Updates from: 04/16/2024 01:43:41
Category Microsoft Docs article Related commit history on GitHub Change details
backup Backup Limitations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-limitations.md
audience: admin Previously updated : 04/11/2024 Last updated : 04/15/2024
Performance and speed of web interfaces, initial configuration, and restores mig
- The rule-based feature for bulk addition of user accounts via security groups or distribution lists can accommodate a maximum of three groups at a time. These rules are static and applied one time only. That is, the security groups or distribution lists are flattened at the time of adding to the backup configuration policy. Groups or list won't be dynamically updated in the system if users are added or removed from the original security group, for example. - Backup and restore of tenants that have the multi-geo feature enabled for OneDrive and SharePoint might not work properly. We recommend not using the preview version of Backup until multi-geo support is fully enabled.
-<!
-- When you remove a OneDrive for Business account or a SharePoint site from a backup policy, you continue to be billed for the existing backups for the next one year of their retention. Additionally, the price of that backup will be proportional to the size of the site or account throughout that remaining year.
->
+
+- Backing up a parent site won't back up the channel sites.
+ ### Restore - Site search is case-sensitive and is a prefix-type search.
Performance and speed of web interfaces, initial configuration, and restores mig
- The multi-geo feature isn't supported for SharePoint or OneDrive services in this release. This might affect the restore of sites across different geos. Exchange Online multi-geo is supported, however, when configuring a restore each mailbox in a single restore request must be in the same geo. -- OneDrive accounts and SharePoint sites that have undergone the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change.
+- OneDrive accounts and SharePoint sites that undergoes the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change.
- If there are no differences between the current state of a mailbox and the prior point in time from which you're attempting a restore, a restore isn't performed and no new folders are created when a "restore to a new location" request is made. We don't plan to modify this behavior in the future.
enterprise Assign Licenses To User Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts.md
Title: "Assign Microsoft 365 licenses to user accounts"
Previously updated : 09/30/2020 Last updated : 04/15/2024 audience: Admin
- scotvorg - Ent_O365 - M365-identity-device-management
+- must-keep
search.appverid: - MET150 - MOP150
description: "Describes how to assign Microsoft 365 licenses to user accounts, e
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-For the cloud-only identity model, you can assign Microsoft 365 licenses to user accounts as they are created, depending on how you create them.
+For the cloud-only identity model, you can assign Microsoft 365 licenses to user accounts as they're created, depending on how you create them.
-For the hybrid identity model, when Active Directory Domain Services (AD DS) user accounts are synchronized for the first time, they are not automatically assigned a location or a Microsoft 365 license. **You must configure each user account with a user location prior to or along with assigning a license.**
+For the hybrid identity model, when Active Directory Domain Services (AD DS) user accounts are synchronized for the first time, they aren't automatically assigned a location or a Microsoft 365 license. **You must configure each user account with a user location prior to or along with assigning a license.**
In either case, you must assign a license to user accounts so your users can access Microsoft 365 services, such as email and Microsoft Teams.
For more information, see [group-based licensing in Microsoft Entra ID](/azure/a
## Next steps
-With the appropriate set of user accounts that have been assigned licenses, you are now ready to:
+With the appropriate set of user accounts that have been assigned licenses, you're now ready to:
- [Implement security](/microsoft-365/security/office-365-security/defender-for-office-365) - [Deploy client software, such as Microsoft 365 Apps](/DeployOffice/deployment-guide-microsoft-365-apps)
enterprise Contoso Case Study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-case-study.md
f1.keywords:
- NOCSH Previously updated : 09/13/2018 Last updated : 04/12/2024 audience: ITPro
- scotvorg - Strat_O365_Enterprise - M365-subscription-management
+- must-keep
description: How a fictional but representative global organization adopted Microsoft 365 for enterprise.
See these additional IT scenarios and configurations:
Learn [about the Contoso Corporation](contoso-overview.md) and the design considerations that were addressed when they deployed Microsoft 365 for enterprise. - ## See also [Microsoft 365 for enterprise overview](microsoft-365-overview.md)
enterprise Create Sharepoint Sites And Add Users With Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/create-sharepoint-sites-and-add-users-with-powershell.md
Title: "Create SharePoint Online sites and add users with PowerShell"
+ Title: "Create SharePoint sites and add users with PowerShell"
Previously updated : 08/10/2020 Last updated : 04/12/2024 audience: Admin
search.appverid:
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - CSH
- SPO_Content - seo-marvel-apr2020 ms.assetid: d0d3877a-831f-4744-96b0-d8167f06cca2
-description: "Summary: Use PowerShell to create new SharePoint Online sites and then add users and groups to those sites."
+description: "Summary: Use PowerShell to create new SharePoint sites and then add users and groups to those sites."
-# Create SharePoint Online sites and add users with PowerShell
+# Create SharePoint sites and add users with PowerShell
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-When you use PowerShell for Microsoft 365 to create SharePoint Online sites and add users, you can quickly and repeatedly perform tasks faster than you can in the Microsoft 365 admin center. You can also perform tasks that aren't possible to perform in the Microsoft 365 admin center.
+When you use PowerShell for Microsoft 365 to create SharePoint sites and add users, you can quickly and repeatedly perform tasks faster than you can in the Microsoft 365 admin center. You can also perform tasks that aren't possible to perform in the Microsoft 365 admin center.
-## Connect to SharePoint Online
+## Connect to SharePoint
-The procedures in this article require you to connect to SharePoint Online. For instructions, see [Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
+The procedures in this article require you to connect to SharePoint. For instructions, see [Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
## Step 1: Create new site collections using PowerShell
-Create multiple sites using PowerShell and a .csv file that you create using the example code provided and Notepad. For the procedure, you're replacing the placeholder information shown in brackets with your own site- and tenant-specific information. This process lets you create a single file and run a single PowerShell command that uses that file. This process makes the actions both repeatable and portable and eliminates many, if not all, errors that can come from typing long commands into the SharePoint Online Management Shell. There are two parts to this procedure. First you create a .csv file, and then you reference that .csv file using PowerShell, which uses its contents to create the sites.
+Create multiple sites using PowerShell and a .csv file that you create using the example code provided and Notepad. For this procedure, you're replacing the placeholder information shown in brackets with your own site- and tenant-specific information. This process lets you create a single file and run a single PowerShell command that uses that file. This makes the actions both repeatable and portable and eliminates many, if not all, errors that can come from typing long commands into the SharePoint Management Shell. There are two parts to this procedure. First you create a .csv file, and then you reference that .csv file using PowerShell, which uses its contents to create the sites.
The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the curly brackets that reads the opening line of the file as column headers. The PowerShell cmdlet then iterates through the remaining records, creates a new site collection for each record, and assigns properties of the site collection according to the column headers.
The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the cu
owner@tenant.onmicrosoft.com,150,https://tenant.sharepoint.com/sites/Community01,25,COMMUNITY#0,10,Community Site ```
- Where *tenant* is the name of your tenant, and *owner* is the user name of the user on your tenant to whom you want to grant the role of primary site collection administrator.
+ Where *tenant* is the name of your tenant, and *owner* is the user name of the user on your tenant to whom you want to grant the role of primary site admin.
(You can press Ctrl+H when you use Notepad to bulk replace faster.)
The PowerShell cmdlet imports the .csv file and pipes it to a loop inside the cu
Get-SPOSite -Detailed | Format-Table -AutoSize ```
-4. Note the new site collections in the list. Using our example CSV file, you would see the following site collections: **TeamSite01**, **Blog01**, **Project01**, and **Community01**
+4. Note the new site collections in the list. Using our example CSV file, you would see the following site collections: **TeamSite01**, **Blog01**, **Project01**, and **Community01**.
ThatΓÇÖs it. You created multiple site collections using the .csv file you created and a single Windows PowerShell command. YouΓÇÖre now ready to create and assign users to these sites. ## Step 2: Add users and groups
-Now youΓÇÖre going to create users and add them to a site collection group. You then use a .csv file to bulk upload new groups and users.
+Now youΓÇÖre going to create users and add them to a site collection group. You'll use a .csv file to bulk upload new groups and users.
The following procedures continue using the example sites TeamSite01, Blog01, Project01, and Community01.
YouΓÇÖre now ready to run the UsersAndGroup.ps1 script to add users and groups t
### Run UsersAndGroups.ps1 script
-1. Return to the SharePoint Online Management Shell.
+1. Return to the SharePoint Management Shell.
-2. At the Windows PowerShell prompt, type or copy and paste the following line, and press Enter:
+2. At the Windows PowerShell command prompt, type or copy and paste the following line, and press Enter:
```powershell Set-ExecutionPolicy Bypass
YouΓÇÖre now ready to run the UsersAndGroup.ps1 script to add users and groups t
3. At the confirmation prompt, press **Y**.
-4. At the Windows PowerShell prompt, type or copy and paste the following, and press Enter:
+4. At the Windows PowerShell command prompt, type or copy and paste the following, and press Enter:
```powershell c:\users\MyAlias\desktop\UsersAndGroups.ps1
YouΓÇÖre now ready to run the UsersAndGroup.ps1 script to add users and groups t
Where *MyAlias* equals your user name
-5. Wait for the prompt to return before moving on. You initially see the groups appear as they're created. Then the group list is repeated as users are added.
+5. Wait for the prompt to return before moving on. You'll first see the groups appear as they're created. Then you'll see the group list repeated as users are added.
## See also
-[Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+[Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
-[Manage SharePoint Online site groups with PowerShell](manage-sharepoint-site-groups-with-powershell.md)
+[Manage SharePoint site groups with PowerShell](manage-sharepoint-site-groups-with-powershell.md)
[Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md)
enterprise Microsoft 365 Exchange Monitoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-exchange-monitoring.md
Title: "Exchange Online monitoring for Microsoft 365"
Previously updated : 09/03/2020 Last updated : 04/12/2024 audience: Admin
- scotvorg - Ent_O365 - Strat_O365_Enterprise
+- must-keep
f1.keywords: - NOCSH
Exchange Online monitoring supports the following organization-level scenarios:
>[!Note] > Active user count is measured by a single activity, for example, when a user reads an email. It only accounts for the last 30 minutes of activity. -- **App connectivity**: Estimated connectivity is based on the percentage of successful, synthetic connections between your organization's devices and Exchange Online, and may include issues outside of Microsoft's control. To learn more, see [Microsoft 365 Connectivity Optics](microsoft-365-connectivity-optics.md).
+- **App connectivity**: Estimated connectivity is based on the percentage of successful, synthetic connections between your organization's devices and Exchange Online, and might include issues outside of Microsoft's control. To learn more, see [Microsoft 365 Connectivity Optics](microsoft-365-connectivity-optics.md).
- **Basic Authentication and Modern Authentication**: The number of users successfully validated in the Exchange Online service.
For these scenarios, the key numbers are for the last 30 minutes in the main das
![An example of monitoring Exchange health for mail delivery.](../media/microsoft-365-exchange-monitoring/exchange-monitoring-scenario-example.png)
-You'll notice incidents or advisories created for your organization with "Issue origin" in the communication tagged as "Your org". These are notifications individually targeted to your organization with issues that require your attention for mitigation and resolution. For more information about various types of issues that are created and communicated in service health to inform your organization about the potential impact, see the following articles:
+You'll notice incidents or advisories created for your organization with "Issue origin" in the communication tagged as "Your org." These are notifications individually targeted to your organization with issues that require your attention for mitigation and resolution. For more information about various types of issues that are created and communicated in service health to inform your organization about the potential impact, see the following articles:
- [Service alerts for mailbox utilization](microsoft-365-mailbox-utilization-service-alerts.md)
With Exchange Online priority account monitoring, you can view the health for th
- Recoverable items
-The Exchange licensing scenario checks if the priority account isn't able to log in due to invalid license issues, which can be addressed by the tenant admin.
+The Exchange licensing scenario checks if the priority account isn't able to sign in due to invalid license issues, which can be addressed by the tenant admin.
-The remaining five scenarios above check if your priority accountΓÇÖs mailbox is close to reaching or has reached the limits described in [Exchange Online limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#mailbox-storage-limits).
+The remaining five scenarios check if your priority accountΓÇÖs mailbox is close to reaching or has reached the limits described in [Exchange Online limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#mailbox-storage-limits).
For these scenarios, you can see active and resolved advisories and incidents affecting your priority accounts. Identifiable information for the priority accounts will be displayed in the advisory or incident details along with recommendations. Here's an example from the page at **Health > Service health > Exchange Online**.
An advisory or incident will be resolved after no accounts remain in the **Activ
## Frequently asked questions
-### 1. The active user count in the dashboard for each client appears to be low. We have a lot of active licenses assigned to users. What does this mean?
+### 1. The active user count in the dashboard for each client appears to be low. We have numerous active licenses assigned to users. What does this mean?
The active user count shown in monitoring is based on a 30-minute window where users have performed the activity called out in the feature. This shouldn't be confused with usage numbers. To view usage numbers, use activity reports in the Microsoft 365 admin center (**Reports** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">**Usage**</a>).
enterprise Microsoft 365 Secure Sign In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-secure-sign-in.md
f1.keywords:
Previously updated : 12/28/2023 Last updated : 04/12/2024 audience: ITPro
There are three ways to require your users to use MFA based on your Microsoft 36
### Security defaults
-Security defaults is a new feature for Microsoft 365 and Office 365 paid or trial subscriptions created after October 21, 2019. These subscriptions have security defaults turned on, which ***requires all of your users to use MFA with the Microsoft Authenticator app***.
+**Security defaults** is a new feature for Microsoft 365 and Office 365 paid or trial subscriptions created after October 21, 2019. These subscriptions have security defaults turned on, which ***requires all of your users to use MFA with the Microsoft Authenticator app***.
Users have 14 days to register for MFA with the Microsoft Authenticator app from their smart phones, which begins from the first time they sign in after security defaults has been enabled. After 14 days have passed, the user won't be able to sign in until MFA registration is completed.
Conditional Access policies are a set of rules that specify the conditions under
- If the user account name is a member of a group for users that are assigned the Exchange, user, password, security, SharePoint, **Exchange admin**, **SharePoint admin**, or **Global admin** roles, require MFA before allowing access.
-This policy allows you to require MFA based on group membership, rather than trying to configure individual user accounts for MFA when they are assigned or unassigned from these administrator roles.
+This policy allows you to require MFA based on group membership, rather than trying to configure individual user accounts for MFA when they're assigned or unassigned from these administrator roles.
You can also use Conditional Access policies for more advanced capabilities, such as requiring that the sign-in is done from a compliant device, such as your laptop running Windows 11.
For more information, see the [overview of Conditional Access](/azure/active-dir
Keep the following in mind: -- You cannot enable security defaults if you have any Conditional Access policies enabled.-- You cannot enable any Conditional Access policies if you have security defaults enabled.
+- You can't enable security defaults if you have any Conditional Access policies enabled.
+- You can't enable any Conditional Access policies if you have security defaults enabled.
If security defaults are enabled, all new users are prompted for MFA registration and the use of the Microsoft Authenticator app.
enterprise Move Onedrive Between Geo Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/move-onedrive-between-geo-locations.md
Title: "Move a OneDrive site to a different geo location" Previously updated : 08/10/2020 Last updated : 04/12/2024
- Strat_SP_gtc - SPO_Content
+- must-keep
ms.localizationpriority: medium description: Find information about moving a OneDrive site to a different geo location, including how to schedule site moves and communicating expectations to users. # Move a OneDrive site to a different geo location
-With OneDrive geo move, you can move a user's OneDrive to a different geo location. OneDrive geo move is performed by the SharePoint Online administrator or the Microsoft 365 global administrator. Before you start a OneDrive geo move, be sure to notify the user whose OneDrive is being moved and recommend they close all files for the duration of the move. (If the user has a document open using the Office client during the move, then upon move completion the document will need to be saved to the new location.) The move can be scheduled for a future time, if desired.
+With OneDrive geo move, you can move a user's OneDrive to a different geo location. OneDrive geo move is performed by the SharePoint administrator or the Microsoft 365 global administrator. Before you start a OneDrive geo move, be sure to notify the user whose OneDrive is being moved and recommend they close all files during the move. (If the user has a document open using the Office client during the move, then upon move completion the document needs to be saved to the new location.) The move can be scheduled for a future time, if desired.
The OneDrive service uses Azure Blob Storage to store content. The Storage blob associated with the user's OneDrive will be moved from the source to destination geo location within 40 days of destination OneDrive being available to the user. The access to the user's OneDrive will be restored as soon as the destination OneDrive is available.
-During OneDrive geo move window (about 2-6 hours) the user's OneDrive is set to read-only. The user can still access their files via the OneDrive sync app or their OneDrive site in SharePoint Online. After OneDrive geo move is complete, the user will be automatically connected to their OneDrive at the destination geo location when they navigate to OneDrive in the Microsoft 365 app launcher. The sync app will automatically begin syncing from the new location.
+During the OneDrive geo move window (about 2-6 hours), the user's OneDrive is set to read-only. The user can still access their files via the OneDrive sync app or their OneDrive site in SharePoint. After OneDrive geo move is complete, the user will be automatically connected to their OneDrive at the destination geo location when they navigate to OneDrive in the Microsoft 365 app launcher. The sync app will automatically begin syncing from the new location.
The procedures in this article require the [Microsoft SharePoint Online PowerShell Module](https://www.microsoft.com/download/details.aspx?id=35588).
The procedures in this article require the [Microsoft SharePoint Online PowerShe
When moving OneDrive sites between geo locations, it's important to communicate to your users what to expect. This can help reduce user confusion and calls to your help desk. Email your users before the move and let them know the following information: -- When the move is expected to start and how long it is expected to take
+- When the move is expected to start and how long it's expected to take
- What geo location their OneDrive is moving to, and the URL to access the new location - They should close their files and not make edits during the move.-- File permissions and sharing will not change as a result of the move.
+- File permissions and sharing won't change as a result of the move.
- What to expect from the [user experience in a multi-geo environment](multi-geo-user-experience.md) Be sure to send your users an email when the move has successfully completed informing them that they can resume working in OneDrive. ## Scheduling OneDrive site moves
-You can schedule OneDrive site moves in advance (described later in this article). We recommend that you start with a small number of users to validate your workflows and communication strategies. Once you are comfortable with the process, you can schedule moves as follows:
+You can schedule OneDrive site moves in advance (described later in this article). We recommend that you start with a small number of users to validate your workflows and communication strategies. Once you're comfortable with the process, you can schedule moves as follows:
- You can schedule up to 4,000 moves at a time. - As the moves begin, you can schedule more, with a maximum of 4,000 pending moves in the queue and any given time. - The maximum size of a OneDrive that can be moved is 1 terabyte (1 TB).-- The maximum number of list items that can be moved is 1,000,000.
+- The maximum number of list items that can be moved is 1,000,000.
## Moving a OneDrive site To perform a OneDrive geo move, the tenant administrator must first set the user's Preferred Data Location (PDL) to the appropriate geo location. Once the PDL is set, wait for at least 24 hours for the PDL update to sync across the geo locations before starting the OneDrive geo move.
-When using the geo move cmdlets, connect to SPO Service at the user's current OneDrive geo location, using the following syntax:
+When using the geo move cmdlets, connect to the SharePoint Service at the user's current OneDrive geo location, using the following syntax:
```powershell Connect-SPOService -url https://<tenantName>-admin.sharepoint.com
To ensure that all geo locations are compatible, run:
Get-SPOGeoMoveCrossCompatibilityStatus ```
-This will display all your geo locations and whether the environment is compatible with the destination geo location. If a geo location is incompatible, that means an update is in progress in that location. Try again in a few days.
+This displays all your geo locations and whether the environment is compatible with the destination geo location. If a geo location is incompatible, that means an update is in progress in that location. Try again in a few days.
-If a OneDrive contains a subsite, for example, it cannot be moved. You can use the Start-SPOUserAndContentMove cmdlet with the -ValidationOnly parameter to validate if the OneDrive is able to be moved:
+If a OneDrive contains a subsite, for example, it can't be moved. You can use the Start-SPOUserAndContentMove cmdlet with the -ValidationOnly parameter to validate if the OneDrive is able to be moved:
```powershell Start-SPOUserAndContentMove -UserPrincipalName <UPN> -DestinationDataLocation <DestinationDataLocation> -ValidationOnly ```
-This will return Success if the OneDrive is ready to be moved or Fail if there is a legal hold or subsite that would prevent the move. Once you have validated that the OneDrive is ready to move, you can start the move.
+This returns **Success** if the OneDrive is ready to be moved or **Fail** if there's a legal hold or subsite that would prevent the move. Once you validate that the OneDrive is ready to move, you can start the move.
## Start a OneDrive geo move
To schedule a geo move for a later time, use one of the following parameters:
## Cancel a OneDrive geo move
-You can stop the geo move of a user's OneDrive, provided the move is not in progress or completed by using the cmdlet:
+You can stop the geo move of a user's OneDrive, provided the move isn't in progress or completed by using the cmdlet:
```powershell Stop-SPOUserAndContentMove ΓÇô UserPrincipalName <UserPrincipalName>
Where _UserPrincipalName_ is the UPN of the user whose OneDrive move you want to
## Determining current status
-You can check the status of a OneDrive geo move in or out of the geo that you're connected to by using the Get-SPOUserAndContentMoveState cmdlet.
+You can check the status of a OneDrive geo move in or out of the geo that you're connected to by using the ```Get-SPOUserAndContentMoveState``` cmdlet.
The move statuses are described in the following table. |Status|Description| |||
-|NotStarted|The move has not started|
+|NotStarted|The move hasn't started|
|InProgress (*n*/4)|The move is in progress in one of the following states: <ul><li>Validation (1/4)</li><li>Backup (2/4)</li><li>Restore (3/4)</li><li>Cleanup (4/4)</li></ul>| |Success|The move has completed successfully.| |Failed|The move failed.|
Users with permissions to OneDrive content will continue to have access to the c
### OneDrive sync app
-The OneDrive sync app will automatically detect and seamlessly transfer syncing to the new OneDrive location once the OneDrive geo move is complete. The user does not need to sign-in again or take any other action. (Version 17.3.6943.0625 or later of the sync app required.)
+The OneDrive sync app will automatically detect and seamlessly transfer syncing to the new OneDrive location once the OneDrive geo move is complete. The user doesn't need to sign-in again or take any other action. (Version 17.3.6943.0625 or later of the sync app required.)
-If a user updates a file while the OneDrive geo move is in progress, the sync app will notify them that file uploads are pending while the move is underway.
+If a user updates a file while the OneDrive geo move is in progress, the sync app notifies them that file uploads are pending while the move is underway.
### Sharing links
Upon OneDrive geo move completion, the existing shared links for the files that
### OneNote Experience
-OneNote win32 client and UWP (Universal) App will automatically detect and seamlessly sync notebooks to the new OneDrive location once OneDrive geo move is complete. The user does not need to sign-in again or take any other action. The only visible indicator to the user is notebook sync would fail when OneDrive geo move is in progress. This experience is available on the following OneNote client versions:
+OneNote Win32 client and UWP (Universal) App will automatically detect and seamlessly sync notebooks to the new OneDrive location once OneDrive geo move is complete. The user doesn't need to sign-in again or take any other action. The only visible indicator to the user is notebook sync would fail when OneDrive geo move is in progress. This experience is available on the following OneNote client versions:
-- OneNote win32 ΓÇô Version 16.0.8326.2096 (and later)
+- OneNote Win32 ΓÇô Version 16.0.8326.2096 (and later)
- OneNote UWP ΓÇô Version 16.0.8431.1006 (and later) - OneNote Mobile App ΓÇô Version 16.0.8431.1011 (and later) ### Teams app
-Upon OneDrive geo move completion, users will have access to their OneDrive files on the Teams app. Additionally, files shared via Teams chat from their OneDrive prior to geo move will continue to work after move is complete.
+Upon OneDrive geo move completion, users have access to their OneDrive files on the Teams app. Additionally, files shared via Teams chat from their OneDrive prior to geo move will continue to work after move is complete.
### OneDrive Mobile App (iOS)
Upon OneDrive geo move completion, the user would need to sign out and sign in a
### Existing followed groups and sites
-Followed sites and groups will show up in the user's OneDrive regardless of their geo location. Sites and groups hosted in another geo location will open in a separate tab.
+Followed sites and groups show up in the user's OneDrive regardless of their geo location. Sites and groups hosted in another geo location will open in a separate tab.
### Delve Geo URL updates
enterprise Multi Geo Capabilities In Teams In Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-capabilities-in-teams-in-microsoft-365.md
Title: "Multi-Geo Capabilities in Microsoft Teams" Previously updated : 03/12/2021 Last updated : 04/15/2024
- m365solution-scenario - m365solution-spintranet - highpri
+- must-keep
ms.localizationpriority: medium description: "Learn about how Teams works with Microsoft 365 Multi-Geo."
Multi-Geo capabilities in Teams enable Teams chat data to be stored at rest in a
Teams uses the Preferred Data Location (PDL) for users and groups to determine where to store data. If the PDL isnΓÇÖt set or is invalid, data is stored in the tenant's central location.
-> [!NOTE]
-> Multi-Geo capabilities in Teams rolled out in July 2021. Your chat and channel messages will be automatically migrated to the correct geo location over the next few quarters. Any new PDL changes will be processed after the tenant has completed the initial sync, and new PDL changes beyond that will be queued and processed in the order they are received.
->
- ## Find the geo location of Teams user/channel
-The Get-MultiGeoRegion cmdlet in Teams displays the following multi-geo related properties:
+The Get-MultiGeoRegion cmdlet in Teams displays the following multi-geo related properties:
+ - **Region**: The first three letters of the region name correspond to the geo code, which tells you where the Teams data is currently located for the user/channel. - **LastMovementTimestamp**: Indicates when Teams data was last migrated (either automatically or manually). - **PreferredDataLocation**: Specifies the geo location code that was set by the Teams admin.
To find the current location of a user's Teams data, PDL, and the last movement
Get-MultiGeoRegion -EntityType User -EntityId <UPN> ```
-The output of the command looks like this:
+The output of the command looks like this:
+ ```PowerShell Region : BRA LastMovementTimeStamp : 10/10/2023 8:21:01 PM
enterprise Network And Migration Planning https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/network-and-migration-planning.md
Title: "Network and migration planning for Office 365"
Previously updated : 6/29/2018 Last updated : 04/15/2024 audience: Admin
- scotvorg - Ent_O365 - Strat_O365_Enterprise
+- must-keep
f1.keywords: - CSH
description: This article contains links to information about network planning,
This article contains links to information about network planning and testing, and migration to Office 365.
-Before you deploy for the first time or migrate to Office 365, you can use the information in these topics to estimate the bandwidth you need and then to test and verify that you have enough bandwidth to deploy or migrate to Office 365.
+Before you deploy for the first time or migrate to Office 365, you can use the information in these articles to estimate the bandwidth you need and then to test and verify that you have enough bandwidth to deploy or migrate to Office 365.
This article is part of [Network planning and performance tuning for Office 365](./network-planning-and-performance.md). For the steps to optimize your network for Microsoft 365 and other Microsoft cloud platforms and services, see the [Microsoft Cloud Networking for Enterprise Architects](../solutions/cloud-architecture-models.md) poster.
-
+ ## Estimate network bandwidth requirements <a name="EstimateBandwidthRequirements"> </a>
-Using Office 365 may increase the utilization of your organization's internet circuit. It's important to determine if the amount of bandwidth currently available is enough to handle the estimated increase once Office 365 is fully deployed while leaving at least 20% capacity to handle the busiest of days.
+Using Office 365 might increase the utilization of your organization's internet circuit. It's important to determine if the amount of bandwidth currently available is enough to handle the estimated increase once Office 365 is fully deployed while leaving at least 20% capacity to handle the busiest of days.
To estimate the bandwidth, use the following steps: 1. Assess the number of clients that will use each Internet egress. Let our multi-terabit network handle as much of the connection as possible.
-
-2. Determine which Office 365 services and features will be available for clients to use. You will likely have groups of people with different services or usage profiles.
-
-3. Measure the network use for a pilot group of clients. Ensure the pilot clients are representative of the different profiles of people in the organization as well as the different geographic locations. You can cross-check your results against our old calculators for [Exchange](https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-the-exchange-client-network-bandwidth-calculator-beta/ba-p/601744) and [Microsoft Teams](/microsoftteams/prepare-network) or the [case study](https://www.microsoft.com/itshowcase/Article/Content/631/Optimizing-network-performance-for-Microsoft-Office-365) we performed on our own network.
-
-4. Use the measurements from the pilot group to extrapolate the entire organization's needs and re-test to validate the estimations before making any changes to your network.
-
+
+2. Determine which Office 365 services and features will be available for clients to use. You'll likely have groups of people with different services or usage profiles.
+
+3. Measure the network use for a pilot group of clients. Ensure the pilot clients are representative of the different profiles of people in the organization and the different geographic locations. You can cross-check your results against our old calculators for [Exchange](https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-the-exchange-client-network-bandwidth-calculator-beta/ba-p/601744) and [Microsoft Teams](/microsoftteams/prepare-network) or the [case study](https://www.microsoft.com/itshowcase/Article/Content/631/Optimizing-network-performance-for-Microsoft-Office-365) we performed on our own network.
+
+4. Use the measurements from the pilot group to extrapolate the entire organization's needs and retest to validate the estimations before making any changes to your network.
+ ## Test your existing network <a name="calculators"> </a>
- **Network tools.** Test and validate your Internet bandwidth to determine download, upload, and latency constraints. These tools will help you determine the capabilities of your network for migration as well as after you're fully deployed.
-
+ **Network tools.** Test and validate your Internet bandwidth to determine download, upload, and latency constraints. These tools will help you determine the capabilities of your network for migration as well as after you're fully deployed.
+ - [Microsoft Remote Connectivity Analyzer](https://go.microsoft.com/fwlink/p/?LinkId=517243): Tests connectivity in your Exchange Online environment.
-
+ - Use the [Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/Download?env=SOC) to fix Outlook and Office 365 problems. - [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool): Tests Microsoft 365 network connectivity.
-
+ ## Best practices for network planning and improving migration performance for Office 365 <a name="BestPractices"> </a> Dig a little deeper into these best practices for more information about improving your Office 365 experience.
-1. Want to get started helping your users right away? See [Best practices for using Office 365 on a slow network](https://support.office.com/article/fd16c8d2-4799-4c39-8fd7-045f06640166) for tips on using Office 365, including SharePoint Online, Exchange Online, and Lync Online, when your network just isn't cooperating. This article links out to loads of content on TechNet and Support.office.com for optimizing your Office 365 experience and includes information on easy ways to customize your web pages and how to set your Internet Explorer settings for the best Office 365 experience.
-
-2. Read [Office 365 Network Connectivity Principles](./microsoft-365-network-connectivity-principles.md) to understand the connectivity principles for securely managing Office 365 traffic and getting the best possible performance. This article will help you understand the most recent guidance for securely optimizing Office 365 network connectivity.
-
-3. Improve mail migration performance by carefully managing the schedule for Windows Updates. You can update your client computers in batches and ensure that all client computers are updated before migrating to Office 365 to regulate the use of network bandwidth. For more information, see [Manually update and configure desktops for Office 365 for the latest updates](https://support.microsoft.com/gp/office-2013-365-update).
-
-4. Office 365 network traffic performs best when it's treated as a trusted Internet service and allowed to bypass much of the traditional filtering and scanning that some organizations place on network traffic to untrusted Internet services. This typically includes removing outbound processing such as proxy user authentication and packet inspection, as well as ensuring local egress to the Internet with the proper Network Address Translation (NAT) and enough bandwidth capacity to handle the increased network requests. Refer to [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a)for additional guidance on configuring your network to handle Office 365 as a trusted Internet service on your network.
-
-1. Ensure [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a). The additional traffic going to Office 365 results in an increase of outbound proxy connections as well as an increase in secure traffic over TLS/SSL.
-
-2. If your outbound proxies require user authentication you may experience slow connectivity or a loss of functionality. Bypassing the authentication requirement for the Office 365 domains can reduce this overhead.
-
-3. If you have a large number of shared calendars and mailboxes, you may see an increase in the number of connections from Outlook to Exchange. For instance, the Outlook client may open up to two additional connections for each shared calendar in use. In this situation, ensure that the egress proxy can handle the connections, or bypass the proxy for connections to Office 365 for Outlook.
-
-4. Determine the maximum number of supported devices for a public IP address and how to load balance across multiple IP addresses. For more information, see [NAT support with Office 365](nat-support-with-microsoft-365.md).
-
-5. If you're inspecting outbound connections from computers on your network, bypassing this filtering to the Office 365 domains will improve connectivity and performance. Additionally, bypassing outbound inspection often removes the need for a single Internet egress and enables local Internet egress for Office 365 destined network requests.
-
-6. Some customers find internal network settings may affect performance. Settings such as maximum transmission unit (MTU) size, network auto-negotiation or auto-detection, and sub-optimal routes to the Internet are common places to look.
-
+1. Want to get started helping your users right away? See [Best practices for using Office 365 on a slow network](https://support.office.com/article/fd16c8d2-4799-4c39-8fd7-045f06640166) for tips on using Office 365, including SharePoint, Exchange Online, and Lync Online, when your network just isn't cooperating. This article links out to loads of content on TechNet and Support.office.com for optimizing your Office 365 experience and includes information on easy ways to customize your web pages and how to set your Internet Explorer settings for the best Office 365 experience.
+
+1. Read [Office 365 Network Connectivity Principles](./microsoft-365-network-connectivity-principles.md) to understand the connectivity principles for securely managing Office 365 traffic and getting the best possible performance. This article will help you understand the most recent guidance for securely optimizing Office 365 network connectivity.
+
+1. Improve mail migration performance by carefully managing the schedule for Windows Updates. You can update your client computers in batches and ensure that all client computers are updated before migrating to Office 365 to regulate the use of network bandwidth. For more information, see [Manually update and configure desktops for Office 365 for the latest updates](https://support.microsoft.com/gp/office-2013-365-update).
+
+1. Office 365 network traffic performs best when it's treated as a trusted Internet service and allowed to bypass much of the traditional filtering and scanning that some organizations place on network traffic to untrusted Internet services. This typically includes removing outbound processing such as proxy user authentication and packet inspection, as well as ensuring local egress to the Internet with the proper Network Address Translation (NAT) and enough bandwidth capacity to handle the increased network requests. Refer to [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a)for additional guidance on configuring your network to handle Office 365 as a trusted Internet service on your network.
+
+1. Ensure [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a). The additional traffic going to Office 365 results in an increase of outbound proxy connections and an increase in secure traffic over TLS/SSL.
+
+1. If your outbound proxies require user authentication you might experience slow connectivity or a loss of functionality. Bypassing the authentication requirement for the Office 365 domains can reduce this overhead.
+
+1. If you have a large number of shared calendars and mailboxes, you might see an increase in the number of connections from Outlook to Exchange. For instance, the Outlook client may open up to two additional connections for each shared calendar in use. In this situation, ensure that the egress proxy can handle the connections, or bypass the proxy for connections to Office 365 for Outlook.
+
+1. Determine the maximum number of supported devices for a public IP address and how to load balance across multiple IP addresses. For more information, see [NAT support with Office 365](nat-support-with-microsoft-365.md).
+
+1. If you're inspecting outbound connections from computers on your network, bypassing this filtering to the Office 365 domains will improve connectivity and performance. Additionally, bypassing outbound inspection often removes the need for a single Internet egress and enables local Internet egress for Office 365 destined network requests.
+
+1. Some customers find internal network settings can affect performance. Settings such as maximum transmission unit (MTU) size, network autonegotiation or autodetection, and suboptimal routes to the Internet are common places to look.
+ ## Network planning reference for Office 365 <a name="NetReference"> </a>
-These topics contain detailed Office 365 network reference information.
+These articles contain detailed Office 365 network reference information.
- [Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a)
-
+ - [Content delivery networks](content-delivery-networks.md)
-
+ - [External Domain Name System records for Office 365](external-domain-name-system-records.md)
-
+ - [IPv6 support in Office 365 services](ipv6-support.md)
-
+ - [Office 365 Network Connectivity Principles](./microsoft-365-network-connectivity-principles.md)
-
+ - [Plan for network devices that connect to Office 365 services](plan-for-network-devices.md)
-
+ - [Setup guides for Office 365 services](setup-guides-for-microsoft-365.md)
-
+ ## See also [Microsoft 365 Enterprise overview](microsoft-365-overview.md)
enterprise Performance Troubleshooting Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/performance-troubleshooting-plan.md
Title: "Performance troubleshooting plan for Office 365"
Previously updated : 5/10/2019 Last updated : 04/12/2024 audience: Admin
- scotvorg - M365-security-compliance - Ent_O365
+- must-keep
description: This article can help you troubleshoot Office 365 performance issues and even fix some of the most common issues. # Performance troubleshooting plan for Office 365
-Do you need to know the steps to take to identify and fix lags, hangs, and slow performance between SharePoint Online, OneDrive for Business, Exchange Online, or Skype for Business Online, and your client computer? Before you call support, this article can help you troubleshoot Office 365 performance issues and even fix some of the most common issues.
+Do you need to know the steps to take to identify and fix lags, hangs, and slow performance between SharePoint, OneDrive, Exchange Online, or Skype for Business Online, and your client computer? Before you call support, this article can help you troubleshoot Office 365 performance issues and even fix some of the most common issues.
This article is actually a sample action plan that you can use to capture valuable data about your performance issue as it's happening. Some top issues are also included in this article.
Why? By flushing out the DNS cache, you're starting your tests with a clean slat
## Netmon
-Microsoft's Network Monitoring tool ([Netmon](https://www.microsoft.com/download/details.aspx?id=4865)) analyzes packets, that is traffic, that passes between computers on networks. By using Netmon to trace traffic with Office 365 you can capture, view, and read packet headers, identify intervening devices, check important settings on network hardware, look for dropped packets, and follow the flow of traffic between computers on your corporate network and Office 365. Because the actual body of the traffic is encrypted, that is, it(travels on port 443 via SSL/TLS, you can't read the files being sent. Instead, you get an unfiltered trace of the path that the packet takes which can help you track down the problem behavior.
+Microsoft's Network Monitoring tool ([Netmon](https://www.microsoft.com/download/details.aspx?id=4865)) analyzes packets (network traffic) that passes between computers on networks. By using Netmon to trace traffic with Office 365 you can capture, view, and read packet headers, identify intervening devices, check important settings on network hardware, look for dropped packets, and follow the flow of traffic between computers on your corporate network and Office 365. Because the actual body of the traffic is encrypted, that is, it travels on port 443 via SSL/TLS, you can't read the files being sent. Instead, you get an unfiltered trace of the path that the packet takes which can help you track down the problem behavior.
Be sure you don't apply a filter at this time. Instead, run through the steps and demonstrate the problem before stopping the trace and saving.
There are three panes on the **Start** page: **Recent Captures**, **Select Netwo
## HTTPWatch
-[HTTPWatch](https://www.httpwatch.com/download/) comes in charged, and a free edition. The free Basic Edition covers everything you need for this test. HTTPWatch monitors network traffic and page load time right from your browser window. HTTPWatch is a plug-in to Internet Explorer that graphically describes performance. The analysis can be saved and viewed in HTTPWatch Studio.
+[HTTPWatch](https://www.httpwatch.com/download/) comes in charged, and a free edition. The free Basic Edition covers everything you need for this test. HTTPWatch monitors network traffic and page load time right from your browser window. HTTPWatch is a plug-in to Microsoft Edge that graphically describes performance. The analysis can be saved and viewed in HTTPWatch Studio.
> [!NOTE]
-> If you use another browser, such as Firefox, Google Chrome, or if you can't install HTTPWatch in Internet Explorer, open a new browser window and press F12 on your keyboard. You should see the Developer Tool pop-up at the bottom of your browser. If you use Opera, press CTRL+SHIFT+I for Web Inspector, then click the **Network** tab and complete the testing outlined below. The information will be slightly different, but load times will still be displayed in milliseconds. > HTTPWatch is also very useful for issues with SharePoint Online page load times.
+> If you use another browser, such as Firefox, Google Chrome, or if you can't install HTTPWatch in Edge, open a new browser window and press F12 on your keyboard. You should see the Developer Tool pop-up at the bottom of your browser. If you use Opera, press CTRL+SHIFT+I for Web Inspector, then click the **Network** tab and complete the testing outlined below. The information will be slightly different, but load times will still be displayed in milliseconds. > HTTPWatch is also very useful for issues with SharePoint page load times.
### Run HTTPWatch and reproduce the issue
-HTTPWatch is a browser plug-in, so exposing the tool in the browser is slightly different for each version of Internet Explorer. Typically, you can find HTTPWatch under the Commands bar in the Internet Explorer browser. If you don't see the HTTPWatch plug-in in your browser window, check the version of your browser by clicking **Help** \> **About**, or in later versions of Internet Explorer, click the gear symbol and **About Internet Explorer**. To launch the **Commands** bar, right-click the menu bar in Internet Explorer and click **Commands bar**.
+HTTPWatch is a browser plug-in, so exposing the tool in the browser is slightly different for each version of Microsoft Edge. Typically, you can find HTTPWatch under the Commands bar in the Microsoft Edge browser. If you don't see the HTTPWatch plug-in in your browser window, check the version of your browser by clicking **Help** \> **About**, or in later versions of Microsoft Edge, click the gear symbol and **About Edge**. To launch the **Commands** bar, right-click the menu bar in Microsoft Edge and click **Commands bar**.
In the past, HTTPWatch has been associated with both the Commands and the Explorer bars, so once you install, if you don't immediately see the icon (even after reboot) check **Tools**, and your toolbars for the icon. Remember that toolbars can be customized and options can be added to them.
-![Internet Explorer's Command toolbar with the HTTPWatch icon displayed.](../media/198590b0-d7b1-4bff-a6ad-e4ec3a1e83df.png)
-
-1. Launch HTTPWatch in an Internet Explorer browser window. It will appear docked to the browser at the bottom of that window. Click **Record**.
+1. Launch HTTPWatch in an Microsoft Edge browser window. It appears docked to the browser at the bottom of that window. Click **Record**.
2. Reproduce the exact steps involved in the performance issue. Click the **Stop** button in HTTPWatch.
In the past, HTTPWatch has been associated with both the Commands and the Explor
![HTTPWatch showing the Network tab for a page load of the Office 365 homepage.](../media/021a2c64-d581-49fd-adf4-4c364f589d75.PNG)
-This screenshot is from the Professional version of HTTPWatch. You can open traces taken in the Basic Version on a computer with a Professional version and read it there. Extra information may be available from the trace through that method.
+This screenshot is from the Professional version of HTTPWatch. You can open traces taken in the Basic Version on a computer with a Professional version and read it there. Extra information might be available from the trace through that method.
## Problem Steps Recorder
Steps Recorder, or PSR.exe, allows you to record issues as they're occurring. It
![A screen shot of the Steps Recorder or PSR.exe.](../media/8542b0aa-a3ff-4718-8dc4-43f5521c6c34.PNG)
-The date and time is recorded for you. This links your PSR to your Netmon trace and HTTPWatch in time, and helps with precision troubleshooting. The date and time in the PSR record can show that a minute passed between the login and browsing of the URL and the partial render of the admin site, for example.
+The date and time is recorded for you. This links your PSR to your Netmon trace and HTTPWatch in time, and helps with precision troubleshooting. The date and time in the PSR record can show that a minute passed between the sign in and browsing of the URL and the partial render of the admin site, for example.
## Read your traces It isn't possible to teach everything about network and performance troubleshooting that someone would need to know via an article. Getting good at performance takes experience, and knowledge of how your network works and usually performs. But it's possible to round up a list of top issues and show how tools can make it easier for you to eliminate the most common problems.
-If you want to pick up skills reading network traces for your Office 365 sites, there's no better teacher than creating traces of page loads regularly and gaining experience reading them. For example, when you have a chance, load an Office 365 service and trace the process. Filter the trace for DNS traffic, or search the FrameData for the name of the service you browsed. Scan the trace to get an idea of the steps that occur when the service loads. This will help you learn what normal page load should look like, and in the case of troubleshooting, particularly around performance, comparing good to bad traces can teach you a lot.
+If you want to pick up skills reading network traces for your Office 365 sites, there's no better teacher than creating traces of page loads regularly and gaining experience reading them. For example, when you have a chance, load an Office 365 service and trace the process. Filter the trace for DNS traffic, or search the FrameData for the name of the service you browsed. Scan the trace to get an idea of the steps that occur when the service loads. This helps you learn what normal page load should look like, and in the case of troubleshooting, particularly around performance, comparing good to bad traces can teach you a lot.
Netmon uses Microsoft Intellisense in the Display filter field. Intellisense, or intelligent code completion, is that trick where you type in a period and all available options are displayed in a drop-down selection box. For example, you're worried about TCP window scaling, you can find your way to a filter (such as `.protocol.tcp.window < 100`) by this means. ![Screenshot of Netmon showing that the Display Filter field uses intellisense.](../media/75a56c11-9a60-47ee-a100-aabdfb1ba10f.PNG)
-Netmon traces can have a lot of traffic in them. If you aren't experienced with reading them, it's likely you'll be overwhelmed opening the trace the first time. The first thing to do is separate the signal from the background noise in the trace. You tested against Office 365, and that's the traffic you want to see. If you're used to navigating through traces, you may not need this list.
+Netmon traces can have a lot of traffic in them. If you aren't experienced with reading them, it's likely you'll be overwhelmed opening the trace the first time. The first thing to do is separate the signal from the background noise in the trace. You tested against Office 365, and that's the traffic you want to see. If you're used to navigating through traces, you might not need this list.
Traffic between your client and Office 365 travels via TLS, which means that the body of the traffic will be encrypted and not readable in a generic Netmon trace. Your performance analysis doesn't need to know the specifics of the information in the packet. It is, however, very interested in packet headers and the information that they contain. ### Tips to get a good trace -- Know the value of the IPv4 or IPv6 address of your client computer. You can get this from the command prompt by typing **IPConfig** and then pressing ENTER. Knowing this address will let you tell at a glance whether the traffic in the trace directly involves your client computer. If there's a known proxy, ping it and get its IP address as well.
+- Know the value of the IPv4 or IPv6 address of your client computer. You can get this from the command prompt by typing **IPConfig** and then pressing ENTER. Knowing this address lets you tell at a glance whether the traffic in the trace directly involves your client computer. If there's a known proxy, ping it and get its IP address as well.
- Flush your DNS resolver cache and, if possible, close all browsers except the one in which you're running your tests. If you aren't able to do this, for instance, if support is using some browser-based tool to see your client computer's desktop, be prepared to filter your trace. -- In a busy trace, locate the Office 365 service that you're using. If you've never or seldom seen your traffic before, this is a helpful step in separating the performance issue from other network noise. There are a few ways to do this. Directly before your test, you can use _ping_ or _PsPing_ against the URL of the specific service (`ping outlook.office365.com` or `psping -4 microsoft-my.sharepoint.com:443`, for example). You can also easily find that ping or PsPing in a Netmon trace (by its process name). That will give you a place to start looking.
+- In a busy trace, locate the Office 365 service that you're using. If you have never or seldom seen your traffic before, this is a helpful step in separating the performance issue from other network noise. There are a few ways to do this. Directly before your test, you can use _ping_ or _PsPing_ against the URL of the specific service (`ping outlook.office365.com` or `psping -4 microsoft-my.sharepoint.com:443`, for example). You can also easily find that ping or PsPing in a Netmon trace (by its process name). That will give you a place to start looking.
-If you're only using Netmon tracing at the time of the problem, that's okay too. To orient yourself, use a filter like `ContainsBin(FrameData, ASCII, "office")` or `ContainsBin(FrameData, ASCII, "outlook")`. You can record your frame number from the trace file. You may also want to scroll the _Frame Summary_ pane all the way to the right and look for the Conversation ID column. There's a number indicated there for the ID of this specific conversation that you can also record and look at in isolation later. Remember to remove this filter before applying any other filtering.
+If you're only using Netmon tracing at the time of the problem, that's okay too. To orient yourself, use a filter like `ContainsBin(FrameData, ASCII, "office")` or `ContainsBin(FrameData, ASCII, "outlook")`. You can record your frame number from the trace file. You might also want to scroll the _Frame Summary_ pane all the way to the right and look for the Conversation ID column. There's a number indicated there for the ID of this specific conversation that you can also record and look at in isolation later. Remember to remove this filter before applying any other filtering.
> [!TIP] > Netmon has a lot of helpful built-in filters. Try the **Load Filter** button at the top of the _Display_ filter pane.
Taking Office 365 Outlook Online as an example, the traffic begins something lik
- Then a series of TLS:TLS traffic, which is where the TLS handshake and TLS certificate conversations take place. (Remember the data is encrypted via SSL/TLS.)
-All parts of the traffic are important and connected, but small portions of the trace contain information important in terms of performance troubleshooting, so we'll focus on those areas. Also, since we've done enough Office 365 performance troubleshooting at Microsoft to compile a Top Ten list of common problems, we'll focus on those issues and how to use the tools we have to root them out next.
+All parts of the traffic are important and connected, but small portions of the trace contain information important in terms of performance troubleshooting, so we'll focus on those areas. Also, since we've done enough Office 365 performance troubleshooting at Microsoft to compile a Top 10 list of common problems, we'll focus on those issues and how to use the tools we have to root them out next.
If you haven't installed them already, the matrix below makes use of several tools where ever possible. Links are provided to the installation points. The list includes common network tracing tools like [Netmon](https://www.microsoft.com/download/details.aspx?id=4865) and [Wireshark](https://www.wireshark.org/), but use any tracing tool you're comfortable with, and in which you're accustomed to filtering network traffic. When you're testing, remember:
If you haven't installed them already, the matrix below makes use of several too
## Common issues
-Some common issues you may face and how to find them in your Network trace.
+Some common issues you might face and how to find them in your Network trace.
### TCP Windows Scaling
-Found in the SYN - SYN/ACK. Legacy or aging hardware may not take advantage of TCP windows scaling. Without proper TCP windows scaling settings, the default 16-bit buffer in TCP headers fills in milliseconds. Traffic canΓÇÖt continue to send until the client receives an acknowledgment that the original data has been received, causing delays.
+Found in the SYN - SYN/ACK. Legacy or aging hardware might not take advantage of TCP windows scaling. Without proper TCP windows scaling settings, the default 16-bit buffer in TCP headers fills in milliseconds. Traffic canΓÇÖt continue to send until the client receives an acknowledgment that the original data has been received, causing delays.
#### Tools
Found in the SYN - SYN/ACK. Legacy or aging hardware may not take advantage of T
#### What to look for
-Look for the SYN - SYN/ACK traffic in your network trace. In Netmon, use a filter like `tcp.flags.syn == 1`. This filter is the same in Wireshark.
+Look for the SYN - SYN/ACK traffic in your network trace. In Netmon, use a filter like `tcp.flags.syn == 1`. This filter is the same in Wireshark.
![Filter in Netmon or Wireshark for Syn packets for both tools: TCP.Flags.Syn == 1.](../media/4b9a12a1-c915-43c8-ac2f-a679d0435a29.PNG)
To see the Windows Scaling value that is used by your network connection, expand
Historically, most perimeter networks are configured for transient connections, meaning idle connections are generally terminated. Idle TCP sessions can be terminated by proxies and firewalls at greater than 100 to 300 seconds. This is problematic for Outlook Online because it creates and uses long-term connections, whether they're idle or not.
-When connections are terminated by proxy or firewall devices, the client isn't informed, and an attempt to use Outlook Online will mean a client computer will try, repeatedly, to revive the connection before making a new one. You may see hangs in the product, prompts, or slow performance on page load.
+When connections are terminated by proxy or firewall devices, the client isn't informed, and an attempt to use Outlook Online will mean a client computer will try, repeatedly, to revive the connection before making a new one. You might see hangs in the product, prompts, or slow performance on page load.
#### Tools
Need to measure the speed of your connection, or your ISP connection's bandwidth
#### What to look for
-To track latency in a trace, you'll benefit from having recorded the client computer IP address and the IP address of the DNS server in Office 365. This is for easier trace filtering. If you connect through a proxy, you will need your client computer IP address, the proxy/egress IP address, and the Office 365 DNS IP address, to make the work easier.
+To track latency in a trace, you'll benefit from having recorded the client computer IP address and the IP address of the DNS server in Office 365. This is for easier trace filtering. If you connect through a proxy, you'll need your client computer IP address, the proxy/egress IP address, and the Office 365 DNS IP address, to make the work easier.
-A ping request sent to outlook.office365.com will tell you the name of the datacenter receiving the request, even if ping *may* not be able to connect to send the trademark consecutive ICMP packets. If you use PsPing (a free tool for download), and specific the port (443) and perhaps to use IPv4 (-4) you will get an average round-trip-time for packets sent. This will work this for other URLs in the Office 365 services, like `psping -4 yourSite.sharepoint.com:443`. In fact, you can specify a number of pings to get a larger sample for your average, try something like `psping -4 -n 20 yourSite-my.sharepoint.com:443`.
+A ping request sent to outlook.office365.com will tell you the name of the datacenter receiving the request, even if ping *might* not be able to connect to send the trademark consecutive ICMP packets. If you use PsPing (a free tool for download), and specific the port (443) and perhaps to use IPv4 (-4) you'll get an average round-trip-time for packets sent. This will work this for other URLs in the Office 365 services, like `psping -4 yourSite.sharepoint.com:443`. In fact, you can specify a number of pings to get a larger sample for your average, try something like `psping -4 -n 20 yourSite-my.sharepoint.com:443`.
> [!NOTE] > PsPing doesn't send ICMP packets. It pings with TCP packets over a specific port, so you can use any one you know to be open. In Office 365, which uses SSL/TLS, try attaching port :443 to your PsPing.
A ping request sent to outlook.office365.com will tell you the name of the datac
If you loaded the slow performing Office 365 page while doing a network trace, you should filter a Netmon or Wireshark trace for `DNS`. This is one of the IPs we're looking for.
-Here are the steps to take to filter your Netmon to get the IP address (and take a look at DNS Latency). This example uses outlook.office365.com, but may also use the URL of a SharePoint Online tenant (hithere.sharepoint.com for example).
+Here are the steps to take to filter your Netmon to get the IP address (and take a look at DNS Latency). This example uses outlook.office365.com, but may also use the URL of a SharePoint tenant (hithere.sharepoint.com for example).
1. Ping the URL `ping outlook.office365.com` and, in the results, record the name and IP address of the DNS server the ping request was sent to. 2. Network trace opening the page, or doing the action that gives you the performance problem, or, if you see a high latency on the ping, itself, network trace it.
-3. Open the trace in Netmon and filter for DNS (this filter also works in Wireshark, but is sensitive to case `-- dns`). Since you know the name of the DNS server from your ping you may also filter more speedily in Netmon like this: `DNS AND ContainsBin(FrameData, ASCII, "namnorthwest")`, which looks like this in Wireshark dns and frame contains "namnorthwest".<br/>Open the response packet and, in the Netmon **Frame Details** window, click **DNS** to expand for more information. In the DNS information you'll find the IP address of the DNS server the request went to in Office 365. You'll need this IP address for the next step (the PsPing tool). Remove the filter, right-click on the DNS Response in Netmon (**Frame Summary** \> **Find Conversations** \> **DNS**) to see the DNS Query and Response side-by-side.
+3. Open the trace in Netmon and filter for DNS (this filter also works in Wireshark, but is sensitive to case `-- dns`). Since you know the name of the DNS server from your ping you may also filter more speedily in Netmon like this: `DNS AND ContainsBin(FrameData, ASCII, "namnorthwest")`, which looks like this in Wireshark dns and frame contains "namnorthwest".<br/>Open the response packet and, in the Netmon **Frame Details** window, click **DNS** to expand for more information. In the DNS information, you'll find the IP address of the DNS server the request went to in Office 365. You'll need this IP address for the next step (the PsPing tool). Remove the filter, right-click on the DNS Response in Netmon (**Frame Summary** \> **Find Conversations** \> **DNS**) to see the DNS Query and Response side-by-side.
4. In Netmon, also note the Time Offset column between the DNS Request and Response. In the next step, the easy-to-install and use [PsPing](/sysinternals/downloads/psping) tool comes in very handy, both because ICMP is often blocked on Firewalls, and because PsPing elegantly tracks latency in milliseconds. PsPing completes a TCP connection to an address and port (in our case open port 443). 5. Install PsPing. 6. Open a command prompt (Start \> Run \> type cmd, or Windows Key \> type cmd) and change directory to the directory where you installed PsPing to run the PsPing command. In my examples you can see I made a 'Perf' folder on the root of C. You can do the same for quick access. 7. Type the command so that you're making your PsPing against the IP address of the Office 365 DNS server from your earlier Netmon trace, including the port number, like `psping -n 20 132.245.24.82:445`. This will give you a sampling of 20 pings and average the latency when PsPing stops.
-If you're going to Office 365 through a proxy server, the steps are a little different. You would first PsPing to your proxy server to get an average latency value in milliseconds to proxy/egress and back, and then either run PsPing on the proxy, or on a computer with a direct Internet connection to get the missing value (the one to Office 365 and back).
+If you're going to Office 365 through a proxy server, the steps are a little different. First, PsPing to your proxy server to get an average latency value in milliseconds to proxy/egress and back, and then either run PsPing on the proxy, or on a computer with a direct Internet connection to get the missing value (the one to Office 365 and back).
If you choose to run PsPing from the proxy, you'll have two millisecond values: Client computer to proxy server or egress point, and proxy server to Office 365. And you're done! Well, recording values, anyway.
-If you run PsPing on another client computer that has a direct connection to the Internet, that is, without a proxy, you will have two millisecond values: Client computer to proxy server or egress point, and client computer to Office 365. In this case, subtract the value of client computer to proxy server or egress point from the value of client computer to Office 365, and you will have the RTT numbers from your client computer to the proxy server or egress point, and from proxy server or egress point to Office 365.
+If you run PsPing on another client computer that has a direct connection to the Internet, that is, without a proxy, you'll have two millisecond values: Client computer to proxy server or egress point, and client computer to Office 365. In this case, subtract the value of client computer to proxy server or egress point from the value of client computer to Office 365, and you'll have the RTT numbers from your client computer to the proxy server or egress point, and from proxy server or egress point to Office 365.
However, if you can find a client computer in the impacted location that is directly connected, or bypasses the proxy, you may choose to see if the issue reproduces there to begin with, and test using it thereafter.
Remember to expand all the nodes (there's a button at the top for this) if you w
This only applies to you if you're going through a proxy server. If not, you can skip these steps. When working properly, proxy authentication should take place in milliseconds, consistently. You shouldn't see intermittent bad performance during peak usage periods (for example).
-If Proxy authentication is on, each time you make a new TCP connection to Office 365 to get information, you need to pass through an authentication process behind the scenes. So, for example, when switching from Calendar to Mail in Outlook Online, you will authenticate. And in SharePoint Online, if a page displays media or data from multiple sites or locations, you will authenticate for each different TCP connection that is needed in order to render the data.
+If Proxy authentication is on, each time you make a new TCP connection to Office 365 to get information, you need to pass through an authentication process behind the scenes. So, for example, when switching from Calendar to Mail in Outlook Online, you'll authenticate. And in SharePoint, if a page displays media or data from multiple sites or locations, you'll authenticate for each different TCP connection that is needed in order to render the data.
-In Outlook Online, you may experience slow load times whenever you switch between Calendar and your mailbox, or slow page loads in SharePoint Online. However, there are other symptoms not listed here.
+In Outlook Online, you might experience slow load times whenever you switch between Calendar and your mailbox, or slow page loads in SharePoint. However, there are other symptoms not listed here.
-Proxy authentication is a setting on your egress proxy server. If it is causing a performance issue with Office 365, you must consult your networking team.
+Proxy authentication is a setting on your egress proxy server. If it's causing a performance issue with Office 365, you must consult your networking team.
#### Tools
Proxy authentication is a setting on your egress proxy server. If it is causing
#### What to look for
-Proxy authentication takes place whenever a new TCP session must be spun up, commonly to request files or info from the server, or to supply info. For example, you may see proxy authentication around HTTP GET or HTTP POST requests. If you want to see the frames where you are authenticating requests in your trace, add the 'NTLMSSP Summary' column to Netmon and filter for `.property.NTLMSSPSummary`. To see how long the authentication is taking, add the Time Delta column.
+Proxy authentication takes place whenever a new TCP session must be spun up, commonly to request files or info from the server, or to supply info. For example, you might see proxy authentication around HTTP GET or HTTP POST requests. If you want to see the frames where you're authenticating requests in your trace, add the 'NTLMSSP Summary' column to Netmon and filter for `.property.NTLMSSPSummary`. To see how long the authentication is taking, add the Time Delta column.
To add a column to Netmon:
To add a column to Netmon:
Even if you don't add the column, the Netmon filter will work. But your troubleshooting will be much easier if you can see what stage of authentication you're in.
-When looking for instances of Proxy Authentication, be sure to study all frames where there is an NTLM Challenge, or an Authenticate Message is present. If necessary, right-click the specific piece of traffic and Find Conversations \> TCP. Be aware of the Time Delta values in these Conversations.
+When looking for instances of Proxy Authentication, be sure to study all frames where there's an NTLM Challenge, or an Authenticate Message is present. If necessary, right-click the specific piece of traffic and Find Conversations \> TCP. Be aware of the Time Delta values in these Conversations.
![Netmon trace showing proxy authentication, filtered by conversation.](../media/b640f176-0a52-4bbb-972e-60fb3d6aece2.PNG)
-A four second delay in proxy authentication as seen in Wireshark. The **Time delta from previous displayed frame** column was made via right-clicking the field of the same name in the frame details and selecting Add as Column. <br/> ![In Wireshark, the 'Time delta from previous displayed frame' column can be made via right-clicking the field of the same name in the frame details and selecting Add as Column.](../media/f5b7bde4-8067-4ee0-bc7f-e9062ce1ba6f.PNG)
+A four-second delay in proxy authentication as seen in Wireshark. The **Time delta from previous displayed frame** column was made via right-clicking the field of the same name in the frame details and selecting Add as Column. <br/> ![In Wireshark, the 'Time delta from previous displayed frame' column can be made via right-clicking the field of the same name in the frame details and selecting Add as Column.](../media/f5b7bde4-8067-4ee0-bc7f-e9062ce1ba6f.PNG)
### DNS Performance Name resolution works best and most quickly when it takes place as close to the client's country/region as possible.
-If DNS name resolution is taking place overseas, it can add seconds to page loads. Ideally, name resolution happens in under 100ms. If not, you should do further investigation.
+If DNS name resolution is taking place overseas, it can add seconds to page loads. Ideally, name resolution happens in under 100 ms. If not, you should do further investigation.
> [!TIP] > Not sure how Client Connectivity works in Office 365? Take a look at the Client Connectivity Reference document [here](/previous-versions//dn741250(v=technet.10)).
If DNS name resolution is taking place overseas, it can add seconds to page load
Analyzing DNS performance is typically another job for a network trace. However, PsPing is also helpful in ruling in, or out, a possible cause.
-DNS traffic is based on TCP and UDP requests and responses are clearly marked with an ID that will help to match a specific request with its specific response. You'll see DNS traffic when, for example, SharePoint Online uses a network name or URL on a web page. As a rule of thumb, most of this traffic, except when transferring Zones, runs over UDP.
+DNS traffic is based on TCP and UDP requests and responses are clearly marked with an ID that will help to match a specific request with its specific response. You'll see DNS traffic when, for example, SharePoint uses a network name or URL on a web page. As a rule of thumb, most of this traffic, except when transferring Zones, runs over UDP.
-In both Netmon and Wireshark, the most basic filter that will let you look at DNS traffic is simply `dns`. Be sure to use lower case when specifying the filter. Remember to flush your DNS resolver cache before you begin to reproduce the issue on your client computer. For example, if you have a slow SharePoint Online page load for the Home page, you should close all browsers, open a new browser, start tracing, flush your DNS resolver cache, and browse to your SharePoint Online site. Once the entire page resolves, you should stop and save the trace.
+In both Netmon and Wireshark, the most basic filter that will let you look at DNS traffic is simply `dns`. Be sure to use lower case when specifying the filter. Remember to flush your DNS resolver cache before you begin to reproduce the issue on your client computer. For example, if you have a slow SharePoint page load for the Home page, you should close all browsers, open a new browser, start tracing, flush your DNS resolver cache, and browse to your SharePoint site. Once the entire page resolves, you should stop and save the trace.
![A basic filter for DNS in Netmon is DNS.](../media/1bebc118-ca13-45f3-803f-ab73e7af401d.png)
-You want to look at the time offset here. And it may be helpful to add the **Time Delta** column to Netmon which you can do by completing these steps:
+You want to look at the time offset here. And it might be helpful to add the **Time Delta** column to Netmon which you can do by completing these steps:
1. Right-click on a column such as **Description**. 2. Click **Choose Columns**.
If you find a query of interest, consider isolating it by right-clicking that qu
![A Netmon trace of Outlook Online load filtered by DNS, and using Find Conversations then DNS to narrow down the results.](../media/763cf20e-7b48-4a37-9449-c9978cfe118b.PNG)
-In Wireshark you can make a column for DNS time. Take your trace (or open a trace) in Wireshark and filter by `dns`, or, more helpfully, `dns.time`. Click on any DNS query, and, in the panel showing details, expand the `Domain Name System (response)` details. You'll see a field for time (for example, `[Time: 0.001111100 seconds]`. Right-click this time and select **Apply as Column**. This will give you a **Time** column for quicker sorting of your trace. Click on the new column to sort by descending values to see which DNS call took the longest to resolve.
+In Wireshark, you can make a column for DNS time. Take your trace (or open a trace) in Wireshark and filter by `dns`, or, more helpfully, `dns.time`. Click on any DNS query, and, in the panel showing details, expand the `Domain Name System (response)` details. You'll see a field for time (for example, `[Time: 0.001111100 seconds]`. Right-click this time and select **Apply as Column**. This will give you a **Time** column for quicker sorting of your trace. Click on the new column to sort by descending values to see which DNS call took the longest to resolve.
-[A browse of SharePoint Online filtered in Wireshark by (lowercase) dns.time, with the time from the details made into a column and sorted ascending.](../media/1439dcc2-12ff-4ee2-9ef3-1484cf79c384.PNG)
+[A browse of SharePoint filtered in Wireshark by (lowercase) dns.time, with the time from the details made into a column and sorted ascending.](../media/1439dcc2-12ff-4ee2-9ef3-1484cf79c384.PNG)
-If you would like to do more investigation of the DNS resolution time, try a PsPing against the DNS port used by TCP (for example, `psping <IP address of DNS server>:53`) . Do you still see a performance issue? If you do, then the problem is more likely to be a broader network issue than an issue of specific the DNS application you're hitting to do resolution. It's also worth mentioning, again, that a ping to outlook.office365.com will tell you where DNS name resolution for Outlook Online is taking place (for example, outlook-namnorthwest.office365.com).
+If you would like to do more investigation of the DNS resolution time, try a PsPing against the DNS port used by TCP (for example, `psping <IP address of DNS server>:53`). Do you still see a performance issue? If you do, then the problem is more likely to be a broader network issue than an issue of specific the DNS application you're hitting to do resolution. It's also worth mentioning, again, that a ping to outlook.office365.com will tell you where DNS name resolution for Outlook Online is taking place (for example, outlook-namnorthwest.office365.com).
If the issue looks to be DNS specific, it may be necessary to contact your IT department to look at DNS configurations and DNS Forwarders to further investigate this issue. ### Proxy Scalability
-Services like Outlook Online in Office 365 grant clients multiple long-term connections. Therefore, each user may use more connections that require a longer life.
+Services like Outlook Online in Office 365 grant clients multiple long-term connections. Therefore, each user might use more connections that require a longer life.
#### Tools
Math
#### What to look for
-There is no network trace or troubleshooting tool specific to this. Instead, it's based upon bandwidth calculations given limitations and other variables.
+There's no network trace or troubleshooting tool specific to this. Instead, it's based upon bandwidth calculations given limitations and other variables.
### TCP Max Segment Size Found in the SYN - SYN/ACK. Do this check in any performance network trace you've taken to ensure that TCP packets are configured to carry the maximum amount of data possible.
-The goal is to see an MSS of 1460 bytes for transmission of data. If you're behind a proxy, or you are using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
+The goal is to see an MSS of 1,460 bytes for transmission of data. If you're behind a proxy, or you're using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
#### Tools
Netmon
#### What to look for
-TCP Max Segment Size (MSS) is another parameter of the three-way handshake in your network trace, that means you'll find the data you need in the SYN - SYN/ACK packet. MSS is actually pretty simple to see.
+TCP Max Segment Size (MSS) is another parameter of the three-way handshake in your network trace that means you'll find the data you need in the SYN - SYN/ACK packet. MSS is pretty simple to see.
Open any performance network trace you have and find the connection you're curious about, or that demonstrates the performance problem.
Open any performance network trace you have and find the connection you're curio
Looking at the trace second-hand? Try using filters to orient yourself. In Netmon, run a search based on the URL, such as `Containsbin(framedata, ascii, "sphybridExample")`, take note of the frame number.
-In Wireshark use something like `frame contains "sphybridExample"`. If you notice that you've found Remote Winsock (RWS) traffic (it may appear as a [PSH, ACK] in Wireshark), remember that RWS connects can be seen shortly before relevant SYN - SYN/ACKs, as discussed earlier.
+In Wireshark, use something like `frame contains "sphybridExample"`. If you notice that you've found Remote Winsock (RWS) traffic (it might appear as a [PSH, ACK] in Wireshark), remember that RWS connects can be seen shortly before relevant SYN - SYN/ACKs, as discussed earlier.
-At this point, you can record the frame number, drop the filter, click **All Traffic** in the Network Conversations window in Netmon to look at the nearest SYN.
+At this point, you can record the frame number, drop the filter, and click **All Traffic** in the Network Conversations window in Netmon to look at the nearest SYN.
Importantly, if you didn't receive any of the IP address information at the time of the trace, finding your URL in the trace (part of `sphybridExample-my.sharepoint.com`, for example), will give you IP addresses to filter by.
The built-in column is at the top of the **Frame Details** panel. (To switch bac
![Where to find the Columns drop down for the TCP Troubleshoot option (on top of the Frame Summary).](../media/64fd4baa-a872-4f07-b959-752d7d37fd62.PNG)
-Here's a filtered trace in Wireshark. There is a filter specific to the MSS value (`tcp.options.mss`). The frames of a SYN, SYN/ACK, ACK handshake are linked at the bottom of the Wireshark equivalent to Frame Details (so frame 47 ACK, links to 46 SYN/ACK, links to 43 SYN) to make this kind of work easier.
+Here's a filtered trace in Wireshark. There's a filter specific to the MSS value (`tcp.options.mss`). The frames of a SYN, SYN/ACK, ACK handshake are linked at the bottom of the Wireshark equivalent to Frame Details (so frame 47 ACK, links to 46 SYN/ACK, links to 43 SYN) to make this kind of work easier.
![Trace filtered in Wireshark by tcp.options.mss for Max Segment Size (MSS).](../media/51e278db-801b-48bc-9b68-87cf92f03fd6.PNG)
If you need to check **Selective Acknowledgment** (next topic in this matrix), d
Found in the SYN - SYN/ACK. Must be reported as Permitted in both SYN and SYN/ACK. Selective Acknowledgment (SACK) allows for smoother retransmission of data when a packet or packets go missing. Devices can disable this feature, which can lead to performance problems.
-If you're behind a proxy, or you are using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
+If you're behind a proxy, or you're using a NAT, remember to run this test from client to proxy/egress/NAT, and from proxy/egress/NAT to Office 365 for best results! These are different TCP sessions.
#### Tools
Locate the connection in the trace that you're interested in seeing either by sc
Where in the world Office 365 tries to resolve your DNS call affects your connection speed.
-In Outlook Online, after the first DNS lookup is completed, the location of that DNS will be used to connect to your nearest datacenter. You will be connected to an Outlook Online CAS server, which will use the backbone network to connect to the datacenter (dC) where your data is stored. This is faster.
+In Outlook Online, after the first DNS lookup is completed, the location of that DNS will be used to connect to your nearest datacenter. You'll be connected to an Outlook Online CAS server, which will use the backbone network to connect to the datacenter (dC) where your data is stored. This is faster.
-When accessing SharePoint Online, a user traveling abroad will be directed to their active datacenter -- that's the dC whose location is based on their SPO tenant's home-base (so, a dC in the USA if the user if USA-based).
+When accessing SharePoint, a user traveling abroad will be directed to their active datacenter - that's the dC whose location is based on their SPO tenant's home-base (so, a dC in the USA if the user if USA-based).
Lync online has active nodes in more than one dC at a time. When requests are sent for Lync online instances, Microsoft's DNS will determine where in the world the request came from, and return IP addresses from the nearest regional dC where Lync online is active.
Lync online has active nodes in more than one dC at a time. When requests are se
#### What to look for
-Requests for name resolution from the client's DNS servers to Microsoft's DNS servers should in most cases result in Microsoft DNS returning the IP address of a regional datacenter (dC). What does this mean for you? If your headquarters are in Bengaluru, India, but you are traveling in the United States, when your browser makes a request for Outlook Online, Microsoft's DNS servers should hand you IP addresses to datacenters in the United States -- a regional datacenter. If mail is needed from Outlook, that data will travel across Microsoft's quick backbone network between the datacenters.
+Requests for name resolution from the client's DNS servers to Microsoft's DNS servers should in most cases result in Microsoft DNS returning the IP address of a regional datacenter (dC). What does this mean for you? If your headquarters are in Bengaluru, India, but you're traveling in the United States, when your browser makes a request for Outlook Online, Microsoft's DNS servers should hand you IP addresses to datacenters in the United States - a regional datacenter. If mail is needed from Outlook, that data will travel across Microsoft's quick backbone network between the datacenters.
DNS works fastest when name resolution is done as close to the user location as possible. If you're in Europe, you want to go to a Microsoft DNS in Europe, and (ideally) deal with a datacenter in Europe. Performance from a client in Europe going to DNS and a datacenter in America will be slower. Run the Ping tool against outlook.office365.com to determine where in the world your DNS request is being routed. If you are in Europe, you should see a reply from something like outlook-emeawest.office365.com. In the Americas, expect something like outlook-namnorthwest.office365.com.
-Open the command prompt on the client computer (via Start \> Run \> cmd or Windows key \> type cmd). Type ping outlook.office365.com and press ENTER. Remember, to specify -4 if you want to specify to ping via IPv4. You may fail to get a reply from the ICMP packets, but you should see the name of the DNS to which the request was routed. If you want to see the latency numbers for this connection try PsPing to the IP address of the server that is returned by ping.
+Open the command prompt on the client computer (via Start \> Run \> cmd or Windows key \> type cmd). Type ping outlook.office365.com and press ENTER. Remember, to specify -4 if you want to specify to ping via IPv4. You might fail to get a reply from the ICMP packets, but you should see the name of the DNS to which the request was routed. If you want to see the latency numbers for this connection try PsPing to the IP address of the server that is returned by ping.
![Ping of outlook.office365.com showing resolution in outlook-namnorthwest.](../media/06c944d5-6159-43ec-aa31-757770695e8b.PNG)
Open the command prompt on the client computer (via Start \> Run \> cmd or Windo
We don't cover tools used in application-specific troubleshooting in this network-specific article. But you'll find resources you *can* use [on this page](https://support.office.com/article/Network-planning-and-performance-tuning-for-Office-365-e5f1228c-da3c-4654-bf16-d163daee8848).
-## Related Topics
+## Related articles
[Managing Office 365 endpoints](https://support.office.com/article/99cab9d4-ef59-4207-9f2b-3728eb46bf9a)
-[Office 365 endpoints FAQ](https://support.office.com/article/d4088321-1c89-4b96-9c99-54c75cae2e6d)
+[Office 365 endpoints FAQ](https://support.office.com/article/d4088321-1c89-4b96-9c99-54c75cae2e6d)
enterprise Use Powershell To Perform An Imap Migration To Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-powershell-to-perform-an-imap-migration-to-microsoft-365.md
Title: "Use PowerShell to perform an IMAP migration to Microsoft 365"
Previously updated : 09/19/2022 Last updated : 04/12/2024 audience: Admin
search.appverid:
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - NOCSH
As part of the process of deploying Microsoft 365, you can choose to migrate the
Estimated time to complete this task: 2-5 minutes to create a migration batch. After the migration batch is started, the duration of the migration will vary based on the number of mailboxes in the batch, the size of each mailbox, and your available network capacity. For information about other factors that affect how long it takes to migrate mailboxes to Microsoft 365, see [Migration Performance](/Exchange/mailbox-migration/office-365-migration-best-practices).
-You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Migration" entry in a table in the [Recipients Permissions](/exchange/recipients-permissions-exchange-2013-help) topic.
+You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Migration" entry in a table in the [Recipients Permissions](/exchange/recipients-permissions-exchange-2013-help) article.
To use the Exchange Online PowerShell cmdlets, you need to sign in and import the cmdlets into your local Windows PowerShell session. See [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) for instructions.
The following restrictions apply to IMAP migrations:
- **Add each user to Microsoft 365 so that they have a mailbox.** For instructions, see[Add users to Microsoft 365 for business](../admin/add-users/add-users.md). -- **Obtain the FQDN of the IMAP server**. You need to provide the fully qualified domain name (FQDN) (also called the full computer name) of the IMAP server that you will migrate mailbox data from when you create an IMAP migration endpoint. Use an IMAP client or the PING command to verify that you can use the FQDN to communicate with the IMAP server over the Internet.
+- **Obtain the FQDN of the IMAP server**. You need to provide the fully qualified domain name (FQDN) (also called the full computer name) of the IMAP server that you'll migrate mailbox data from when you create an IMAP migration endpoint. Use an IMAP client or the PING command to verify that you can use the FQDN to communicate with the IMAP server over the Internet.
- **Configure the firewall to allow IMAP connections**. You might have to open ports in the firewall of the organization that hosts the IMAP server so network traffic originating from the Microsoft datacenter during the migration is allowed to enter the organization that hosts the IMAP server. For a list of IP addresses used by Microsoft datacenters, see [Exchange Online URLs and IP Address Ranges](./urls-and-ip-address-ranges.md).
Here are the required attributes for each user:
- **EmailAddress** specifies the user ID for the user's Microsoft 365 mailbox. -- **UserName** specifies the logon name for the account to use to access the mailbox on the IMAP server.
+- **UserName** specifies the sign in name for the account to use to access the mailbox on the IMAP server.
- **Password** specifies the password for the account in the **UserName** column.
enterprise Why You Need To Use Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/why-you-need-to-use-microsoft-365-powershell.md
Title: "Why you need to use PowerShell for Microsoft 365"
Previously updated : 07/17/2020 Last updated : 03/11/2024 audience: ITPro
ms.localizationpriority: medium
- Ent_O365 - scotvorg
+- must-keep
f1.keywords: - CSH - admindeeplinkEXCHANGE - has-azure-ad-ps-ref
+ - azure-ad-ref-level-one-done
ms.assetid: b3209b1a-40c7-4ede-8e78-8a88bb2adc8a description: "Summary: Understand why you must use PowerShell to manage Microsoft 365, in some cases more efficiently and in other cases by necessity."
description: "Summary: Understand why you must use PowerShell to manage Microsof
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-With the Microsoft 365 admin center, you can manage your Microsoft 365 user accounts and licenses. You can also manage your Microsoft 365 services, such as Exchange Online, Teams, and SharePoint Online. If you instead use PowerShell to manage these services, you can and take advantage of the command-line and scripting language environment for speed, automation, and additional capabilities.
+With the Microsoft 365 admin center, you can manage your Microsoft 365 user accounts and licenses. You can also manage your Microsoft 365 services, such as Exchange Online, Teams, and SharePoint. If you instead use PowerShell to manage these services, you can and take advantage of the command-line and scripting language environment for speed, automation, and additional capabilities.
+
+> [!NOTE]
+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
+> Some PowerShell for Microsoft 365 commands in this article have been updated to use Microsoft Graph PowerShell.
This article shows how to use PowerShell to manage Microsoft 365 to:
After you learn these basic skills, you don't have to list your mailbox users by
## PowerShell for Microsoft 365 can reveal information that you can't see with the Microsoft 365 admin center
-The Microsoft 365 admin center displays many useful information. But it doesn't display all the possible information that Microsoft 365 stores about users, licenses, mailboxes, and sites. Here's an example for *users and groups* in the Microsoft 365 admin center:
+The Microsoft 365 admin center displays much useful information, but it doesn't display all the possible information that Microsoft 365 stores about users, licenses, mailboxes, and sites. Here's an example for *users and groups* in the Microsoft 365 admin center:
![Example of the display of users and groups in the Microsoft 365 admin center.](../media/o365-powershell-users-and-groups.png)
This view provides the information that you need in many cases. However, there a
5. Write the user's display name and location on a piece of paper, or copy and paste it into Notepad.
-You must repeat this procedure for each user. If you have many users, this process can be tedious. With PowerShell for Microsoft 365, you can display this information for all of your users by using the following command:
+You must repeat this procedure for each user. If you have many users, this process can be tedious. With PowerShell, you can display this information for all of your users by using the following commands.
+
+>[!NOTE]
+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
+
+First, use a **Microsoft Entra DC admin**, **Cloud Application Admin**, or **Global admin** account to [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md).
+
+Getting information for a user requires the **User.ReadBasic.All** permission scope or one of the other permissions listed in the ['Assign license' Graph API reference page](/graph/api/user-assignlicense).
+
+The Organization.Read.All permission scope is required to read the licenses available in the tenant.
[!INCLUDE [Azure AD PowerShell deprecation note](~/../microsoft-365/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)] ```powershell
-Get-AzureADUser | Select DisplayName, UsageLocation
+Connect-MgGraph -Scopes "User.ReadBasic.All"
+Get-MgUser -All -Property DisplayName, UsageLocation | Select DisplayName, UsageLocation
``` -
->[!Note]
->PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets that have *Msol* in their name. You have to run these cmdlets from Windows PowerShell.
->
- Here's an example of the results: ```powershell
Alex Darrow US
David Longmuir BR ```
-The interpretation of this PowerShell command is: Get all of the users in the current Microsoft 365 subscription (**Get-AzureADUser**), but only display the name and location for each user (**Select DisplayName, UsageLocation**).
+The interpretation of this PowerShell command is: Get all of the users in the current Microsoft 365 subscription (**Get-MgUser**), but only display the name and location for each user (**Select DisplayName, UsageLocation**).
-Because PowerShell for Microsoft 365 supports a command-shell language, you can further manipulate the information obtained by the **Get-AzureADUser** command. For example, maybe you'd like to sort these users by their location, grouping all the Brazilian users together, all the United States users together, and so on. Here's the command:
+Because PowerShell for Microsoft 365 supports a command-shell language, you can further manipulate the information obtained by the **Get-MgUser** command. For example, maybe you'd like to sort these users by their location, grouping all the Brazilian users together, all the United States users together, and so on. Here's the command:
```powershell
-Get-AzureADUser | Select DisplayName, UsageLocation | Sort UsageLocation, DisplayName
+Get-MgUser -All -Property DisplayName, UsageLocation | Select DisplayName, UsageLocation | Sort UsageLocation, DisplayName
``` Here's an example of the results:
The interpretation of this PowerShell command is: Get all the users in the curre
You can also use additional filtering. For example, if you only want to see information about users based in Brazil, use this command: ```powershell
-Get-AzureADUser | Where {$_.UsageLocation -eq "BR"} | Select DisplayName, UsageLocation
+Get-MgUser -All -Property DisplayName, Country | Where-Object {$_.Country -eq "BR"} | Select DisplayName, Country
``` Here's an example of the results:
If you have a large domain with tens of thousands of users, trying some of the e
For example, the following command returns all the user accounts and shows the name and location for each: ```powershell
-Get-AzureADUser | Select DisplayName, UsageLocation
+Get-MgUser -All | Select DisplayName, UsageLocation
``` That works great for smaller domains. But in a large organization, you might want to split that operation into two commands: one command to store the user account information in a variable and another to display the needed information. Here's an example: ```powershell
-$x = Get-AzureADUser
+$x = Get-MgUser -All -Property DisplayName, UsageLocation
$x | Select DisplayName, UsageLocation ``` The interpretation of this set of PowerShell commands is:
-1. Get all the users in the current Microsoft 365 subscription and store the information in a variable named $x (**$x = Get-AzureADUser**).
+1. Get all the users in the current Microsoft 365 subscription and store the information in a variable named $x (**$x = Get-MgUser**).
1. Display the contents of the variable *$x*, but only include the name and location for each user (**$x | Select DisplayName, UsageLocation**). ## Microsoft 365 has features that you can only configure with PowerShell for Microsoft 365
There are other similar scenarios as well, which is why administrators should kn
Visual interfaces like the Microsoft 365 admin center are most valuable when you have a single operation to do. For example, if you need to disable one user account, you can use the admin center to quickly locate and clear a checkbox. This may be easier than performing a similar operation in PowerShell.
-But if you have to change many things or some selected things within a large set of other things, the Microsoft 365 admin center might not be the best tool. For example, say you have to change the prefix on thousands of phone numbers or remove the specific user *Ken Myer* from all your SharePoint Online sites. How would you do that in the Microsoft 365 admin center?
+But if you have to change many things or some selected things within a large set of other things, the Microsoft 365 admin center might not be the best tool. For example, say you have to change the prefix on thousands of phone numbers or remove the specific user *Ken Myer* from all your SharePoint sites. How would you do that in the Microsoft 365 admin center?
-For the last example, say you have several hundred SharePoint Online sites, and you don't know which ones Ken Meyer is a member of. You would have to start at the Microsoft 365 admin center and then perform this procedure for each site:
+For the last example, say you have several hundred SharePoint sites, and you don't know which ones Ken Meyer is a member of. You would have to start at the Microsoft 365 admin center and then perform this procedure for each site:
1. Select the **URL** of the site.
For the last example, say you have several hundred SharePoint Online sites, and
4. In the **Share** dialog box, select the link that shows all the users who have permissions to the site:
- ![Example of viewing the members of a SharePoint Online site in the SharePoint Online Admin center.](../media/o365-powershell-view-permissions.png)
+ ![Example of viewing the members of a SharePoint site in the SharePoint Admin center.](../media/o365-powershell-view-permissions.png)
5. In the **Shared With** dialog box, select **Advanced**.
Get-SPOSite | ForEach {Remove-SPOUser -Site $_.Url -LoginName "kenmyer@litwarein
``` > [!NOTE]
-> This command requires that you install the [SharePoint Online PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
+> This command requires that you install the [SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
The interpretation of this PowerShell command is: Get all of the SharePoint sites in the current Microsoft 365 subscription (**Get-SPOSite**) and for each site remove Ken Meyer from the list of users who can access it (**ForEach {Remove-SPOUser -Site $\_.Url -LoginName "kenmyer\@litwareinc.com"}**).
-We tell Microsoft 365 to remove Ken Meyer from every site, including those that he doesn't have access to. So the results will show errors for those sites that he doesn't have access to. We can use an additional condition on this command to remove Ken Meyer only from the sites that have him on their login list. But the errors that are returned cause no harm to the sites themselves. This command might take a few minutes to run against hundreds of sites, rather than hours of working through the Microsoft 365 admin center.
+We tell Microsoft 365 to remove Ken Meyer from every site, including those that he doesn't have access to. So the results will show errors for those sites that he doesn't have access to. We can use an additional condition on this command to remove Ken Meyer only from the sites that have him on their sign in list. But the errors that are returned cause no harm to the sites themselves. This command might take a few minutes to run against hundreds of sites, rather than hours of working through the Microsoft 365 admin center.
Here's another bulk operation example. Use this command to add *Bonnie Kearney*, a new SharePoint administrator, to all sites in the organization:
Here's another bulk operation example. Use this command to add *Bonnie Kearney*,
Get-SPOSite | ForEach {Add-SPOUser -Site $_.Url -LoginName "bkearney@litwareinc.com" -Group "Members"} ```
-The interpretation of this PowerShell command is: Get all the SharePoint sites in the current Microsoft 365 subscription and for each site allow Bonnie Kearney access by adding her login name to the Members group of the site (**ForEach {Add-SPOUser -Site $\_.Url -LoginName "bkearney\@litwareinc.com" -Group "Members"}**).
+The interpretation of this PowerShell command is: Get all the SharePoint sites in the current Microsoft 365 subscription and for each site allow Bonnie Kearney access by adding her sign in name to the Members group of the site (**ForEach {Add-SPOUser -Site $\_.Url -LoginName "bkearney\@litwareinc.com" -Group "Members"}**).
## PowerShell for Microsoft 365 is great at filtering data
The alternative is to use a PowerShell script to compile the report for you.
The following example script is more complicated than the commands you've seen so far in this article. But, it shows the potential of using PowerShell to create information views that are difficult to get otherwise. Here's the script to compile and display the list you need: ```powershell
-$x = Get-AzureADUser
+Connect-MgGraph -Scopes "User.ReadBasic.All"
+$x = Get-MgUser -All
foreach ($i in $x) {
Molly Dempsey False True False
The interpretation of this PowerShell script is:
-1. Get all the users in the current Microsoft 365 subscription and store the information in a variable that's named *$x* (**$x = Get-AzureADUser**).
+1. Get all the users in the current Microsoft 365 subscription and store the information in a variable that's named *$x* (**$x = Get-MgUser**).
1. Start a loop that runs over all the users in the variable $x (**foreach ($i in $x)**). 1. Define a variable named *$y* and store the user's mailbox information in it (**$y = Get-Mailbox -Identity $i.UserPrincipalName**). 1. Add a new property to the user information that's named *IsMailBoxEnabled*. Set it to the value of the IsMailBoxEnabled property of the user's mailbox (**$i | Add-Member -MemberType NoteProperty -Name IsMailboxEnabled -Value $y.IsMailboxEnabled**). 1. Define a variable named *$y*, and store the user's Skype for Business Online information in it (**$y = Get-CsOnlineUser -Identity $i.UserPrincipalName**). 1. Add a new property to the user information that's named *EnabledForSfB*. Set it to the value of the Enabled property of the user's Skype for Business Online information (**$i | Add-Member -MemberType NoteProperty -Name EnabledForSfB -Value $y.Enabled**).
-1. Display the list of users, but include only their name, whether they are licensed, and the two new properties that indicate whether their mailbox is enabled and whether they are enabled for Skype for Business Online (**$x | Select DisplayName, IsLicensed, IsMailboxEnabled, EnabledforSfB**).
+1. Display the list of users, but include only their name, whether they're licensed, and the two new properties that indicate whether their mailbox is enabled and whether they're enabled for Skype for Business Online (**$x | Select DisplayName, IsLicensed, IsMailboxEnabled, EnabledforSfB**).
## See also
loop Loop Components Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-components-configuration.md
There are several IT Admin settings provided to enable the Loop component experi
|Configure |Setting Type |Specific Policy |Notes | |||||
-|Loop component experiences across Microsoft 365* | Cloud Policy | **Create and view Loop files in Microsoft apps that support Loop** | Applies to: <br/> - Outlook integration<br> - Word for the web integration<br> - Whiteboard integration<br> Does **NOT** apply to:<br> - Loop workspaces<br> - Teams integration |
+|Loop component experiences across Microsoft 365* | Cloud Policy | **Create and view Loop files in Microsoft apps that support Loop** | Applies to: <br/> - Outlook integration<br> - OneNote integration<br> - Word for the web integration<br> - Whiteboard integration<br> Does **NOT** apply to:<br> - Loop workspaces<br> - Teams integration |
|Outlook integration of Loop experiences | Cloud Policy | **Create and view Loop files in Outlook** | First checks **Create and view Loop files in Microsoft apps that support Loop**; then applies **Create and view Loop files in Outlook**, if applicable. | |Teams integration | SharePoint property | See [Settings management for Loop components in Teams](#settings-management-for-loop-functionality-in-teams) | *Teams only checks the settings in this row. |
To disable Loop components in Teams, run `Set-SPOTenant -IsLoopEnabled $false`.
- [Overview of Loop components in Teams](/microsoftteams/live-components-in-teams) - [Use Loop components in Outlook](https://support.microsoft.com/office/9b47c279-011d-4042-bd7f-8bbfca0cb136)
+- [Use Loop components in OneNote](https://support.microsoft.com/office/use-loop-components-in-onenote-ed8a43d9-f6fd-4ad6-bc9d-8841db4da459)
- [Loop components in Whiteboard](https://support.microsoft.com/office/loop-components-in-whiteboard-c5f08f54-995e-473e-be6e-7f92555da347) - [Get started with Microsoft Loop - Microsoft Support](https://support.microsoft.com/office/get-started-with-microsoft-loop-9f4d8d4f-dfc6-4518-9ef6-069408c21f0c)
loop Loop Components Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-components-teams.md
appliesto:
# Overview of Loop components in the Microsoft 365 ecosystem
-Loop components in Teams chat, Outlook emails, Whiteboards, or other places in the Microsoft 365 ecosystem offer a new way to ideate, create, and make decisions together. Send a component - like a table, task list, or paragraph ΓÇö where everyone in your chat, email, or document can edit inline and see changes as they're made.
+Loop components in Teams chat, Outlook emails, Whiteboards, or other places in the Microsoft 365 ecosystem offer a new way to ideate, create, and make decisions together. Send a componentΓÇölike a table, task list, or paragraphΓÇöwhere everyone in your chat, email, or document can edit inline and see changes as they're made.
> [!Note] > Loop components is the first feature of the [Microsoft Loop app](https://www.microsoft.com/en-us/microsoft-loop) to become available in Teams.
-**Get tasks done faster together.** Crowd-source an agenda, track a group's action items, or take notes collectively. These are just a few scenarios made easier with Loop components.
+**Get tasks done faster together.** Crowd-source an agenda, track a group's action items, or take notes collectively are just a few scenarios made easier with Loop components.
**Share components.** In this release, you can share Loop components into different Teams chats, Outlook emails, Whiteboards, and other places in the Microsoft 365 ecosystem. Recipients can edit from wherever they are and see updates instantly, no matter where the changes were made.
-**Start in chat or email, build from there.** Every component you create from Teams chat or Outlook email is automatically saved to a file in OneDrive. So, you might begin collaborating in chat; then, later move to the file in a full tab on Office.com, where you have a larger visual space for editing and can add as many components as you like.
+**Start in chat or email, build from there.** Every component you create from Teams chat or Outlook email is automatically saved to a file in OneDrive. You might begin collaborating in chat and then later move to the file in a full tab in Loop, where you have a larger visual space for editing and can add more content and more components as needed.
-For information on admin settings for Loop components in Teams, see [Settings management in Cloud Policy](loop-workspaces-configuration.md#settings-management-in-cloud-policy).
+For information on admin settings for Loop components in Teams, see [Settings management for Loop functionality in Teams](loop-components-configuration.md#settings-management-for-loop-functionality-in-teams).
## Clients and platforms - Available on Teams apps on Windows, Mac, iOS, Android, and web. - Available on Outlook apps on Windows and web.
+- Available on OneNote apps on Windows and web.
- Available on Whiteboard apps on Windows, Surface, iOS, Android, and web. iOS and Android are "view and edit" but users can't paste new ones. ## Loop components and .loop files
-Loop components created in Teams and Outlook are backed by a .loop (earlier versions of Loop-created .fluid) file stored in the creator's OneDrive. A file being in OneDrive means that users can create, discover, and manage Loop components (.loop files) as easily as any Office document.
+Loop components created in Teams and Outlook are just .loop files (earlier versions of Loop-created .fluid) stored in the creator's OneDrive. A file being in OneDrive means that users can create, discover, and manage Loop components (.loop files) as easily as any Office document.
## How are .loop files stored?
-The .loop files appear on Office.com and OneDrive, such as in the Recent and Recommended areas. Users can search for content in .loop files from Office.com and OneDrive. The .loop files can be restored to previous versions from OneDrive. To create Loop components, chat or email creators must have a OneDrive account. Without a valid OneDrive account, chat or email creators might still be able to collaborate on a component created by other users who have a valid OneDrive account, but can't create their own Loop components.
+The .loop files appear on Office.com and OneDrive, such as in the Recent and Recommended areas. They also appear in the Loop app. Users can search for content in .loop files from Loop, Office.com and OneDrive. The .loop files can be restored to previous versions from OneDrive. To create Loop components, chat or email creators must have a OneDrive account. Without a valid OneDrive account, chat or email creators might still be able to collaborate on a component created by other users who have a valid OneDrive account, but can't create their own Loop components.
-Moving a .loop file from OneDrive to a SharePoint site will result in the Live component failing to load in Teams chat, Outlook email, or any other place it was previously shared to.
+Moving a .loop file from OneDrive to a SharePoint site results in the Loop component failing to load in Teams chat, Outlook email, or any other place it was previously shared to.
## What happens if the owner of the file leaves the company?
Moving a .loop file from OneDrive to a SharePoint site will result in the Live c
## How are .loop files shared?
-Loop components can be inserted in Teams chat, Outlook email, and so on, or be copied from one chat, email, and so on, to another. (Loop components aren't yet supported in Teams channels.) They default to the organization's existing permissions, but users can change permissions before sending to ensure everyone has access.
+Loop components can be inserted in Teams chat, Teams channels, Outlook email, and so on, or be copied from one chat, email, channel, and so on, to another. They default to the organization's existing permissions, but users can change permissions before sending to ensure everyone has access.
-Opening components from Teams chat, Outlook email, or Whiteboard in Office.com offers share functionality at the top of the window, similar to the sharing options offered for other Office documents.
+Opening components from Teams chat, Teams channels, Outlook email, or Whiteboard in Loop offers share functionality at the top of the window, similar to the sharing options offered for other Office documents.
## What if a .loop file becomes corrupted or damaged?
Version History allows you to review, restore, or copy from previous versions of
## What apps can open and edit .loop files?
-The .loop files can only be opened as links in your browser, such as Office.com, and as Loop components in Teams chat, Outlook email, Whiteboard, and Word for the web. If downloaded, they can't be opened again without first uploading them back to OneDrive or SharePoint.
+The .loop files can only be opened as links in your browser, such as in Loop, and as Loop components in Teams chat, Outlook email, Whiteboard, and Word for the web. If downloaded, they can't be opened again without first uploading them back to OneDrive or SharePoint.
## If Loop is disabled from the admin switch, what will the user experience be?
-If you disable these experiences as outlined in the [Settings management](loop-workspaces-configuration.md#settings-management-in-cloud-policy) section, the following experience-changes will apply:
-- The create/insert entry point within Teams messaging and Outlook email will be hidden. The users won't be able to create new .loop files.-- Existing messages that would have formerly rendered as an interactive Loop component will instead render as a hyperlink. No interactive content will be displayed within the app that Loop components have been disabled in.-- When you click on the hyperlink or browse to a .loop file in OneDrive and click it to open, it will open in a separate browser tab. You will still be able to edit the file.
+If you disable these experiences as outlined in the [Settings management](loop-components-configuration.md#settings-management-in-cloud-policy) section, the following experience-changes apply:
+- The create/insert entry point within Teams messaging and Outlook email is hidden. The users won't be able to create new .loop files.
+- Existing messages will no longer render as an interactive Loop component, instead they render as a hyperlink. No interactive content will be displayed within the app that Loop components are disabled.
+- When you click on the hyperlink or browse to a .loop file in OneDrive and click it to open, it opens in a separate browser tab in the Loop component viewer and editor. You will still be able to edit the file.
## Known issues -- With tenant default file permissions set to *Specific people* (only the people the user specifies), copying the link to the Loop component and pasting it in another Teams chat requires the sender to use the permissions dialog and add the recipients in the Specific people option to grant access properly.-- With tenant default file permissions set to *Specific people* (only the people the user specifies), creating a Loop component in a group chat with more than 20 members requires the sender to manually select the permission options for the component.-- Searching for Loop components in Teams search or Outlook email search returns a link to the component in Office.com, not the message itself that contained the Loop component link.
+- With your tenant's default file permissions set to *Specific people* (only the people the user specifies), copying the link to the Loop component and pasting it in another Teams chat requires the sender to use the permissions dialog and add the recipients in the Specific people option to grant access properly.
+- With your tenant's default file permissions set to *Specific people* (only the people the user specifies), creating a Loop component in a group chat with more than 20 members requires the sender to manually select the permission options for the component.
+- Searching for Loop components in Teams search or Outlook email search returns a link to the Loop component, not the message itself that contained the Loop component link.
- Loop components are disabled in federated chats.-- Guests won't be able to view or collaborate on a Loop component.-- External recipients of emails won't be able to view or collaborate on a Loop component.-- Loop components aren't supported in Teams channels.-- Loop components won't load only if the file was moved to a different library. If the file is moved to different folder within the same library, then the Loop components continue to load in the message containing the link to the Loop component.
+- Guests aren't able to view or collaborate on a Loop component.
+- External recipients of emails aren't able to view or collaborate on a Loop component.
+- Loop components don't load if the file was moved to a different library. If the file is moved to a different folder within the same library, then the Loop components continue to load in the message containing the link to the Loop component.
## Related topics
If you disable these experiences as outlined in the [Settings management](loop-w
[Use Loop components in Outlook](https://support.microsoft.com/office/9b47c279-011d-4042-bd7f-8bbfca0cb136)
+[Use Loop components in OneNote](https://support.microsoft.com/office/use-loop-components-in-onenote-ed8a43d9-f6fd-4ad6-bc9d-8841db4da459)
+ [Use Loop components in Word for the web](https://support.microsoft.com/office/use-loop-components-in-word-for-the-web-645cc20d-5c98-4bdb-b559-380c5a27c5e5) [Loop components in Whiteboard](https://support.microsoft.com/office/loop-components-in-whiteboard-c5f08f54-995e-473e-be6e-7f92555da347)
security Linux Static Proxy Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration.md
During installation, the `HTTPS_PROXY` environment variable must be passed to th
The `HTTPS_PROXY` environment variable may similarly be defined during uninstallation.
-Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry will not be submitted, and the operation could take much longer due to network timeouts.
+Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry won't be submitted, and the operation could take longer due to network timeouts.
## Post installation configuration
-After installation, configure Defender for Endpoint with static proxy using the following method:
+After installation, configure Defender for Endpoint with a static proxy. This can be done in two ways:
+### 1. Using mdatp command-line tool
+
+Run the following command on the endpoint to configure proxy for Defender for Endpoint
```bash mdatp config proxy set --value http://address:port ```
-> [!NOTE]
-> This method works for every distribution of Defender for Endpoint on Linux and is **Recommended**.
--
-The `HTTPS_PROXY` environment variable must be defined in the Defender for Endpoint service file. To do this, run `sudo systemctl edit --full mdatp.service`.
-You can then propagate the variable to the service in one of two ways:
-
-1) Uncomment the line `#Environment="HTTPS_PROXY=http://address:port"` and specify your static proxy address.
-
-2) Add a line `EnvironmentFile=/path/to/env/file`. This path can point to `/etc/environment` or a custom file, either of which needs to add the following line:
-
- ```bash
- HTTPS_PROXY="http://proxy.server:port/"
- ```
-After modifying `mdatp.service`, save the file and restart the service so the changes can be applied using the following commands:
+### 2. Using managed configuration
-```bash
-sudo systemctl daemon-reload; sudo systemctl restart mdatp
+Set the proxy in the managed configuration at `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`. This is an example of the json schema:
+```
+{
+ "cloudService":{
+ "proxy": "http://proxy.server:port/"
+ }
+}
```
-> [!NOTE]
-> To remove any additions you might have made before uninstalling `mdatp`, delete the custom file from `/etc/systemd/system`.
-> [!NOTE]
-> Red Hat Enterprise Linux 6.X and CentOS 6.X don't support **systemctl** and **/etc/environment** methods. To configure static proxy for MDE on these distributions, use the Recommended **mdatp config proxy set** method.
+A management tool of choice can be used to deploy the above configuration. Please check [Set preferences for Microsoft Defender for Endpoint on Linux](./linux-preferences.md) for more details on managed configuration.
+ [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
security Advanced Hunting Microsoft Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-microsoft-defender.md
After connecting your Microsoft Sentinel workspace and Microsoft Defender XDR ad
- **Use the time filter dropdown instead of setting the time span in the query** ΓÇô If you're filtering ingestion of Defender XDR tables to Sentinel instead of streaming the tables as is, don't filter the time in the query as this might generate incomplete results. If you set the time in the query, the streamed, filtered data from Sentinel is used because it usually has the longer data retention period. If you would like to make sure you're querying all Defender XDR data for up to 30 days, use the time filter dropdown provided in the query editor instead. - **View `SourceSystem` and `MachineGroup` columns for Defender XDR data that have been streamed from Microsoft Sentinel** ΓÇô Since the columns `SourceSystem` and `MachineGroup` are added to Defender XDR tables once they're streamed to Microsoft Sentinel, they also appear in results in advanced hunting in Defender. However, they remain blank for Defender XDR tables that weren't streamed (tables that follow the default 30-day data retention period). -
+> [!NOTE]
+> Using the unified portal, where you can query Microsoft Sentinel data after connecting a Microsoft Sentinel workspace, does not automatically mean you can also query Defender XDR data while in Microsoft Sentinel. Raw data ingestion of Defender XDR should still be configured in Microsoft Sentinel for this to happen.
## Where to find your Microsoft Sentinel data You can use advanced hunting KQL (Kusto Query Language) queries to hunt through Microsoft Defender XDR and Microsoft Sentinel data.
security Zero Trust Identity Device Access Policies Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-trust-identity-device-access-policies-overview.md
Zero Trust identity and device access policies address the **Verify explicitly**
- Control user actions. - Validate secure configuration options.
-This series of articles describe a set of identity and device access configurations and policies using Azure Active Directory (Azure AD) Conditional Access, Microsoft Intune, and other features. These configurations and policies provide Zero Trust access to Microsoft 365 for enterprise cloud apps and services, other SaaS services, and on-premises applications that are published with Azure AD Application Proxy.
+This series of articles describe a set of identity and device access configurations and policies using Microsoft Entra ID, Conditional Access, Microsoft Intune, and other features. These configurations and policies provide Zero Trust access to Microsoft 365 for enterprise cloud apps and services, other SaaS services, and on-premises applications that are published with Microsoft Entra application proxy.
Zero Trust identity and device access settings and policies are recommended in three tiers:
This guidance shows you how to implement a set of policies to protect access to
### Windows 11 or Windows 10 with Microsoft 365 Apps for enterprise
-Windows 11 or Windows 10 with Microsoft 365 Apps for enterprise is the recommended client environment for PCs. We recommend Windows 11 or Windows 10 because Azure is designed to provide the smoothest experience possible for both on-premises and Microsoft Entra ID. Windows 11 or Windows 10 also includes advanced security capabilities that can be managed through Intune. Microsoft 365 Apps for enterprise includes the latest versions of Office applications. These use modern authentication, which is more secure and a requirement for Conditional Access. These apps also include enhanced compliance and security tools.
+Windows 11 or Windows 10 with Microsoft 365 Apps for enterprise is the recommended client environment for PCs. We recommend Windows 11 or Windows 10 because Microsoft Entra is designed to provide the smoothest experience possible for both on-premises and Microsoft Entra ID. Windows 11 or Windows 10 also includes advanced security capabilities that can be managed through Intune. Microsoft 365 Apps for enterprise includes the latest versions of Office applications. These use modern authentication, which is more secure and a requirement for Conditional Access. These apps also include enhanced compliance and security tools.
## Applying these capabilities across the three levels of protection
Once you have determined the set of policies for the apps you want to secure, ro
Similarly, for your sensitive apps, create the set of policies and add one app at a time. Work through any issues until they're all included in the sensitive app policy set.
-Microsoft recommends that you don't create policy sets that apply to all apps because it can result in some unintended configurations. For example, policies that block all apps could lock your admins out of the Azure portal and exclusions can't be configured for important endpoints such as Microsoft Graph.
+Microsoft recommends that you don't create policy sets that apply to all apps because it can result in some unintended configurations. For example, policies that block all apps could lock your admins out of the Microsoft Entra admin center and exclusions can't be configured for important endpoints such as Microsoft Graph.
## Steps to configure Zero Trust identity and device access
syntex Autofill Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/autofill-overview.md
+
+ Title: Overview of autofill columns Microsoft Syntex
++++ Last updated : 04/15/2024
+audience: admin
+++
+search.appverid:
+
+ - enabler-strategic
+ - m365initiative-syntex
+ms.localizationpriority: medium
+
+description: Learn about the autofill columns service in Microsoft Syntex.
++
+# Overview of autofill columns in Microsoft Syntex
+
+> [!NOTE]
+> Through June 2024, you can try out autofill columns and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+
+Autofill columns in Microsoft Syntex automatically extract, summarize, or generate content from files uploaded to a SharePoint document library. By using large language models (LLMs), autofill columns can save metadata automatically, streamlining the process of managing files and their associated information.
+
+For example, you can ask a question (a *prompt*) of a document in natural language, and the system saves the response directly to a designated library column. Or you can have more than one of these questions set to process any file uploaded to a library, with each response allocated to a specific column.
+
+Autofill columns can work alongside other Microsoft Syntex models. You can associate different extractive prompts (where you take information from existing data) or generative prompts (where you create new content) with more than one column, allowing you to extract metadata that other models might not detect or generate.
+
+## Requirements and limitations
+
+### Supported file types
+
+Autofill columns are available for the following file types: .csv, .doc, .docx, .eml, .heic, .heif, .htm, .html, .jpeg, .jpg, .markdown, .md, .msg, .pdf, .png, .ppt, .pptx, .rtf, .tif, .tiff, .txt, .xls, and .xlsx.
+
+### Supported column data types
+
+Autofill columns are available for the following column data types:
+
+- Choice
+- Number
+- Text
+- DateTime
+- Boolean
+- Note
+- Currency
+- DateTime
+- URL
+- MMD
+
+### Current release notes
+
+- Bulk processing options for existing library files will be added in a future release.
+
+- Currently, autofill columns don't support the following library types: FormServerTemplates, SitePages, Style Library, and SiteAssets.
syntex Metadata Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/metadata-search.md
Previously updated : 09/11/2023 Last updated : 04/15/2024 audience: admin
description: Learn how to use Syntex content query and search for custom site co
Microsoft Syntex gives you the ability to quickly search through your document's metadata with ease. The Syntex content query feature lets you perform specific metadata-based queries on SharePoint document libraries. You can make faster, more precise queries based on specific metadata column values, rather than just searching for keywords.
-Syntex content query lets you use the metadata associated with a document to help locate the file in a SharePoint document library. This feature is particularly useful when you have a specific piece of information you want to search for, such as when a document was last modified, a specific person associated with a file, or a specific file type.
+Syntex content query lets you use the metadata associated with a document to help locate the file in a SharePoint document library. This feature is particularly useful when you have a specific piece of information you want to search for, such as when a document was last modified, a specific person associated with a file, specific keywords in a file, or a specific file type.
+
+## Columns you can query
+
+You can now use content query to search for metadata in any of the queriable columns in your document library. Queriable columns include the following content types:
+
+- 'Text':
+- 'Note':
+- 'DateTime':
+- 'Choice':
+- 'MultiChoice':
+- 'User':
+- 'Boolean':
+- 'Currency':
+- 'Number':
+- 'TaxonomyFieldType':
+- 'TaxonomyFieldTypeMulti':
+
+**New document libraries** ΓÇö For new libraries, all of the columns are available in content query.
+
+**Existing document libraries** ΓÇö For existing libraries, all of the queriable columns won't be immediately available. You need to select the content query icon (![Screenshot of the metadata search icon.](../media/content-understanding/metadata-search-icon.png)) in the existing library. Then after five days, check the library again and all of the columns should be available.
> [!NOTE] > This feature is available for users who have Syntex [per-user](set-up-content-understanding.md) or [pay-as-you-go](syntex-azure-billing.md) licensing.
Syntex content query lets you use the metadata associated with a document to hel
|People |Search for a match on people in any column in the library. | |Modified date |Search by selected date range in the **Modified** column in the library. | |File type |Search by selected file type (for example, Word document or PDF). |
- |Content type |Search by selected content type. This option will only appear if there's a non-default content type applied to the library. Default content types are *document* and *folder*. |
+ |Content type |Search by selected content type. This option will only appear if there's a nondefault content type applied to the library. Default content types are *document* and *folder*. |
3. You can also search for custom site columns that are in the current library view. This is especially useful if you have a model running on the library because the metadata extractors automatically populate information into site columns.
Syntex content query lets you use the metadata associated with a document to hel
For numbers, currency, and date columns, you can scope parameters of the queryΓÇöfor example, greater than a specific amount or within a specific period of time. For text columns, you can specify if you want to contain or not contain certain words. 4. Select **Search**. The documents that match your metadata query are shown on the results page. +