-**Surface general status** of Microsoft services, tenant health status, health advice and recommendations.

-During the preview, use the pre-populated prompt options in the Copilot pane for the best results.

-To maintain your security and privacy, Copilot won't make any configuration changes on behalf of you. To learn more about security and privacy with Copilot, see [Data, Privacy, and Security for Microsoft 365 Copilot](microsoft-365-copilot-privacy.md).

-It will be available to all admins, and respect role-based access controls (RBAC) within the admin center, only surfacing information and controls that the particular admin has access to. Copilot won't make any configuration changes on behalf of an admin, keeping security integrity intact.

-| 1,000 accounts, sites, or mailboxes<br>(30-GB average size) |Less than 12 hours |

-## Definitions

-Before we begin, you should be familiar with some definitions:

-Also, if a graphic in this article has an object that's 'grayed-out' or 'dimmed' that means the element shown in gray isn't included in HMA-specific configuration.

-1. Since many prerequisites are common for both Skype for Business and Exchange, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md). Do this before you begin any of the steps in this article.

-1. Add on-premises web service URLs as **Service Principal Names (SPNs)** in Microsoft Entra ID. In case EXCH is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with EXCH.

-1. Ensure all Virtual Directories are enabled for HMA

-1. Check for the EvoSTS Auth Server object

-1. Enable HMA in EXCH.

-> [!NOTE]

-> Outlook Web App and Exchange Control Panel do not work with hybrid Modern Authentication. In addition, publishing Outlook Web App and Exchange Control Panel through Microsoft Entra application proxy is unsupported.

- Get-MapiVirtualDirectory | FL server,*url*

- Get-WebServicesVirtualDirectory | FL server,*url*

- Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri

- Get-OABVirtualDirectory | FL server,*url*

- Get-AutodiscoverVirtualDirectory | FL server,*url*

- Get-OutlookAnywhere | FL server,*hostname*

- Ensure the URLs clients might connect to are listed as HTTPS service principal names in Microsoft Entra ID. In case EXCH is in hybrid with **multiple tenants**, these HTTPS SPNs should be added in the Microsoft Entra ID of all the tenants in hybrid with EXCH.

-2. Next, connect to Microsoft Entra ID with [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:

-3. For your Exchange-related URLs, type the following command:

- Take note of (and screenshot for later comparison) the output of this command, which should include an `https://*autodiscover.yourdomain.com*` and `https://*mail.yourdomain.com*` URL, but mostly consist of SPNs that begin with `00000002-0000-0ff1-ce00-000000000000/`. If there are `https://` URLs from your on-premises that are missing, those specific records should be added to this list.

-4. If you don't see your internal and external MAPI/HTTP, EWS, ActiveSync, OAB, and Autodiscover records in this list, you must add them using the following command (the example URLs are `mail.corp.contoso.com` and `owa.contoso.com`, but you should replace the example URLs with your own):

- $x= Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"

- $ServicePrincipalUpdate =@(

-> In case EXCH is in hybrid with **multiple tenants**, your output should show one AuthServer of the Name `EvoSts - {GUID}` for each tenant in hybrid with EXCH and the *Enabled* state should be **True** for all of these AuthServer objects.

-If the EXCH version is Exchange 2016 (CU18 or higher) or Exchange 2019 (CU7 or higher) and hybrid was configured with HCW downloaded after September 2020, run the following command in the Exchange Management Shell, on-premises:

-> In case EXCH is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in EXCH with domains corresponding to each tenant. The **IsDefaultAuthorizationEndpoint** flag should be set to true (using the **IsDefaultAuthorizationEndpoint** cmdlet) for any one of these AuthServer objects. This flag can't be set to true for all the Authserver objects and HMA would be enabled even if one of these AuthServer object's **IsDefaultAuthorizationEndpoint** flag is set to true.

-You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select **Connection Status**. Look for the client's SMTP address against an **Authn** type of `Bearer\*`, which represents the bearer token used in OAuth.

-## Using hybrid Modern Authentication with Outlook for iOS and Android

-If you're an on-premises customer using Exchange server on TCP 443, allow network traffic from the following IP ranges:

-|mailNickname||

- You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#optimizing-connectivity-to-microsoft-365-services).

-|[](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |**Frontline worker scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.<br/><br/>**Related solution guides** <br/> <ul><li>[Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview)|

-|[](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |**Healthcare scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc)|

-|[](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |**Retail scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page)|

-# Automate document generation with Microsoft Syntex and Power Automate (Preview)

-Using content assembly in Microsoft Syntex together with Power Automate, you can automate the generation of documents using modern templates.

-This preview version is a Power Automate action in a SharePoint connector. The action is named ΓÇ£Generate document using Syntex (Preview)ΓÇ¥ and has limited capabilities for preview.

-## Scope of the preview

-The current scope of the preview lets you:

-The preview is created and tested to work for the following three triggers in SharePoint Connector:

-## Automate document generation

-Follow these steps to automatically generate documents using a modern template and Power Automate.

-3. On the SharePoint connector page, select the trigger that you want to use to start the automated document generation process.

-4. Next, set up the trigger by entering the SharePoint site address and the name of the SharePoint list. Select **New step**.

-5. Select the SharePoint connector again. In the search box, search for and select the action **Generate document using Syntex (preview)**.

- 

-6. Enter the site information and select the document library that contains the modern template.

-7. Once the template is selected, you'll start seeing the template fields. Associate the fields with the columns in the list.

- >Data mapping in the template is not supported in this preview. For example, if you have associated a field in your template with a managed metadata column, during automated generation you will be able to associate this field with a column in a list.

-8. When done, select **Save** to save the flow.

- > We recommend using templates that don't need users to manually add values for document generation. If the template needs manual input for a field, you can specify that value against the field rather than mapping it to a SharePoint list column.<br><br>

- > Currently, only Word documents (.Docx) are supported using this action.

-8. To generate a pdf file using this action provide **.pdf** as the extension in the file name.

-9. The action does not support images and tables and templates containing these fields are hidden while selecting the templates in the action

-## See also

- [Overview of content assembly in Microsoft Syntex](content-assembly.md)