Updates from: 04/24/2024 03:06:31
Category Microsoft Docs article Related commit history on GitHub Change details
copilot-for-microsoft-365-admin Copilot For Microsoft 365 Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/copilot-for-microsoft-365-admin.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn about Copilot for Microsoft 365 admin and how it can help simplify admin tasks."
With Copilot for Microsoft 365 admin, you can:
As an example, check out these prompts: -- ΓÇ£Show me users in Australia with Teams license assignedΓÇ¥-- ΓÇ£Identify all groups in my organization without an ownerΓÇ¥-- ΓÇ£Identify all users who are unlicensed"
+- "Show me users in Australia with Teams license assigned"
+- "Identify all groups in my organization without an owner"
+- "Identify all users who are unlicensed"
**Navigate** to different pages, features, and experiences within the admin center. Copilot provides a breadcrumb trail and direct link to your desired page. Examples: -- ΓÇ£Where do I manage integrated appsΓÇ¥-- ΓÇ£Where do I manage rolesΓÇ¥
+- "Where do I manage integrated apps"
+- "Where do I manage roles"
**Get support** for any challenges or questions that you have related to administering Microsoft 365 for your tenant. Examples: -- ΓÇ£How do I view my bill?ΓÇ¥-- ΓÇ£How do I set up Multi-factor Authentication?ΓÇ¥
+- "How do I view my bill?"
+- "How do I set up Multi-factor Authentication?"
Provide **deployment guidance** for setting up and managing various aspects of identity and security within the tenant. Examples: -- ΓÇ£What is the status of my security defaults?ΓÇ¥-- ΓÇ£What is the identity user status in my org?ΓÇ¥
+- "What is the status of my security defaults?"
+- "What is the identity user status in my org?"
-**Surface general status** of Microsoft services, tenant health status, health advice and recommendations.
+**Surface general status** of Microsoft services, tenant health status, health advice, and recommendations.
Examples: -- "Are there any service issues right now?ΓÇ¥-- ΓÇ£Show me health of teamsΓÇ¥
+- "Are there any service issues right now?"
+- "Show me health of teams"
**Marketplace navigation** to help admins discover, trial, or purchase solutions and take advantage of value from Microsoft 365. Examples: -- ΓÇ£Tell me about Microsoft Business PremiumΓÇ¥-- ΓÇ£I want to buy VisioΓÇ¥
+- "Tell me about Microsoft Business Premium"
+- "I want to buy Visio"
-During the preview, use the pre-populated prompt options in the Copilot pane for the best results.
+During the preview, use the prepopulated prompt options in the Copilot pane for the best results.
-To maintain your security and privacy, Copilot won't make any configuration changes on behalf of you. To learn more about security and privacy with Copilot, see [Data, Privacy, and Security for Microsoft 365 Copilot](microsoft-365-copilot-privacy.md).
+To maintain your security and privacy, Copilot doesn't make any configuration changes on your behalf. To learn more about security and privacy with Copilot, see [Data, Privacy, and Security for Microsoft 365 Copilot](microsoft-365-copilot-privacy.md).
## Frequently Asked Questions
In preview, Copilot is automatically enabled for select customers who have purch
### Which admin roles can use Copilot for Microsoft 365 admin?
-It will be available to all admins, and respect role-based access controls (RBAC) within the admin center, only surfacing information and controls that the particular admin has access to. Copilot won't make any configuration changes on behalf of an admin, keeping security integrity intact.
+It will be available to all admins, and respect role-based access controls (RBAC) within the admin center, only surfacing information and controls that the particular admin has access to. Copilot doesn't make any configuration changes on behalf of an admin, keeping security integrity intact.
### Are there differences with how Copilot treats prompts from the admin center or admin vs. Users?
manage-public-web-access Manage Public Web Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/manage-public-web-access.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn how to manage Microsoft Copilot for Microsoft 365 access to web content for your organization."
microsoft-365-copilot-enable-users Microsoft 365 Copilot Enable Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-enable-users.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn about the steps to deploy Microsoft Copilot for Microsoft 365 to your users."
microsoft-365-copilot-overview Microsoft 365 Copilot Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
- essentials-overview description: "Learn about how Microsoft Copilot for Microsoft 365 works."
microsoft-365-copilot-page Microsoft 365 Copilot Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-page.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn about the Copilot page and how you can manage Copilot for Microsoft 365 settings in the Microsoft 365 admin center."
microsoft-365-copilot-privacy Microsoft 365 Copilot Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-privacy.md
- privacy-microsoft365 - privacy-copilot - m365copilot
+- magic-ai-copilot
hideEdit: true Last updated 03/04/2024
microsoft-365-copilot-requirements Microsoft 365 Copilot Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-requirements.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn about the requirements for Microsoft Copilot for Microsoft 365."
microsoft-365-copilot-setup Microsoft 365 Copilot Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-setup.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
- essentials-get-started description: "Learn how to prepare your organization for Microsoft Copilot for Microsoft 365."
provide-feedback Provide Feedback https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/provide-feedback.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
description: "Learn how to provide Copilot for Microsoft 365 feedback to Microsoft on behalf of their users who encounter issues"
admin Microsoft 365 Copilot Organizational Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-365-copilot-organizational-messages.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-- M365copilot
+- m365copilot
+- magic-ai-copilot
search.appverid: - BCS160
admin Microsoft 365 Copilot Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
- Adm_O365 - Adm_NonTOC - m365copilot
+- magic-ai-copilot
search.appverid: - BCS160
admin Ai Assistance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/ai-assistance.md
- M365-subscription-management - Adm_O365 - Adm_TOC-- M365copilot
+- m365copilot
+- magic-ai-copilot
search.appverid: - MET150 - MOE150
admin Manage Plugins For Copilot In Integrated Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-plugins-for-copilot-in-integrated-apps.md
- Adm_O365 - Adm_TOC - m365copilot
+- magic-ai-copilot
- AdminSurgePortfolio - AdminTemplateSet
backup Backup Billing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-billing.md
Use these steps to set up pay-as-you-go billing for Microsoft 365 Backup.
You have successfully set up billing. You can proceed to [Step 2: Turn on Microsoft 365 Backup](backup-setup.md#step-2-turn-on-microsoft-365-backup).
+> [!NOTE]
+> Any subsequent changes made to the billing for Microsoft 365 Backup in the Microsoft 365 admin center or the Azure portal can take up to 24 hours to become effective.
++ ## Manage consumption and invoices in the Azure portal You can view actual and accumulated cost breakdown by tenants and service type for OneDrive, SharePoint, and Exchange in Microsoft Cost Management in the Azure portal or access the information by using the [Cost Management public APIs](/rest/api/cost-management/operation-groups). Cost breakdown by application ID is coming soon.
backup Backup Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-overview.md
The following table summarizes expected performance for a normally distributed t
|Scenario |Restore of all protection units* complete | |:-|:--|
-| 1,000 accounts, sites, or mailboxes<br>(30-GB average size) |Less than 12 hours |
+| 1,000 accounts, sites, or mailboxes<br>(10-GB average size) |Less than 12 hours |
<sup>*A *protection unit* is a OneDrive account, SharePoint site, or Exchange mailbox.</sup>
backup Backup Pricing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/backup-pricing.md
Number of total and active user mailboxes at the start of the period and at the
![Screenshot showing the number of total and active user mailboxes for Exchange.](../media/m365-backup/backup-exchange-mailbox-total.png)
+This example does not show archive mailboxes, but any archive mailbox size will count towards your backup storage.
+ ##### Storage Amount of storage used at the start of the period and at the end of the period. For example, 5.5 GB and 4.3 GB:
enterprise Configure Exchange Server For Hybrid Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md
Hybrid Modern Authentication (HMA) is a method of identity management that offers more secure user authentication and authorization, and is available for Exchange server on-premises hybrid deployments.
-## Definitions
-
-Before we begin, you should be familiar with some definitions:
--- Hybrid Modern Authentication \> HMA--- Exchange on-premises \> EXCH--- Exchange Online \> EXO-
-Also, if a graphic in this article has an object that's 'grayed-out' or 'dimmed' that means the element shown in gray isn't included in HMA-specific configuration.
- ## Enabling Hybrid Modern Authentication Turning on HMA requires that your environment meets the following: 1. Make sure you meet the prerequisites before you begin.
-1. Since many prerequisites are common for both Skype for Business and Exchange, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md). Do this before you begin any of the steps in this article.
+2. Since many prerequisites are common for both Skype for Business and Exchange, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md). Do this before you begin any of the steps in this article.
Requirements about linked mailboxes to be inserted.
-1. Add on-premises web service URLs as **Service Principal Names (SPNs)** in Microsoft Entra ID. In case EXCH is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with EXCH.
+3. Add on-premises web service URLs as **Service Principal Names (SPNs)** in Microsoft Entra ID. In case Exchange on-premises is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange on-premises.
+
+4. Ensure all Virtual Directories are enabled for HMA
-1. Ensure all Virtual Directories are enabled for HMA
+5. Check for the EvoSTS Auth Server object
-1. Check for the EvoSTS Auth Server object
+6. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid
-1. Enable HMA in EXCH.
+7. Ensure that all user identities are synchronized with Microsoft Entra ID
+
+8. Enable HMA in Exchange on-premises.
> [!NOTE] > Does your version of Office support MA? See [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
-> [!NOTE]
-> Outlook Web App and Exchange Control Panel do not work with hybrid Modern Authentication. In addition, publishing Outlook Web App and Exchange Control Panel through Microsoft Entra application proxy is unsupported.
+> [!WARNING]
+> Publishing Outlook Web App and Exchange Control Panel through Microsoft Entra application proxy is unsupported.
<a name='add-on-premises-web-service-urls-as-spns-in-azure-ad'></a>
Run the commands that assign your on-premises web service URLs as Microsoft Entr
1. First, run the following commands on your Microsoft Exchange Server: ```powershell
- Get-MapiVirtualDirectory | FL server,*url*
- Get-WebServicesVirtualDirectory | FL server,*url*
- Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri
- Get-OABVirtualDirectory | FL server,*url*
- Get-AutodiscoverVirtualDirectory | FL server,*url*
- Get-OutlookAnywhere | FL server,*hostname*
+ Get-MapiVirtualDirectory -ADPropertiesOnly | fl server,*url*
+ Get-WebServicesVirtualDirectory -ADPropertiesOnly | fl server,*url*
+ Get-ClientAccessService | fl Name, AutodiscoverServiceInternalUri
+ Get-OABVirtualDirectory -ADPropertiesOnly | fl server,*url*
+ Get-AutodiscoverVirtualDirectory -ADPropertiesOnly | fl server,*url*
+ Get-OutlookAnywhere -ADPropertiesOnly | fl server,*hostname*
```
- Ensure the URLs clients might connect to are listed as HTTPS service principal names in Microsoft Entra ID. In case EXCH is in hybrid with **multiple tenants**, these HTTPS SPNs should be added in the Microsoft Entra ID of all the tenants in hybrid with EXCH.
+ Ensure the URLs clients might connect to are listed as HTTPS service principal names in Microsoft Entra ID. In case Exchange on-premises is in hybrid with **multiple tenants**, these HTTPS SPNs should be added in the Microsoft Entra ID of all the tenants in hybrid with Exchange on-premises.
-2. Next, connect to Microsoft Entra ID with [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:
+2. Install the Microsoft Graph PowerShell module:
+
+ ```powershell
+ Install-Module Microsoft.Graph -Scope AllUsers
+ ```
+
+3. Next, connect to Microsoft Entra ID with [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:
```powershell Connect-MgGraph -Scopes Application.Read.All, Application.ReadWrite.All ```
-3. For your Exchange-related URLs, type the following command:
+4. For your Exchange-related URLs, type the following command:
```powershell Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'" | select -ExpandProperty ServicePrincipalNames ```
- Take note of (and screenshot for later comparison) the output of this command, which should include an `https://*autodiscover.yourdomain.com*` and `https://*mail.yourdomain.com*` URL, but mostly consist of SPNs that begin with `00000002-0000-0ff1-ce00-000000000000/`. If there are `https://` URLs from your on-premises that are missing, those specific records should be added to this list.
+ Take a note of (and screenshot for later comparison) the output of this command, which should include an `https://*autodiscover.yourdomain.com*` and `https://*mail.yourdomain.com*` URL, but mostly consist of SPNs that begin with `00000002-0000-0ff1-ce00-000000000000/`. If there are `https://` URLs from your on-premises that are missing, those specific records should be added to this list.
+
+5. If you don't see your internal and external `MAPI/HTTP`, `EWS`, `ActiveSync`, `OAB`, and `Autodiscover` records in this list, you must add them. Use the following command to add all URLs that are missing:
-4. If you don't see your internal and external MAPI/HTTP, EWS, ActiveSync, OAB, and Autodiscover records in this list, you must add them using the following command (the example URLs are `mail.corp.contoso.com` and `owa.contoso.com`, but you should replace the example URLs with your own):
+ > [!IMPORTANT]
+ > In our example, the URLs that will be added are `mail.corp.contoso.com` and `owa.contoso.com`. Make sure that they are replaced by the URLs that are configured in your environment.
```powershell
- $x= Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
- $ServicePrincipalUpdate =@(
+ $x = Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
+ $ServicePrincipalUpdate = @(
"https://mail.corp.contoso.com/","https://owa.contoso.com/" ) Update-MgServicePrincipal -ServicePrincipalId $x.Id -ServicePrincipalNames $ServicePrincipalUpdate
Get-AuthServer | where {$_.Name -like "EvoSts*"} | ft name,enabled
Your output should show an AuthServer of the Name EvoSts with a GUID and the 'Enabled' state should be **True**. If not, you should download and run the most recent version of the Hybrid Configuration Wizard. > [!NOTE]
-> In case EXCH is in hybrid with **multiple tenants**, your output should show one AuthServer of the Name `EvoSts - {GUID}` for each tenant in hybrid with EXCH and the *Enabled* state should be **True** for all of these AuthServer objects.
+> In case Exchange on-premises is in hybrid with **multiple tenants**, your output should show one AuthServer of the Name `EvoSts - {GUID}` for each tenant in hybrid with Exchange on-premises and the *Enabled* state should be **True** for all of these AuthServer objects.
> [!IMPORTANT] > If you're running Exchange 2010 in your environment, the EvoSTS authentication provider won't be created.
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
> Set-AuthServer -Identity EvoSTS -IsDefaultAuthorizationEndpoint $true > ```
-If the EXCH version is Exchange 2016 (CU18 or higher) or Exchange 2019 (CU7 or higher) and hybrid was configured with HCW downloaded after September 2020, run the following command in the Exchange Management Shell, on-premises:
+If the Exchange on-premises version is Exchange 2016 (CU18 or higher) or Exchange 2019 (CU7 or higher) and hybrid was configured with HCW downloaded after September 2020, run the following command in the Exchange Management Shell, on-premises:
```powershell Set-AuthServer -Identity "EvoSTS - {GUID}" -DomainName "Tenant Domain" -IsDefaultAuthorizationEndpoint $true
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
``` > [!NOTE]
-> In case EXCH is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in EXCH with domains corresponding to each tenant. The **IsDefaultAuthorizationEndpoint** flag should be set to true (using the **IsDefaultAuthorizationEndpoint** cmdlet) for any one of these AuthServer objects. This flag can't be set to true for all the Authserver objects and HMA would be enabled even if one of these AuthServer object's **IsDefaultAuthorizationEndpoint** flag is set to true.
+> In case Exchange on-premises is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in Exchange on-premises with domains corresponding to each tenant. The **IsDefaultAuthorizationEndpoint** flag should be set to true (using the **IsDefaultAuthorizationEndpoint** cmdlet) for any one of these AuthServer objects. This flag can't be set to true for all the Authserver objects and HMA would be enabled even if one of these AuthServer object's **IsDefaultAuthorizationEndpoint** flag is set to true.
> [!NOTE] > For the **DomainName** parameter, use the tenant domain value, which is usually in the form `contoso.onmicrosoft.com`.
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Once you enable HMA, a client's next sign in will use the new auth flow. Just turning on HMA won't trigger a reauthentication for any client, and it might take a while for Exchange to pick up the new settings.
-You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select **Connection Status**. Look for the client's SMTP address against an **Authn** type of `Bearer\*`, which represents the bearer token used in OAuth.
+You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select **Connection Status**. Look for the client's SMTP address against an **AuthN** type of `Bearer\*`, which represents the bearer token used in OAuth.
> [!NOTE] > Need to configure Skype for Business with HMA? You'll need two articles: One that lists [supported topologies](/skypeforbusiness/plan-your-deployment/modern-authentication/topologies-supported), and one that shows you [how to do the configuration](configure-skype-for-business-for-hybrid-modern-authentication.md).
-## Using hybrid Modern Authentication with Outlook for iOS and Android
+## Enable Hybrid Modern Authentication for OWA and ECP
+
+Hybrid Modern Authentication can now also be enabled for `OWA` and `ECP`. Make sure that the [Prerequisites](#prerequisites-to-enable-hybrid-modern-authentication-for-owa-and-ecp) are fulfilled before you continue.
+
+After the Hybrid Modern Authentication was enabled for `OWA` and `ECP`, each end user and administrator who tries to login into `OWA` or `ECP` will be redirected to the Microsoft Entra ID authentication page first. After the authentication was successful, the user will be redirected to `OWA` or `ECP`.
+
+### Prerequisites to enable Hybrid Modern Authentication for OWA and ECP
+
+To enable Hybrid Modern Authentication for `OWA` and `ECP`, all user identities must be synchronized with Microsoft Entra ID.
+In addition to this it's important that OAuth setup between Exchange Server on-premises and Exchange Online has been established before further configuration steps can be done.
+
+Customers who have already run the Hybrid Configuration Wizard (HCW) to configure hybrid, will have an OAuth configuration in place. If OAuth was not configured before, it can be done by running the HCW or by following the steps as outlined in the [Configure OAuth authentication between Exchange and Exchange Online organizations](/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help) documentation.
+
+It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory` settings before making any changes. This documentation will enable you to restore the original settings if any issues arise after configuring the feature.
+
+> [!IMPORTANT]
+> All servers must have at least the [Exchange Server 2019 CU14](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506) update installed. They must also run the [Exchange Server 2019 CU14 April 2024 HU](https://support.microsoft.com/help/5037224) or a later update.
+
+### Steps to enable Hybrid Modern Authentication for OWA and ECP
+
+1. Query the `OWA` and `ECP` URLs that are configured on your Exchange Server on-premises . This is important because they must be added as reply url to Microsoft Entra ID:
+
+ ```powershell
+ Get-OwaVirtualDirectory -ADPropertiesOnly | fl name, *url*
+ Get-EcpVirtualDirectory -ADPropertiesOnly | fl name, *url*
+ ```
+
+2. Install the Microsoft Graph PowerShell module if it has not yet been installed:
+
+ ```powershell
+ Install-Module Microsoft.Graph -Scope AllUsers
+ ```
+
+3. Connect to Microsoft Entra ID with [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:
+
+ ```powershell
+ Connect-Graph -Scopes User.Read, Application.ReadWrite.All
+ ```
+
+4. Specify your `OWA` and `ECP` URLs:
+
+ ```powershell
+ $replyUrlsToBeAdded = @(
+ "https://YourDomain.contoso.com/owa","https://YourDomain.contoso.com/ecp"
+ )
+ ```
+
+5. Update your application with the reply URLs:
+
+ ```powershell
+ $servicePrincipal = Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
+ $servicePrincipal.ReplyUrls += $replyUrlsToBeAdded
+ Update-MgServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AppId "00000002-0000-0ff1-ce00-000000000000" -ReplyUrls $servicePrincipal.ReplyUrls
+ ```
+
+6. Verify that the reply URLs have been added successfully:
+
+ ```powershell
+ (Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'").ReplyUrls
+ ```
+
+7. To enable Exchange Server on-premises ability to perform Hybrid Modern Authentication, follow the steps outlined in the [Enable HMA](#enable-hma) section.
+
+8. **(Optional)** Only required if [Download Domains](/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains) are used:
++
+ Create a new global setting override by running the following commands from an elevated Exchange Management Shell (EMS). Run these commands on one Exchange Server:
+
+ ```powershell
+ New-SettingOverride -Name "OWA HMA Download Domain Support" -Component "OAuth" -Section "OAuthIdentityCacheFixForDownloadDomains" -Parameters ("Enabled=true") -Reason "Enable support for OWA HMA when Download Domains are in use"
+ Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
+ Restart-Service -Name W3SVC, WAS -Force
+ ```
+
+9. **(Optional)** Only required in [Exchange resource forest topology](/exchange/deploy-exchange-2013-in-an-exchange-resource-forest-topology-exchange-2013-help) scenarios:
+
+ Add the following keys to the `<appSettings>` node of the `<ExchangeInstallPath>\ClientAccess\Owa\web.config` file. Do this on each Exchange Server:
+
+ ```notepad
+ <add key="OAuthHttpModule.ConvertToSidBasedIdentity" value="true"/>
+ <add key="OAuthHttpModule.UseMasterAccountSid" value="true"/>
+ ```
+
+ Create a new global setting override by running the following commands from an elevated Exchange Management Shell (EMS). Run these commands on one Exchange Server:
+
+ ```powershell
+ New-SettingOverride -Name "OWA HMA AFRF Support" -Component "OAuth" -Section "OwaHMAFixForAfRfScenarios" -Parameters ("Enabled=true") -Reason "Enable support for OWA HMA in AFRF scenarios"
+ Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
+ Restart-Service -Name W3SVC, WAS -Force
+ ```
+
+10. To enable Hybrid Modern Authentication for `OWA` and `ECP`, you must first disable any other authentication method on these virtual directories. Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
+
+ > [!IMPORTANT]
+ > It's important to execute these commands in the given order. Otherwise, you'll see an error message when running the commands. After running these commands, login to `OWA` and `ECP` will stop work until the OAuth authentication for those virtual directories has been activated.
+ >
+ > Also, make sure that all accounts are synchronized, especially the accounts used for administration to Microsoft Entra ID. Otherwise, the login will stop working until they are synchronized. Note that accounts, such as the built-in Administrator, wonΓÇÖt be synchronized with Microsoft Entra ID and, therefore, canΓÇÖt be used for administration once HMA for OWA and ECP has been enabled. This is due to the `isCriticalSystemObject` attribute, which is set to `TRUE` for some accounts.
+
+ ```powershell
+ Get-OwaVirtualDirectory -Server <computername> | Set-OwaVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false
+ Get-EcpVirtualDirectory -Server <computername> | Set-EcpVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false
+ ```
+
+11. Enable OAuth for the `OWA` and `ECP` virtual directory. Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
+
+ > [!IMPORTANT]
+ > It's important to execute these commands in the given order. Otherwise, you'll see an error message when running the commands.
+
+ ```powershell
+ Get-EcpVirtualDirectory -Server <computername> | Set-EcpVirtualDirectory -OAuthAuthentication $true
+ Get-OwaVirtualDirectory -Server <computername> | Set-OwaVirtualDirectory -OAuthAuthentication $true
+ ```
+
+## Using Hybrid Modern Authentication with Outlook for iOS and Android
-If you're an on-premises customer using Exchange server on TCP 443, allow network traffic from the following IP ranges:
+If you're an on-premises customer using Exchange Server on TCP 443, allow network traffic from the following IP ranges:
```console 52.125.128.0/20
enterprise M365 Dr Workload Copilot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-copilot.md
- M365-subscription-management - must-keep - m365copilot
+- magic-ai-copilot
# Data Residency for Microsoft Copilot for Microsoft 365
enterprise Sync Users Multi Tenant Orgs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/sync-users-multi-tenant-orgs.md
When you set up user synchronization with another tenant in a multitenant organi
|givenName|telephoneNumber| |IsSoftDeleted|userPrincipalName| |jobTitle|UserType (member)|
-|mailNickname||
+|mailNickname|manager|
You can change the properties that are synchronized after the synchronization has been configured. For more information, see [Configure cross-tenant synchronization](/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure#step-9-review-attribute-mappings).
To change which users are synchronized to other tenants
This procedure updates the *MTO_Sync_\<TenantID\>* synchronization configurations in Microsoft Entra ID for each tenant in your multitenant organization.
+## Set up calendar sharing for tenants in your MTO
+
+Calendar sharing allows users in each multitenant organization (MTO) tenant to view free/busy (time only) calendar availability information.
+
+To manage free/busy calendar sharing for tenants in your MTO
+
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) as a global administrator.
+1. Expand **Settings** and select **Org settings**.
+1. On the **Organization profile** tab, select **Multitenant collaboration**.
+1. Select **Manage settings**.
+1. Select **Edit calendar settings** under **Calendar**.
+1. Select tenants to enable free/busy calendar sharing.
+1. Select **Save changes**.
+
+The calendar sharing feature for MTO utilizes [Organization relationships in Exchange Online](/exchange/sharing/organization-relationships/organization-relationships). The organization relationship will share all users calendar availability and must also be set up by the other tenants in your MTO for free/busy information to be shared.
+
+## Set up MTO user labels in Teams for tenants in your MTO (Preview)
+
+MTO group admins can now configure an optional label for each tenant that will be displayed alongside MTO synced user's display name in Teams. This allows MTO synced users to be distinguishable within the MTO in Teams interactions.
+
+![Teams people card shows MTO user label "US".](media/sync-users-multi-tenant-orgs/teams-mto-label-people-card.png)
+> _Fig 1: Teams people card shows MTO user label "US"_
+
+![Teams search experience shows MTO user label "US".](media/sync-users-multi-tenant-orgs/teams-mto-search.png)
+> _Fig 2: Teams search experience shows MTO user label ΓÇ£USΓÇ¥_
++
+Only MTO owners can manage the MTO user labels. Label changes may take some time to process and will only apply to active tenants.
+To manage MTO user labels for tenants in your MTO
+
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) as a global administrator.
+1. Expand **Settings** and select **Org settings**.
+1. On the **Organization profile** tab, select **Multitenant collaboration**.
+1. Select **Manage settings**.
+1. Select **Edit** under **Tenant label**.
+1. Select either:
+
+ 1. No label.
+
+ 1. Use the multitenant organization name for all tenants.
+
+ 1. Custom (assign a label for each tenant, which cannot be blank).
+1. Select **Save changes**.
+ ## Related topics [Troubleshooting tips for multitenant organizations](/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure#troubleshooting-tips)
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Microsoft 365 URLs and IP address ranges"
Previously updated : 03/29/2024 Last updated : 04/23/2024 audience: Admin
Data columns shown are:
- **Category**: Shows whether the endpoint set is categorized as **Optimize**, **Allow**, or **Default**. This column also lists which endpoint sets are required to have network connectivity. For endpoint sets that aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity.
- You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services).
+ You can read about these categories and guidance for their management in [Optimizing connectivity to Microsoft 365 services](microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services).
- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set.
solutions Collaborate Guests Cross Cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-guests-cross-cloud.md
Inviting guests from organizations in other Microsoft 365 cloud environments req
Additionally, to enable B2B collaboration with an organization in a different Microsoft 365 cloud environment, you need the organization's tenant ID. If you know the fully qualified domain name of the other organization, you can look up the tenantID in the Teams admin center. Open [meeting settings](https://admin.teams.microsoft.com/meetings/settings), select **Lookup** under **Cross-cloud meetings**, type in the fully qualified domain name, and select **Show tenant ID**.
+For the best meeting experiences across Microsoft clouds, make sure your network is ready for Microsoft Teams. [Prepare your organization's network for Microsoft Teams](/microsoftteams/prepare-network#network-requirements) contains guidance on how to optimize your network for Teams. Also ensure that the necessary DNS, IPs and Ports are enabled for each of the M365 clouds where your users are collaborating. The following table links to the endpoint definitions for each of the M365 cloud environments:
+
+|Microsoft 365 Cloud Environment|Endpoints|
+|:--|:|
+|Commercial, GCC|[Worldwide endpoints](../enterprise/urls-and-ip-address-ranges.md)|
+|GCC High|[U.S. Government GCC High endpoints](../enterprise/microsoft-365-u-s-government-gcc-high-endpoints.md)|
+|DoD|[U.S. Government DoD endpoints](../enterprise/microsoft-365-u-s-government-dod-endpoints.md)|
+|China (21Vianet)|[Microsoft 365 operated by 21Vianet](../enterprise/urls-and-ip-address-ranges-21vianet.md)|
+ ## Allow cross-tenant connections with other Microsoft 365 cloud environments If you're setting up guest sharing with a tenant that's in a different Microsoft Azure cloud environment than yours, then you need to enable connections with that cloud environment before you add the organizational relationship.
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
Use the following posters to start envisioning what your organization can do wit
| Item | Description | |:--|:--|
-|[![Microsoft 365 for frontline worker scenarios.](/microsoft-365/frontline/media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |**Frontline worker scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.<br/><br/>**Related solution guides** <br/> <ul><li>[Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview)|
-|[![Microsoft 365 for frontline workers: Healthcare scenarios.](/microsoft-365/frontline/media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |**Healthcare scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc)|
-|[![Microsoft 365 for frontline workers: Retail scenarios.](/microsoft-365/frontline/media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |**Retail scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page)|
+|[![Microsoft 365 for frontline worker scenarios.](/microsoft-365/frontline/media/m365-frontline-scenarios-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated April 2024 |**Frontline worker scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.<br/><br/>**Related solution guides** <br/> <ul><li>[Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview)|
+|[![Microsoft 365 for frontline workers: Healthcare scenarios.](/microsoft-365/frontline/media/m365-frontline-healthcare-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated April 2024 |**Healthcare scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc)|
+|[![Microsoft 365 for frontline workers: Retail scenarios.](/microsoft-365/frontline/media/m365-frontline-retail-thumb.png)](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated April 2024 |**Retail scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page)|
## Corporate communications with Microsoft 365 ΓÇö a Contoso case study Employee engagement is a significant contributor to workplace satisfaction, retention, and productivity at any organization. Across Microsoft 365, there are multiple ways to communicate and engage your audience.
syntex Automate Document Generation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/automate-document-generation.md
Title: Automate document generation with Microsoft Syntex and Power Automate (Preview)
+ Title: Automate document generation with Microsoft Syntex and Power Automate
audience: admin Previously updated : 08/08/2023 Last updated : 04/23/2024 search.appverid:
ms.localizationpriority: medium
description: Learn how to automatically create documents and other content using Microsoft Syntex and Power Automate.
-# Automate document generation with Microsoft Syntex and Power Automate (Preview)
+# Automate document generation with Microsoft Syntex and Power Automate
-Using content assembly in Microsoft Syntex together with Power Automate, you can automate the generation of documents using modern templates.
+Using content assembly in Microsoft Syntex together with Power Automate, you can automate the generation of documents using modern templates.
-This preview version is a Power Automate action in a SharePoint connector. The action is named ΓÇ£Generate document using Syntex (Preview)ΓÇ¥ and has limited capabilities for preview.
+## Automate document generation
-## Scope of the preview
-
-The current scope of the preview lets you:
--- Choose a SharePoint list as a starting point for document generation. That is, you want a document to be generated using the values in the SharePoint list once an item in the list has been added, modified, or deleted. --- Choose a modern template and associate its fields with columns from the chosen SharePoint list. -
-The preview is created and tested to work for the following three triggers in SharePoint Connector:
--- When an item is created-- When an item is created or modified-- When an item is deleted-
-## Automate document generation
-
-Follow these steps to automatically generate documents using a modern template and Power Automate.
+Follow these steps to automatically generate documents using a modern template and Power Automate.
1. Sign in to Power Automate. 2. In the left panel, select **Connectors**. In the search box, search for *SharePoint*, and then select the **SharePoint** connector.
-3. On the SharePoint connector page, select the trigger that you want to use to start the automated document generation process.
+3. On the SharePoint connector page, select the trigger that you want to use to start the automated document generation process.
We recommend starting with any one of the following three triggers:
Follow these steps to automatically generate documents using a modern template a
- When an item is created or modified - When an item is deleted
-4. Next, set up the trigger by entering the SharePoint site address and the name of the SharePoint list. Select **New step**.
+4. Next, set up the trigger by entering the SharePoint site address and the name of the SharePoint list. Select **New step**.
![Screenshot of the When a document is created or modified trigger showing a sample site address and site name.](../media/content-understanding/document-generation-trigger.png)
-5. Select the SharePoint connector again. In the search box, search for and select the action **Generate document using Syntex (preview)**.
+5. Select the SharePoint connector again. In the search box, search for and select the action **Generate document using Syntex**.
- ![Screenshot of the SharePoint connector Actions tab showing Generate document using Syntex (preview) action.](../media/content-understanding/document-generation-action.png)
+ ![Screenshot of the SharePoint connector Actions tab showing Generate document using Syntex action.](../media/content-understanding/document-generation-action.png)
-6. Enter the site information and select the document library that contains the modern template.
+6. Enter the site information, and select the document library that contains the modern template.
-7. Once the template is selected, you'll start seeing the template fields. Associate the fields with the columns in the list.
+7. Once the template is selected, you'll start seeing the template fields. Associate the fields with the columns in the list.
> [!NOTE]
- >Data mapping in the template is not supported in this preview. For example, if you have associated a field in your template with a managed metadata column, during automated generation you will be able to associate this field with a column in a list.
+ >Data mapping in the template is not supported in this action. For example, if you have associated a field in your template with a managed metadata column, during automated generation you will be able to associate this field with a column in a list.
-8. When done, select **Save** to save the flow.
+8. When done, select **Save** to save the flow.
> [!NOTE]
- > We recommend using templates that don't need users to manually add values for document generation. If the template needs manual input for a field, you can specify that value against the field rather than mapping it to a SharePoint list column.<br><br>
- > Currently, only Word documents (.Docx) are supported using this action.
+ > We recommend using templates that don't need users to manually add values for document generation. If the template needs manual input for a field, you can specify that value against the field rather than mapping it to a SharePoint list column.<br><br>
+ > Currently, only Word documents (.docx) are supported using this action.
+
+9. To generate a PDF file using this action, provide **.pdf** as the extension in the file name.
+
+10. Whenever a template consists of a table placeholder, that field has all the column names in the suggestion shown in the **Risks** field.
-8. To generate a pdf file using this action provide **.pdf** as the extension in the file name.
+ To fill the table, placeholder values should be passed as a list of JSON objects with column name and values. For example:
-9. The action does not support images and tables and templates containing these fields are hidden while selecting the templates in the action
+ *[{"Column 1":"Low","Column 2":"Test","Column 3":"Test","Column 4":"Low"},{"Column 1":"Medium","Column 2":"Test","Column 3":"Test","Column 4":"Medium"}]*
-## See also
+11. The action doesn't support images, and templates containing these fields are hidden while selecting the templates in the action.
- [Overview of content assembly in Microsoft Syntex](content-assembly.md)