network name or URL on a web page. As a rule of thumb, most of this traffic, except when transferring Zones, runs over UDP.

+In both Netmon and Wireshark, the most basic filter that will let you look at DNS traffic is simply `dns`. Be sure to use lower case when specifying the filter. Remember to flush your DNS resolver cache before you begin to reproduce the issue on your client computer. For example, if you have a slow SharePoint page load for the Home page, you should close all browsers, open a new browser, start tracing, flush your DNS resolver cache, and browse to your SharePoint site. Once the entire page resolves, you should stop and save the trace.

+You want to look at the time offset here. And it might be helpful to add the **Time Delta** column to Netmon which you can do by completing these steps:

+In Wireshark, you can make a column for DNS time. Take your trace (or open a trace) in Wireshark and filter by `dns`, or, more helpfully, `dns.time`. Click on any DNS query, and, in the panel showing details, expand the `Domain Name System (response)` details. You'll see a field for time (for example, `[Time: 0.001111100 seconds]`. Right-click this time and select **Apply as Column**. This will give you a **Time** column for quicker sorting of your trace. Click on the new column to sort by descending values to see which DNS call took the longest to resolve.

+[A browse of SharePoint filtered in Wireshark by (lowercase) dns.time, with the time from the details made into a column and sorted ascending.](../media/1439dcc2-12ff-4ee2-9ef3-1484cf79c384.PNG)

+If you would like to do more investigation of the DNS resolution time, try a PsPing against the DNS port used by TCP (for example, `psping <IP address of DNS server>:53`). Do you still see a performance issue? If you do, then the problem is more likely to be a broader network issue than an issue of specific the DNS application you're hitting to do resolution. It's also worth mentioning, again, that a ping to outlook.office365.com will tell you where DNS name resolution for Outlook Online is taking place (for example, outlook-namnorthwest.office365.com).

+Services like Outlook Online in Office 365 grant clients multiple long-term connections. Therefore, each user might use more connections that require a longer life.

+There's no network trace or troubleshooting tool specific to this. Instead, it's based upon bandwidth calculations given limitations and other variables.

+The goal is to see an MSS of 1,460 bytes for transmission of data. If you're behind a proxy, or you're using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.

+TCP Max Segment Size (MSS) is another parameter of the three-way handshake in your network trace that means you'll find the data you need in the SYN - SYN/ACK packet. MSS is pretty simple to see.

+In Wireshark, use something like `frame contains "sphybridExample"`. If you notice that you've found Remote Winsock (RWS) traffic (it might appear as a [PSH, ACK] in Wireshark), remember that RWS connects can be seen shortly before relevant SYN - SYN/ACKs, as discussed earlier.

+At this point, you can record the frame number, drop the filter, and click **All Traffic** in the Network Conversations window in Netmon to look at the nearest SYN.

+Here's a filtered trace in Wireshark. There's a filter specific to the MSS value (`tcp.options.mss`). The frames of a SYN, SYN/ACK, ACK handshake are linked at the bottom of the Wireshark equivalent to Frame Details (so frame 47 ACK, links to 46 SYN/ACK, links to 43 SYN) to make this kind of work easier.

+If you're behind a proxy, or you're using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.

+In Outlook Online, after the first DNS lookup is completed, the location of that DNS will be used to connect to your nearest datacenter. You'll be connected to an Outlook Online CAS server, which will use the backbone network to connect to the datacenter (dC) where your data is stored. This is faster.

+When accessing SharePoint, a user traveling abroad will be directed to their active datacenter - that's the dC whose location is based on their SPO tenant's home-base (so, a dC in the USA if the user if USA-based).

+Requests for name resolution from the client's DNS servers to Microsoft's DNS servers should in most cases result in Microsoft DNS returning the IP address of a regional datacenter (dC). What does this mean for you? If your headquarters are in Bengaluru, India, but you're traveling in the United States, when your browser makes a request for Outlook Online, Microsoft's DNS servers should hand you IP addresses to datacenters in the United States - a regional datacenter. If mail is needed from Outlook, that data will travel across Microsoft's quick backbone network between the datacenters.

+Open the command prompt on the client computer (via Start \> Run \> cmd or Windows key \> type cmd). Type ping outlook.office365.com and press ENTER. Remember, to specify -4 if you want to specify to ping via IPv4. You might fail to get a reply from the ICMP packets, but you should see the name of the DNS to which the request was routed. If you want to see the latency numbers for this connection try PsPing to the IP address of the server that is returned by ping.

+## Related articles

+[Office 365 endpoints FAQ](https://support.office.com/article/d4088321-1c89-4b96-9c99-54c75cae2e6d)

+- must-keep

+You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Migration" entry in a table in the [Recipients Permissions](/exchange/recipients-permissions-exchange-2013-help) article.

+- **Obtain the FQDN of the IMAP server**. You need to provide the fully qualified domain name (FQDN) (also called the full computer name) of the IMAP server that you'll migrate mailbox data from when you create an IMAP migration endpoint. Use an IMAP client or the PING command to verify that you can use the FQDN to communicate with the IMAP server over the Internet.

+- **UserName** specifies the sign in name for the account to use to access the mailbox on the IMAP server.

+- must-keep

+ - azure-ad-ref-level-one-done

+With the Microsoft 365 admin center, you can manage your Microsoft 365 user accounts and licenses. You can also manage your Microsoft 365 services, such as Exchange Online, Teams, and SharePoint. If you instead use PowerShell to manage these services, you can and take advantage of the command-line and scripting language environment for speed, automation, and additional capabilities.

+> [!NOTE]

+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

+> Some PowerShell for Microsoft 365 commands in this article have been updated to use Microsoft Graph PowerShell.

+The Microsoft 365 admin center displays much useful information, but it doesn't display all the possible information that Microsoft 365 stores about users, licenses, mailboxes, and sites. Here's an example for *users and groups* in the Microsoft 365 admin center:

+You must repeat this procedure for each user. If you have many users, this process can be tedious. With PowerShell, you can display this information for all of your users by using the following commands.

+>[!NOTE]

+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

+First, use a **Microsoft Entra DC admin**, **Cloud Application Admin**, or **Global admin** account to [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md).

+Getting information for a user requires the **User.ReadBasic.All** permission scope or one of the other permissions listed in the ['Assign license' Graph API reference page](/graph/api/user-assignlicense).

+The Organization.Read.All permission scope is required to read the licenses available in the tenant.

+Connect-MgGraph -Scopes "User.ReadBasic.All"

+Get-MgUser -All -Property DisplayName, UsageLocation | Select DisplayName, UsageLocation

+The interpretation of this PowerShell command is: Get all of the users in the current Microsoft 365 subscription (**Get-MgUser**), but only display the name and location for each user (**Select DisplayName, UsageLocation**).

+Because PowerShell for Microsoft 365 supports a command-shell language, you can further manipulate the information obtained by the **Get-MgUser** command. For example, maybe you'd like to sort these users by their location, grouping all the Brazilian users together, all the United States users together, and so on. Here's the command:

+Get-MgUser -All -Property DisplayName, UsageLocation | Select DisplayName, UsageLocation | Sort UsageLocation, DisplayName

+Get-MgUser -All -Property DisplayName, Country | Where-Object {$_.Country -eq "BR"} | Select DisplayName, Country

+Get-MgUser -All | Select DisplayName, UsageLocation

+$x = Get-MgUser -All -Property DisplayName, UsageLocation

+1. Get all the users in the current Microsoft 365 subscription and store the information in a variable named $x (**$x = Get-MgUser**).

+But if you have to change many things or some selected things within a large set of other things, the Microsoft 365 admin center might not be the best tool. For example, say you have to change the prefix on thousands of phone numbers or remove the specific user *Ken Myer* from all your SharePoint sites. How would you do that in the Microsoft 365 admin center?

+For the last example, say you have several hundred SharePoint sites, and you don't know which ones Ken Meyer is a member of. You would have to start at the Microsoft 365 admin center and then perform this procedure for each site:

+ 

+> This command requires that you install the [SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).

+We tell Microsoft 365 to remove Ken Meyer from every site, including those that he doesn't have access to. So the results will show errors for those sites that he doesn't have access to. We can use an additional condition on this command to remove Ken Meyer only from the sites that have him on their sign in list. But the errors that are returned cause no harm to the sites themselves. This command might take a few minutes to run against hundreds of sites, rather than hours of working through the Microsoft 365 admin center.

+The interpretation of this PowerShell command is: Get all the SharePoint sites in the current Microsoft 365 subscription and for each site allow Bonnie Kearney access by adding her sign in name to the Members group of the site (**ForEach {Add-SPOUser -Site $\_.Url -LoginName "bkearney\@litwareinc.com" -Group "Members"}**).

+Connect-MgGraph -Scopes "User.ReadBasic.All"

+$x = Get-MgUser -All

+1. Get all the users in the current Microsoft 365 subscription and store the information in a variable that's named *$x* (**$x = Get-MgUser**).

+1. Display the list of users, but include only their name, whether they're licensed, and the two new properties that indicate whether their mailbox is enabled and whether they're enabled for Skype for Business Online (**$x | Select DisplayName, IsLicensed, IsMailboxEnabled, EnabledforSfB**).

+|Loop component experiences across Microsoft 365* | Cloud Policy | **Create and view Loop files in Microsoft apps that support Loop** | Applies to: <br/> - Outlook integration<br> - OneNote integration<br> - Word for the web integration<br> - Whiteboard integration<br> Does **NOT** apply to:<br> - Loop workspaces<br> - Teams integration |

+- [Use Loop components in OneNote](https://support.microsoft.com/office/use-loop-components-in-onenote-ed8a43d9-f6fd-4ad6-bc9d-8841db4da459)

+Loop components in Teams chat, Outlook emails, Whiteboards, or other places in the Microsoft 365 ecosystem offer a new way to ideate, create, and make decisions together. Send a componentΓÇölike a table, task list, or paragraphΓÇöwhere everyone in your chat, email, or document can edit inline and see changes as they're made.

+**Get tasks done faster together.** Crowd-source an agenda, track a group's action items, or take notes collectively are just a few scenarios made easier with Loop components.

+**Start in chat or email, build from there.** Every component you create from Teams chat or Outlook email is automatically saved to a file in OneDrive. You might begin collaborating in chat and then later move to the file in a full tab in Loop, where you have a larger visual space for editing and can add more content and more components as needed.

+For information on admin settings for Loop components in Teams, see [Settings management for Loop functionality in Teams](loop-components-configuration.md#settings-management-for-loop-functionality-in-teams).

+- Available on OneNote apps on Windows and web.

+Loop components created in Teams and Outlook are just .loop files (earlier versions of Loop-created .fluid) stored in the creator's OneDrive. A file being in OneDrive means that users can create, discover, and manage Loop components (.loop files) as easily as any Office document.

+The .loop files appear on Office.com and OneDrive, such as in the Recent and Recommended areas. They also appear in the Loop app. Users can search for content in .loop files from Loop, Office.com and OneDrive. The .loop files can be restored to previous versions from OneDrive. To create Loop components, chat or email creators must have a OneDrive account. Without a valid OneDrive account, chat or email creators might still be able to collaborate on a component created by other users who have a valid OneDrive account, but can't create their own Loop components.

+Moving a .loop file from OneDrive to a SharePoint site results in the Loop component failing to load in Teams chat, Outlook email, or any other place it was previously shared to.

+Loop components can be inserted in Teams chat, Teams channels, Outlook email, and so on, or be copied from one chat, email, channel, and so on, to another. They default to the organization's existing permissions, but users can change permissions before sending to ensure everyone has access.

+Opening components from Teams chat, Teams channels, Outlook email, or Whiteboard in Loop offers share functionality at the top of the window, similar to the sharing options offered for other Office documents.

+The .loop files can only be opened as links in your browser, such as in Loop, and as Loop components in Teams chat, Outlook email, Whiteboard, and Word for the web. If downloaded, they can't be opened again without first uploading them back to OneDrive or SharePoint.

+If you disable these experiences as outlined in the [Settings management](loop-components-configuration.md#settings-management-in-cloud-policy) section, the following experience-changes apply:

+- The create/insert entry point within Teams messaging and Outlook email is hidden. The users won't be able to create new .loop files.

+- Existing messages will no longer render as an interactive Loop component, instead they render as a hyperlink. No interactive content will be displayed within the app that Loop components are disabled.

+- When you click on the hyperlink or browse to a .loop file in OneDrive and click it to open, it opens in a separate browser tab in the Loop component viewer and editor. You will still be able to edit the file.

+- With your tenant's default file permissions set to *Specific people* (only the people the user specifies), copying the link to the Loop component and pasting it in another Teams chat requires the sender to use the permissions dialog and add the recipients in the Specific people option to grant access properly.

+- With your tenant's default file permissions set to *Specific people* (only the people the user specifies), creating a Loop component in a group chat with more than 20 members requires the sender to manually select the permission options for the component.

+- Searching for Loop components in Teams search or Outlook email search returns a link to the Loop component, not the message itself that contained the Loop component link.

+- Guests aren't able to view or collaborate on a Loop component.

+- External recipients of emails aren't able to view or collaborate on a Loop component.

+- Loop components don't load if the file was moved to a different library. If the file is moved to a different folder within the same library, then the Loop components continue to load in the message containing the link to the Loop component.

+[Use Loop components in OneNote](https://support.microsoft.com/office/use-loop-components-in-onenote-ed8a43d9-f6fd-4ad6-bc9d-8841db4da459)

+Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry won't be submitted, and the operation could take longer due to network timeouts.

+After installation, configure Defender for Endpoint with a static proxy. This can be done in two ways:

+### 1. Using mdatp command-line tool

+Run the following command on the endpoint to configure proxy for Defender for Endpoint

+### 2. Using managed configuration

+Set the proxy in the managed configuration at `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`. This is an example of the json schema:

+```

+{

+ "cloudService":{

+ "proxy": "http://proxy.server:port/"

+ }

+}

+A management tool of choice can be used to deploy the above configuration. Please check [Set preferences for Microsoft Defender for Endpoint on Linux](./linux-preferences.md) for more details on managed configuration.

+> [!NOTE]

+> Using the unified portal, where you can query Microsoft Sentinel data after connecting a Microsoft Sentinel workspace, does not automatically mean you can also query Defender XDR data while in Microsoft Sentinel. Raw data ingestion of Defender XDR should still be configured in Microsoft Sentinel for this to happen.

+This series of articles describe a set of identity and device access configurations and policies using Microsoft Entra ID, Conditional Access, Microsoft Intune, and other features. These configurations and policies provide Zero Trust access to Microsoft 365 for enterprise cloud apps and services, other SaaS services, and on-premises applications that are published with Microsoft Entra application proxy.

+Windows 11 or Windows 10 with Microsoft 365 Apps for enterprise is the recommended client environment for PCs. We recommend Windows 11 or Windows 10 because Microsoft Entra is designed to provide the smoothest experience possible for both on-premises and Microsoft Entra ID. Windows 11 or Windows 10 also includes advanced security capabilities that can be managed through Intune. Microsoft 365 Apps for enterprise includes the latest versions of Office applications. These use modern authentication, which is more secure and a requirement for Conditional Access. These apps also include enhanced compliance and security tools.

+Microsoft recommends that you don't create policy sets that apply to all apps because it can result in some unintended configurations. For example, policies that block all apps could lock your admins out of the Microsoft Entra admin center and exclusions can't be configured for important endpoints such as Microsoft Graph.

+ Title: Overview of autofill columns Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn about the autofill columns service in Microsoft Syntex.

+# Overview of autofill columns in Microsoft Syntex

+> [!NOTE]

+> Through June 2024, you can try out autofill columns and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).

+Autofill columns in Microsoft Syntex automatically extract, summarize, or generate content from files uploaded to a SharePoint document library. By using large language models (LLMs), autofill columns can save metadata automatically, streamlining the process of managing files and their associated information.

+For example, you can ask a question (a *prompt*) of a document in natural language, and the system saves the response directly to a designated library column. Or you can have more than one of these questions set to process any file uploaded to a library, with each response allocated to a specific column.

+Autofill columns can work alongside other Microsoft Syntex models. You can associate different extractive prompts (where you take information from existing data) or generative prompts (where you create new content) with more than one column, allowing you to extract metadata that other models might not detect or generate.

+## Requirements and limitations

+### Supported file types

+Autofill columns are available for the following file types: .csv, .doc, .docx, .eml, .heic, .heif, .htm, .html, .jpeg, .jpg, .markdown, .md, .msg, .pdf, .png, .ppt, .pptx, .rtf, .tif, .tiff, .txt, .xls, and .xlsx.

+### Supported column data types

+Autofill columns are available for the following column data types:

+- Choice

+- Number

+- Text

+- DateTime

+- Boolean

+- Note

+- Currency

+- DateTime

+- URL

+- MMD

+### Current release notes

+- Bulk processing options for existing library files will be added in a future release.

+- Currently, autofill columns don't support the following library types: FormServerTemplates, SitePages, Style Library, and SiteAssets.

+Syntex content query lets you use the metadata associated with a document to help locate the file in a SharePoint document library. This feature is particularly useful when you have a specific piece of information you want to search for, such as when a document was last modified, a specific person associated with a file, specific keywords in a file, or a specific file type.

+## Columns you can query

+You can now use content query to search for metadata in any of the queriable columns in your document library. Queriable columns include the following content types:

+- 'Text':

+- 'Note':

+- 'DateTime':

+- 'Choice':

+- 'MultiChoice':

+- 'User':

+- 'Boolean':

+- 'Currency':

+- 'Number':

+- 'TaxonomyFieldType':

+- 'TaxonomyFieldTypeMulti':

+**New document libraries** ΓÇö For new libraries, all of the columns are available in content query.

+**Existing document libraries** ΓÇö For existing libraries, all of the queriable columns won't be immediately available. You need to select the content query icon () in the existing library. Then after five days, check the library again and all of the columns should be available.

+ |Content type |Search by selected content type. This option will only appear if there's a nondefault content type applied to the library. Default content types are *document* and *folder*. |