Updates from: 06/14/2024 12:01:08
Category Microsoft Docs article Related commit history on GitHub Change details
admin Microsoft 365 Copilot Readiness https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-365-copilot-readiness.md
+
+ Title: "Microsoft 365 admin center Copilot for Microsoft 365 readiness"
+++ Last updated : 06/06/2024
+audience: Admin
++
+ms.localizationpriority: medium
+
+- Tier2
+- scotvorg
+- M365-subscription-management
+- Adm_O365
+- Adm_NonTOC
+- m365copilot
+- magic-ai-copilot
+
+search.appverid:
+- BCS160
+- MST160
+- MET150
+- MOE150
+description: "Learn about the Copilot for Microsoft 365 readiness report and how it can help you assess your organization's readiness to adopt Copilot."
++
+# Microsoft 365 reports in the Admin Center ΓÇô Copilot for Microsoft 365 readiness
+
+The Microsoft 365 Usage dashboard shows you the activity overview across the Microsoft 365 apps in your organization. It enables you to drill into individual product-level reports to give you more granular insight about the activities within each app. To view all reports, check out the [Reports overview article](activity-reports.md).
+
+In the Copilot for Microsoft 365 readiness report, which is in continuous enhancement, you can view which users are technically eligible for Copilot, assign licenses, and monitor usage of Microsoft 365 apps that Copilot integrates best with. The report becomes available within 72 hours, and once available, the usage data shown on the report can have up to a maximum of 72 hours latency.
+
+## How do I get to the Copilot for Microsoft 365 report?
+
+1. In the admin center, go to **Reports** > **Usage**.
+1. Select the **Copilot for Microsoft 365** page.
+1. You can view Readiness on the first tab. Switch to the Usage tab to view adoption and usage metrics.
+
+## Interpret the Readiness section in the Copilot for Microsoft 365 report
+
+You can use this report to see how ready your organization is to adopt Copilot for Microsoft 365. The Readiness section is set up to show your data over the past 28 days. Currently this portion does not include any other time period options, but we'll be rolling out updates soon to enable 7-day, 30-day, 90-day, and 180-day periods.
+
+You can see the following summary charts in this report:
++
+**Total Prerequisite Licenses** The number is the sum of all users who have at least one license assigned to them or who could be assigned a license. The following license types are eligible for Copilot:
+
+**For Business and Enterprise**:
+
+- Microsoft 365 E5
+- Microsoft 365 E3
+- Microsoft 365 F1
+- Microsoft 365 F3
+- Office 365 E5
+- Office 365 E3
+- Office 365 E1
+- Office 365 F3
+- Microsoft 365 Business Basic
+- Microsoft 365 Business Premium
+- Microsoft 365 Business Standard
+
+**For Education Faculty and Higher Education Students Aged 18+**:
+
+- Microsoft 365 A1*
+- Microsoft 365 A3*
+- Microsoft 365 A5*
+- Office 365 A1*
+- Office 365 A3*
+- Office 365 A5*
+
+*Available via Enrollment for Education Solutions (EES) or Cloud Solution Provider (CSP) only.
+
+**Users on an eligible update channel** This number is the sum of all users who are enrolled in Current Channel or Monthly Enterprise Channel for app updates in your organization and could be assigned with a Copilot license.
++
+**Assigned Licenses** This number is the sum of all users who have already been assigned with a Copilot license in your organization.
+
+**Available Licenses** This number is the sum of all users who do not have a Copilot license assigned, and should be prioritized first.
++
+Recommended action cards highlight important actions to take to prepare your organization for Copilot, such as moving users to a monthly app update channel and assigning available Copilot licenses.
+
+The last recommended action card promotes [Microsoft Copilot Dashboard](/viva/insights/org-team-insights/copilot-dashboard), where you can deliver insights to your IT leaders to explore Copilot readiness, adoption, and impact in Viva Insights.
++
+This graph shows the sum of users that could benefit the most from having Copilot deployed based on where Copilot provides the most value in day-to-day scenarios.
++
+You can use the user table to get an at-a-glance view at which users are assigned a Copilot license, whether their devices are configured correctly, and if theyΓÇÖre using a Microsoft 365 app that has Copilot enabled.
+
+You can also export the report data into an Excel .csv file by selecting the Export link. This exports the Copilot for Microsoft 365 readiness data of all users with any engagement on Teams meetings, Teams chat, and Outlook email for Office docs in past 30 days, and enables you to do simple sorting, filtering, and searching for further analysis.
+
+To ensure data quality, we perform daily data validation checks for the past three days and will fill any gaps detected. You may notice differences in historical data during the process.
+
+### User activity table
+
+| Item | Description |
+|--||
+| User name | The user's principal name. |
+| Has Copilot license been assigned | Yes/No field indicating if the user has a Copilot license assigned to them. |
+| Uses eligible update channel | Yes/No field indicating if devices are configured to get the latest or monthly updates. |
+| Uses Teams Meetings | Indicates whether the user has attended at least one meeting using Teams in the past 30 days. |
+| Uses Teams chat | Indicates whether the user has participated in at least one chat using Teams in the past 30 days. |
+| Uses Outlook Email | Indicates whether the user has sent at least one email using Outlook in the past 30 days. |
+| Uses Office docs | Indicates whether the user has collaborated on at least one document or file using OneDrive or sharepoint in the past 30 days. |
+
+## Make the user-specific data anonymous
+
+To make the data in the Copilot for Microsoft 365 report anonymous, you must be a global administrator. This will hide identifiable information (using MD5 hashes) such as display name, email, and Microsoft Entra Object ID in report and their export.
+
+1. In Microsoft 365 admin center, go to the **Settings** \> **Org Settings**, and under **Services** tab, choose **Reports**.
+
+2. Select **Reports**, and then choose to **Display anonymous identifiers**. This setting gets applied both to the usage reports in Microsoft 365 admin center and Teams admin center.
+
+3. Select **Save changes**.
admin Microsoft 365 Copilot Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
Title: "Microsoft 365 admin center Microsoft 365 Copilot usage"
+ Title: "Microsoft 365 admin center Copilot for Microsoft 365 usage"
Previously updated : 07/18/2023 Last updated : 06/06/2024 audience: Admin
search.appverid:
- MST160 - MET150 - MOE150
-description: "Learn how to get the Microsoft 365 Copilot usage report and gain insights into the Copilot for Microsoft 365 activity in your organization."
+description: "Learn how to get the Copilot for Microsoft 365 usage report and gain insights into the Copilot for Microsoft 365 activity in your organization."
-# Microsoft 365 reports in the Admin Center ΓÇô Copilot for Microsoft 365 readiness and usage
+# Microsoft 365 reports in the Admin Center ΓÇô Copilot for Microsoft 365 usage
The Microsoft 365 Usage dashboard shows you the activity overview across the Microsoft 365 productivity apps in your organization. It enables you to drill into individual product-level reports to give you more granular insight about the activities within each app. To view all reports, check out the [Reports overview article](activity-reports.md).
-The Copilot for Microsoft 365 report, which is in continuous enhancement, includes a Readiness section and Usage section. In the Readiness section, you can view which users are technically eligible for Copilot, assign licenses, and monitor usage of apps in Microsoft 365 that Copilot integrates best with. Within the Usage section, you can view a summary of how usersΓÇÖ adoption, retention, and engagement are with Copilot for Microsoft 365, and the activity of every Copilot user in your organization. The report becomes available within 72 hours, and once available, the usage data shown on the report can have up to a maximum of 72 hours latency.
+In the Copilot for Microsoft 365 usage report, which is in continuous enhancement, you can view a summary of how usersΓÇÖ adoption, retention, and engagement are with Copilot for Microsoft 365, and the activity of every Copilot user in your organization. The report becomes available within 72 hours, and once available, the usage data shown on the report can have up to a maximum of 72 hours latency.
-## How do I get to the Copilot for Microsoft 365 report?
+## How do I get to the Copilot for Microsoft 365 usage report?
1. In the admin center, go to **Reports** > **Usage**. 1. Select the **Copilot for Microsoft 365** page.
-1. You can view Readiness on the first tab. Switch to the Usage tab to view adoption and usage metrics.
+1. Select the Usage tab to view adoption and usage metrics.
-## Interpret the Readiness section in Copilot for Microsoft 365 report
-
-You can use this report to see how ready your organization is to adopt Copilot for Microsoft 365. The Readiness section is set up to show your data over the past 28 days. Currently this portion does not include any other time period options, but we'll be rolling out updates soon to enable 7-day, 30-day, 90-day, and 180-day periods.
-
-You can see the following summary charts in this report:
--
-**Total Prerequisite Licenses** The number is the sum of all users who have at least one license assigned to them or who could be assigned a license. The following license types are eligible for Copilot:
-
-**For Business and Enterprise**:
--- Microsoft 365 E5-- Microsoft 365 E3-- Microsoft 365 F1-- Microsoft 365 F3-- Office 365 E5-- Office 365 E3-- Office 365 E1-- Office 365 F3-- Microsoft 365 Business Basic-- Microsoft 365 Business Premium-- Microsoft 365 Business Standard-
-**For Education Faculty and Higher Education Students Aged 18+**:
--- Microsoft 365 A1*-- Microsoft 365 A3*-- Microsoft 365 A5*-- Office 365 A1*-- Office 365 A3*-- Office 365 A5*-
-*Available via Enrollment for Education Solutions (EES) or Cloud Solution Provider (CSP) only.
-
-**Users on an eligible update channel** This number is the sum of all users who are enrolled in Current Channel or Monthly Enterprise Channel for app updates in your organization and could be assigned with a Copilot license.
--
-**Assigned Licenses** This number is the sum of all users who have already been assigned with a Copilot license in your organization.
-
-**Available Licenses** This number is the sum of all users who do not have a Copilot license assigned, and should be prioritized first.
--
-Recommended action cards highlight important actions to take to prepare your organization for Copilot, such as moving users to a monthly app update channel and assigning available Copilot licenses.
-
-The last recommended action card promotes [Microsoft Copilot Dashboard](/viva/insights/org-team-insights/copilot-dashboard), where you can deliver insights to your IT leaders to explore Copilot readiness, adoption, and impact in Viva Insights.
--
-This graph shows the sum of users that could benefit the most from having Copilot deployed based on where Copilot provides the most value in day-to-day scenarios.
--
-You can use the user table to get an at-a-glance view at which users are assigned a Copilot license, whether their devices are configured correctly, and if theyΓÇÖre using a Microsoft 365 app that has Copilot enabled.
-
-You can also export the report data into an Excel .csv file by selecting the Export link. This exports the Copilot for Microsoft 365 readiness data of all users with any engagement on Teams meetings, Teams chat, and Outlook email for Office docs in past 30 days, and enables you to do simple sorting, filtering, and searching for further analysis.
-
-To ensure data quality, we perform daily data validation checks for the past three days and will fill any gaps detected. You may notice differences in historical data during the process.
-
-### User activity table
-
-| Item | Description |
-|--||
-| User name | The user's principal name. |
-| Has Copilot license been assigned | Yes/No field indicating if the user has a Copilot license assigned to them. |
-| Uses eligible update channel | Yes/No field indicating if devices are configured to get the latest or monthly updates. |
-| Uses Teams Meetings | Indicates whether the user has attended at least one meeting using Teams in the past 30 days. |
-| Uses Teams chat | Indicates whether the user has participated in at least one chat using Teams in the past 30 days. |
-| Uses Outlook Email | Indicates whether the user has sent at least one email using Outlook in the past 30 days. |
-| Uses Office docs | Indicates whether the user has collaborated on at least one document or file using OneDrive or sharepoint in the past 30 days. |
-
-## Interpret the Usage tab in Copilot for Microsoft 365 report
+## Interpret the Copilot for Microsoft 365 usage report
You can use this report to see the usage of Copilot for Microsoft 365 in your organization.
To ensure data quality, we perform daily data validation checks for the past thr
||-| | User name | The user's principal name. | | Display name | The full name of the user. |
-| Last activity date (UTC (Universal Time Code)) | The latest date the user had activity in Copilot for Microsoft 365 among all Microsoft 365 products, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Teams Copilot (UTC) | The latest date the user had activity in Microsoft Teams Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Word Copilot (UTC) | The latest date the user had activity in Word Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Excel Copilot (UTC) | The latest date the user had activity in Excel Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of PowerPoint Copilot (UTC) | The latest date the user had activity in PowerPoint Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Outlook Copilot (UTC) | The latest date the user had activity in Outlook Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of OneNote Copilot (UTC) | The latest date the user had activity in OneNote Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Loop Copilot (UTC) | The latest date the user had activity in Loop Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
-| Last activity date of Copilot chat (UTC) | The latest date the user had activity in Copilot chat, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
+| Last activity date (UTC (Universal Time Code)) | The latest date the user had activity in Copilot for Microsoft 365 among all Microsoft 365 products, including any of the intentional activities, over the selected time period. |
+| Last activity date of Teams Copilot (UTC) | The latest date the user had activity in Microsoft Teams Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of Word Copilot (UTC) | The latest date the user had activity in Word Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of Excel Copilot (UTC) | The latest date the user had activity in Excel Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of PowerPoint Copilot (UTC) | The latest date the user had activity in PowerPoint Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of Outlook Copilot (UTC) | The latest date the user had activity in Outlook Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of OneNote Copilot (UTC) | The latest date the user had activity in OneNote Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of Loop Copilot (UTC) | The latest date the user had activity in Loop Copilot, including any of the intentional activities, over the selected time period. |
+| Last activity date of Copilot chat (UTC) | The latest date the user had activity in Copilot chat, including any of the intentional activities, over the selected time period. |
## Make the user-specific data anonymous
This report now includes a new metric for Microsoft Copilot with Graph-grounded
- Selecting a prompt from the "Try these Prompts" section, which will automatically copy the prompt into the chat box. - Clicking on one of the suggestions from the "Stay on top" tab in some platforms (such as Microsoft365.com).
+### Does Teams Copilot usage include Copilot chat usage in Teams?
+
+Teams Copilot usage excludes Copilot chat usage within Teams, as Copilot chat is a Teams app. In the future, we will add the Copilot chat usage breakdown in Teams, Bing, and more.
+
+### What are the behaviors of 'All up last activity date' and 'last activity date per app' in the user-level table?
+
+All up last activity date and last activity date per app are reflecting different narratives now. All up last activity date is reflecting the historical last activity date no matter what period is selected on the page, while last activity date per app is reflecting the last activity date within the selected time period; hence, if there's no activity in selected time period, the last activity date per app will be empty. We are planning to make them consistent to reflect the historical last activity date narrative and will provide update once itΓÇÖs done.
+ ### What's the difference between the user activity table and audit log? The information captured in audit log records differs from that in [Microsoft 365 usage reports](#user-last-activity-table). It's important to note that audit logs are not designed for assessing user engagement in Microsoft 365, and they should not be used to replace or augment information in Microsoft 365 usage reports. To learn more about audit logs, see [Export, configure, and view audit log records](/purview/audit-log-export-records#step-1-export-audit-log-search-results).
This may be caused by a known limitation: the uploading of client events data fo
### How do the numbers in this report compare to what is shown in the Microsoft Copilot Dashboard in Viva Insights? The data in these reports is based on the same underlying definitions of active usage, but the population of users included in the analysis and the timeframe displayed may differ. To learn more, see [Use Microsoft Copilot Dashboard advanced features with a Viva Insights subscription](/viva/insights/org-team-insights/copilot-dashboard-advanced-features#setup-and-licenses).-
-### Does Teams Copilot usage include Copilot chat usage in Teams?
-
-Teams Copilot usage excludes Copilot chat usage within Teams, as Copilot chat is a Teams app. In the future, we will add the Copilot chat usage breakdown in Teams, Bing, and more.
admin Change User Profile Photos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-user-profile-photos.md
f1.keywords:
Previously updated : 5/10/2024 Last updated : 06/11/2024 audience: Admin
Photo update settings in your organization include controlling the environment w
### Select where user profile photos can be edited using Microsoft Graph
-Currently, you can configure the photo update settings using Microsoft Graph only. For more information, see Manage user profile photo settings in Microsoft 365 using Microsoft Graph.
+Currently, you can configure the photo update settings using Microsoft Graph only. For more information, see [Manage user profile photo settings in Microsoft 365 using Microsoft Graph](/graph/profilephoto-configure-settings).
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
Title: "Create a group in the admin center" Previously updated : 02/18/2020 Last updated : 06/11/2024 f1.keywords: CSH
While users can create a Microsoft 365 group from Outlook or other apps, as an a
## Create a Microsoft 365 group
-1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
+1. In the admin center, expand **Teams & groups**, and then select **[Active teams & groups](https://go.microsoft.com/fwlink/p/?linkid=2052855)**.
-2. Select **Add a group**.
-
-3. On the **Choose a group type** page, select **Microsoft 365**, and select **Next**.
+1. Select **Add Microsoft 365 group**.
4. On the **Basics** page, type a name for the group, and, optionally, a description. Select **Next**.
Users can [add themselves or request approval](https://support.microsoft.com/off
1. In the admin center, refresh the page so your new group appears, and then select the name of the group that you want to add members to.
-2. On the **Members** tab, select **View all and manage members**.
+1. On the **Membership** tab, select **Members**.
3. Select **Add members**.
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
Title: "Manage guest access in Microsoft 365 groups" Previously updated : 02/18/2020 Last updated : 06/11/2024 f1.keywords: NOCSH
- Adm_O365 - Adm_TOC
- - AdminSurgePortfolio
- - AdminTemplateSet
- - admindeeplinkMAC
- - has-azure-ad-ps-ref
+- AdminSurgePortfolio
+- AdminTemplateSet
+- admindeeplinkMAC
+- has-azure-ad-ps-ref
search.appverid: - MET150 - MOE150
If you want to enable or disable guest access in groups, you can do so in the <a
If the guest already exists in your directory, you can add them to your groups from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">Microsoft 365 admin center</a>. (Groups with dynamic membership must be [managed in Microsoft Entra ID](/azure/active-directory/enterprise-users/groups-create-rule).)
-1. In the admin center, go to the **Groups** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
-
-2. Select the group you want to add the guest to, and select **View all and manage members** on the **Members** tab.
-
+1. In the admin center, go to **Teams & g****roups** > **[Active teams & groups](https://go.microsoft.com/fwlink/p/?linkid=2052855)**.
+
+1. Select the group you want to add the guest to, and select **Membership > Members**.
+ 3. Select **Add members**, and choose the name of the guest you want to add. 4. Select **Save**.
admin Create Dns Records At Cloudflare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-cloudflare.md
f1.keywords:
Previously updated : 02/18/2020 Last updated : 06/13/2024 audience: Admin
- Adm_O365 - Adm_NonTOC - Adm_O365_Setup
+- must-keep
search.appverid: - BCS160
Follow these steps to automatically verify and set up your Cloudflare domain wit
1. In the Microsoft 365 admin center, select **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>, and select the domain you want to set up.
-1. Select the three dots (more actions) \> choose **Start setup**.
-
- :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
+1. Select the three dots (more actions) \> choose **Manage DNS**.
1. On the How do you want to connect your domain? page, select **Continue**.
Before you use your domain with Microsoft, we have to make sure that you own it.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
To verify the record in Microsoft 365:
1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
-1. On the Domains page, select the domain that you're verifying, and select **Start setup**.
-
- :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
+1. On the Domains page, select the domain that you're verifying, and select **Manage DNS**.
1. Select **Continue**.
To verify the record in Microsoft 365:
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
To verify the record in Microsoft 365:
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
To verify the record in Microsoft 365:
1. Select **Save**.
- :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-save.png" alt-text="Screenshot of where you select Save to add an SPF TXT record.":::
+ :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-TXT-spf-protection.png" alt-text="Screenshot of where you select Save to add an SPF TXT record.":::
## Advanced option: Skype for Business
Only select this option if your organization uses Skype for Business for online
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
Only select this option if your organization uses Skype for Business for online
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
Only select this option if your organization uses Skype for Business for online
|CNAME|sip|sipdir.online.lync.com <br/>|1 Hour| |CNAME|lyncdiscover|webdir.online.lync.com <br/>|1 Hour|
-1. Select the **Save**.
-
- :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Screenshot of where you select Save to add CNAME records for Skype for Business.":::
+1. Select **Save**.
1. Add the other CNAME record by copying the values from the second row of the table.
This service helps you secure and remotely manage mobile devices that connect to
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-1.png" alt-text="Select the domain you want to update.":::
-1. On the Overview page for your domain, select **DNS**.
+1. On the Overview page for your domain, select **DNS** from the navigation bar.
:::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-2.png" alt-text="Select DNS.":::
This service helps you secure and remotely manage mobile devices that connect to
1. Select **Save**.
- :::image type="content" source="../../media/dns-cloudflare/cloudflare-domains-cname-save.png" alt-text="Screenshot of where you select Save to add an CNAME record for Mobile Device Management.":::
- 1. Add the other CNAME record by copying the values from the second row of the table. > [!NOTE]
backup Backup 3P Billing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/storage/backup-3p-billing.md
+
+ Title: Set up third-party billing for Microsoft 365 Backup Storage (Preview)
+++
+audience: admin
+ Last updated : 06/03/2024+++
+search.appverid:
+
+ - essentials-overview
+ms.localizationpriority: medium
+description: Set up third-party billing for Microsoft 365 Backup Storage.
++
+# Set up third-party billing for Microsoft 365 Backup Storage (Preview)
+
+Developers can create an application to manage Microsoft 365 Backup Storage in their customer's tenants. However, a Billing Policy must be created that associates your Microsoft 365 Backup Storage application to pay-as-you-go billing that has been configured in your tenant.
+
+To create a Billing Policy, you need to perform the following steps:
+
+1. [Set up pay-as-you-go billing](#step-1-set-up-pay-as-you-go-billing).
+
+2. [Submit a request to Microsoft to create a Billing Policy for your application](#step-2-submit-a-request-to-microsoft-to-create-a-billing-policy-for-your-application).
+
+> [!NOTE]
+> An application and tenant can only be associated to one and only one Billing Policy. That is, a tenant can't have more than one Billing Policy and an application can't be associated with more than one Billing Policy.
+
+### Step 1: Set up pay-as-you-go billing
+
+> [!WARNING]
+> This step needs to be performed in the same tenant that your Microsoft 365 Backup Storage application was created and registered in. That is, this should be performed in your tenant (and not your customer's tenants). Failure to do so will mean that your request to create a Billing Policy will be rejected.
+
+Microsoft 365 Backup is a pay-as-you-go offering that charges based on consumption, unlike traditional seat-based licenses. To set up pay-as-you-go for Microsoft 365 Backup, you'll need to have this information:
+
+- **Valid Azure subscription.** An Azure subscription provides a logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure. To learn more about Azure, see [Azure fundamental concepts](/azure/cloud-adoption-framework/ready/considerations/fundamental-concepts).
+
+- **Resource group.** A resource group provides a logical grouping of resources within an Azure subscription.
+
+- **Region.** The region in which you want to register the service.
+
+- **Owner or contributor.** Name of an owner or contributor role on the Azure subscription.
+
+Once you have the information on this list, you're ready to perform the following steps:
+
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home).
+
+2. Select **Setup**.
+
+3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**.
+
+4. On the **Use content AI with Microsoft Syntex** page, select **Set up billing**.
+
+> [!NOTE]
+> To set up pay-as-you-go billing for Microsoft 365 Backup, you must be an owner or contribution role on the Azure subscription to be used.
+
+5. If you *don't* have an Azure subscription or resource group, follow these steps. If you have an Azure subscription and resource group, go directly to step 6.
+
+ To create a new Azure subscription with the same organization and Microsoft Entra tenant as your Microsoft 365 subscription:
+ 1. Sign in to the [Azure portal](https://portal.azure.com/) with your Microsoft 365 admin, Microsoft Entra DC admin, or Global admin account.
+ 2. In the left navigation, select **Subscriptions**, and then select **Add**.
+ 3. On the **Add subscription** page, select an offer and complete the payment information and agreement.
+
+ To create a new Azure resource group:
+ 1. On the **Set up pay-as-you-go billing** panel, select **Learn more about Azure resource groups**.
+ 2. Or, you can follow steps in [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group.
+
+> [!NOTE]
+> The resource group should be mapped to the Azure subscription you provided when you set up pay-as-you-go.
+
+6. If you ***have*** an Azure subscription, follow these steps:
+ 1. On the **Set up pay-as-you-go billing** panel, under **Azure subscription**, select the subscription from the dropdown list.
+ 2. Under **Resource group**, select the resource group from the dropdown list.
+ 3. Under **Region**, select the region from the dropdown list.
+ 4. Review and accept the terms of service, and then select **Save**.
+
+> [!NOTE]
+> The subscription dropdown list will not populate if you are not an owner or contributor on the subscription.
+
+You have successfully set up pay-as-you-go billing.
+
+> [!IMPORTANT]
+> Any subsequent changes made to the billing for Microsoft 365 Backup Storage in the Microsoft 365 admin center or the Azure portal can take up to 24 hours to become effective.
+
+### Step 2: Submit a request to Microsoft to create a Billing Policy for your application
+
+To create a Billing Policy for your application and the pay-as-you-go billing configured in the previous step, you'll need to perform the following steps:
+
+1. Review the [Microsoft 365 Backup Storage - Third-Party public preview terms of service and conditions](../backup-preview-terms-third-party.md).
+
+2. Email *M365Backup3PBilling@microsoft.com* with the following information: We'll reply back to this email once the request is complete.
+ - Subject line containing your **Microsoft Entra tenant ID**.
+ - Message body containing your **Microsoft Entra tenant ID** and **Application Id** of your Microsoft 365 Backup Storage application.
+ - Screenshot of your **application registration details** in [Microsoft Azure > App registrations](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps) for example: [https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/{ApplicationId}](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/{ApplicationId}).
+
+For details on how to find your Microsoft Entra tenant ID, refer to [How to find your Microsoft Entra tenant ID](/entra/fundamentals/how-to-find-tenant).
+
+> [!IMPORTANT]
+> Submitting a request to Microsoft indicates that you have accepted the [Microsoft 365 Backup Storage - Third Party public preview terms of service and conditions](../backup-preview-terms-third-party.md).
+
+> [!WARNING]
+> The domain of the email address from which you email Microsoft must be registered in the same tenant where you configured the pay-as-you-go billing in the previous step. That is, your email domain must be listed in [Microsoft 365 admin center > Domains](https://admin.microsoft.com/Adminportal/?#/Domains). Failure to do so will mean that your request to create a Billing Policy will be rejected.
+
+> [!NOTE]
+> - All requests are processed on a "first come, first served" basis and can take 3 to 5 business days to be processed.
+> - If any invalid information is provided, then your request might be rejected without any further correspondence.
+
+Once your request is processed and you receive a confirmation email, your application is able to enable Microsoft 365 Backup Storage in your customer's tenants using your Billing Policy.
backup Backup 3P Lifecycle https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/storage/backup-3p-lifecycle.md
+
+ Title: Application lifecycle for Microsoft 365 Backup Storage (Preview)
+++
+audience: admin
+ Last updated : 06/03/2024+++
+search.appverid:
+
+ - essentials-overview
+ms.localizationpriority: medium
+description: Application lifecycle for Microsoft 365 Backup Storage.
++
+# Application lifecycle for Microsoft 365 Backup Storage (Preview)
+
+## Onboard a third-party Microsoft 365 Backup Storage application
+
+Once your Microsoft 365 Backup Storage application is given consent to execute in the Consuming Tenant, to enable it to be the Microsoft 365 Backup Storage Controller in a Consuming Tenant, you'll need to perform the following programmatic tasks (via your application):
+
+1. [Register your application as a Microsoft 365 Backup Storage Controller](#step-1-register-your-application-as-a-microsoft-365-backup-storage-controller).
+
+2. [Check if the Microsoft 365 Backup Service is enabled in the Consuming Tenant](#step-2-check-if-the-microsoft-365-backup-service-is-enabled-in-the-consuming-tenant).
+
+3. [Activate your application to be the Microsoft 365 Backup Storage Controller](#step-3-activate-your-application-to-be-the-microsoft-365-backup-storage-controller).
+ - If there was an existing Controller, wait for the [Grace Period](#existing-microsoft-365-backup-storage-controller-grace-period) to complete.
+
+4. [Enable your Billing Policy in the Consuming Tenant](#step-4-enable-your-billing-policy-in-the-consuming-tenant).
+
+After your application is registered, you can always check the state of your application as the Microsoft 365 Backup Storage Controller by executing the [Get serviceApp](/graph/api/serviceapp-get?view=graph-rest-beta) API:
+```http
+GET /solutions/backupRestore/serviceApps/{serviceAppId}
+```
+
+### Step 1: Register your application as a Microsoft 365 Backup Storage Controller
+
+To register your application to be a Microsoft 365 Backup Storage Controller, you first need to register your application by executing the [Create service App](/graph/api/backuprestoreroot-post-serviceapps?view=graph-rest-beta) API:
+```http
+POST /solutions/backupRestore/serviceApps/
+```
+
+If your application was successfully registered, it has a state of **inactive**. The returned ID is the Service App ID of your application (which is your Application ID).
+
+### Step 2: Check if the Microsoft 365 Backup Service is enabled in the Consuming Tenant
+
+To check if the Microsoft 365 Backup Service is enabled in the Consuming Tenant, your application needs to execute the [Get backupRestoreRoot](/graph/api/backuprestoreroot-get?view=graph-rest-beta) API:
+```http
+GET /solutions/backupRestore/
+```
+
+If the returned state is **enabled**, then this state indicates that there's an active Microsoft 365 Backup Storage Controller and that changing the Controller enforces a grace period.
+All other states indicate that there's no active Microsoft 365 Backup Storage Controller and that an application can immediately become the Controller when registering.
+
+### Step 3: Activate your application to be the Microsoft 365 Backup Storage Controller
+
+To activate your application as the Microsoft 365 Backup Storage Controller depends on whether or not there's already an existing Microsoft 365 Backup Storage Controller (either first-party or third-party).
+
+> [!NOTE]
+> Activating your application as the Microsoft 365 Backup Storage Controller will notify all of the Consuming Tenant Backup Admins via an email.
+
+#### No existing Microsoft 365 Backup Storage Controller
+
+If there's no existing Microsoft 365 Backup Storage Controller, then you can immediately activate your application as the Controller. To do this, you execute the [serviceApp: activate](/graph/api/serviceapp-activate?view=graph-rest-beta) API:
+```http
+POST /solutions/backupRestore/serviceApps/{serviceAppId}/activate
+```
+
+If your application was immediately activated successfully, it has a state of **active**.
+
+#### Existing Microsoft 365 Backup Storage Controller
+
+If there's an existing Microsoft 365 Backup Storage Controller, then when activating your application as the Controller you need to specify a date/time as to when the change is effective. The date/time needs to be at least 7-days in the future, but not greater than 30-days.
+
+To activate your application, you need to execute the [serviceApp: activate](/graph/api/serviceapp-activate?view=graph-rest-beta) API specifying the effective date/time in the Request JSON body:
+```http
+POST /solutions/backupRestore/serviceApps/{serviceAppId}/activate
+```
+
+> [!NOTE]
+> If there is already a pending change to the Microsoft 365 Backup Storage Controller already in progress, then your request will fail with a HTTP 403 error code. You will not be able to activate your application until the pending change has completed.
+
+If your application was successfully activated for a date/time in the future, it has a state of **pendingActive**.
+
+### Existing Microsoft 365 Backup Storage Controller Grace Period
+
+If there was an existing Microsoft 365 Backup Storage Controller when you activated your application, this enforces a Grace Period of between 7 to 30 days (as specified when you activated your application).
+
+**During the Grace Period:**
+- Your application has a state of **pendingActive**.
+- Your application has read-only access to any existing Protection Policies. Your application won't be able to change or create Protection Policies or perform any Restores.
+- The Consuming Tenant Backup Admin can cancel the pending change of the Microsoft 365 Backup Storage Controller and revert back to original state.
+- Your application can cancel the pending change of the Microsoft 365 Backup Storage Controller and revert back to original state by executing the [serviceApp: deactivate](/graph/api/serviceapp-deactivate?view=graph-rest-beta) API:
+```http
+POST /solutions/backupRestore/serviceApps/{serviceAppId}/deactivate
+```
+- Your application can check the state of your application as the Microsoft 365 Backup Storage Controller by executing the [Get serviceApp](/graph/api/serviceapp-get?view=graph-rest-beta) API:
+```http
+GET /solutions/backupRestore/serviceApps/{serviceAppId}
+```
+
+**On completion of the Grace Period:**
+- Your application has a state of **active**.
+
+> [!NOTE]
+> Any state changes made to the Microsoft 365 Backup Storage Controller will notify all of the Consuming Tenant Backup Admins via an email. This includes the following events:
+> - Activating a Service App as the Microsoft 365 Backup Storage Controller
+> - Canceling the pending change to the Microsoft 365 Backup Storage Controller
+> - Deactivating a Service App as the Microsoft 365 Backup Storage Controller
+> - Completion of the Grace Period
+
+### Step 4: Enable your Billing Policy in the Consuming Tenant
+
+Once your application has a status of active, you'll need to enable your Billing Policy in the Consuming Tenant. This step is performed by executing the [backupRestoreRoot: enable](/graph/api/backuprestoreroot-enable?view=graph-rest-beta) API:
+```http
+POST /solutions/backupRestore/enable
+```
+
+After you have enabled the Billing Policy, your application will be the Microsoft 365 Backup Storage Controller in the Consuming Tenant and will now be able to maintain the Microsoft 365 Backup Service (as per your applicationΓÇÖs oAuth permission scopes).
+
+> [!NOTE]
+> You can execute this API multiple times in that it is idempotent. It is recommended to enable the Billing Policy in the Consuming Tenant if, for whatever reason, your Billing Policy changes. For example, if you want to change the Azure Subscription Id or Resource Group.
+
+## Offboarding a Microsoft 365 Backup application
+
+### Another application is Activated as the Microsoft 365 Backup Storage Controller
+
+If your application is the active Microsoft 365 Backup Storage Controller, it's possible that another application (first-party or third-party) can also be activated as per the onboarding process defined in [Existing-Microsoft 365 Backup Storage Controller](#existing-microsoft-365-backup-storage-controller) and [Existing Microsoft 365 Backup Storage Controller Grace Period](#existing-microsoft-365-backup-storage-controller-grace-period). If this event occurs, your application won't be explicitly notified. However, the state of your application becomes **pendingInactive**.
+T
+o get the state of your application being the Microsoft 365 Backup Storage Controller your application can execute the [Get serviceApp](/graph/api/serviceapp-get?view=graph-rest-beta) API:
+```http
+GET /solutions/backupRestore/serviceApps/{serviceAppId}
+```
+
+**During the Grace Period:**
+- Your application has a state of **pendingInactive**.
+- Your application continues to have access to the existing Protection Policies and is able to change or create Protection Policies or perform any Restores (as per your oAuth permission scopes).
+- Your application continues to be responsible for the Microsoft 365 Backup billing and hence the consumption in the Consuming Tenant.
+- The Consuming Tenant Backup Admin can cancel the pending change of the Microsoft 365 Backup Storage Controller and revert back to original state such that your application is restored as the active Microsoft 365 Backup Storage Controller.
+
+**On completion of the Grace Period:**
+- Your application has a state of **inactive**.
+- Your application is no longer responsible for the Microsoft 365 Backup billing and hence the pay-as-you-go billing in the Consuming Tenant.
+
+### Deactivate your application as the Microsoft 365 Backup Storage Controller
+
+To deactivate your application from being the Microsoft 365 Backup Service in the Consuming Tenant, your application needs to execute the [serviceApp: deactivate](/graph/api/serviceapp-deactivate?view=graph-rest-beta) API:
+```http
+POST /solutions/backupRestore/serviceApps/{serviceAppId}/deactivate
+```
+
+The outcome of deactivating your application depends on the current state of your application.
+
+#### Deactivating with current state of inactive
+Deactivating your application that has a state of **inactive** does nothing.
+
+#### Deactivating with current state of pendingActive
+Deactivating your application that has a state of **pendingActive** cancels your pending change to become the Microsoft 365 Backup Storage Controller.
+After successfully invoking the API:
+- Your application has a state of **inactive**.
+- The application that is currently the Microsoft 365 Backup Storage Controller has a state of **active**.
+
+> [!NOTE]
+> Deactivating your application as the Microsoft 365 Backup Storage Controller will notify all of the Consuming Tenant Backup Admins via an email.
+
+#### Deactivating with current state of pendingInactive
+
+Deactivating your application that has a state of **pendingInactive** won't do anything to the pending change of the Microsoft 365 Backup Storage Controller. That is, the pending change continues until the Grace Period is complete.
+
+#### Deactivating with current state of active
+
+You can't deactivate your application that has a state of **active** and your request fails with an HTTP error 403 code.
+
+To deactivate your application as the Microsoft 365 Backup Storage Controller, either another application needs to be activated, or you can [unregister your application](#unregister-your-application-as-the-microsoft-365-backup-storage-controller) to be a Microsoft 365 Backup Storage Controller.
+
+### Unregister your application as the Microsoft 365 Backup Storage Controller
+
+To unregister your application from being the Microsoft 365 Backup Storage Controller in the Consuming Tenant, your application needs to execute the [Delete serviceApp](/graph/api/backuprestoreroot-delete-serviceapps?view=graph-rest-beta) API:
+```http
+DELETE /solutions/backupRestore/serviceApps/{serviceAppId}
+```
+
+The outcome of unregistering your application depends on the current state of your application.
+
+> [!NOTE]
+> Unregistering your application as the Microsoft 365 Backup Storage Controller will notify all of the Consuming Tenant Backup Admins via an email.
+
+#### Unregistering with current state of inactive
+
+Unregistering your application that has a state of **inactive** removes your application as being available to be the Microsoft 365 Backup Storage Controller.
+After successfully invoking the API:
+- Your application is no longer available to become the Microsoft 365 Backup Storage Controller (unless it's reregistered).
+
+#### Unregistering with current state of pendingActive
+
+Unregistering your application that has a state of **pendingActive** cancels your pending change to become the Microsoft 365 Backup Storage Controller.
+After successfully invoking the API:
+- Your application is no longer available to become the Microsoft 365 Backup Storage Controller (unless it's reregistered).
+- Your application no longer has read-only access to any existing Protection Policies.
+- The application that is currently the Microsoft 365 Backup Storage Controller has a state of **active**.
+
+#### Unregistering with current state of pendingInactive
+
+You can't unregister your application that has a state of **pendingInactive** and your request fails with an HTTP 403 error code.
+
+To unregister your application as the Microsoft 365 Backup Storage Controller, you'll need to wait for the Grace Period to be complete (or if the pending change is canceled and your application is reinstated as the Microsoft 365 Backup Storage Controller).
+
+#### Unregistering with current state of active
+
+Unregistering your application that has a state of **active** automatically initiates a pending change of the Microsoft 365 Backup Storage Controller with a mandatory 7-day Grace Period.
+
+**After successfully invoking the API and during the Grace Period:**
+- Your application won't be able access, create, or change any Protection Policies or perform any Restores.
+- Your application is no longer be available to become the Microsoft 365 Backup Storage Controller (unless it's reregistered).
+- Your application continues to be responsible for the Microsoft 365 Backup billing and hence the consumption in the Consuming Tenant until another application is activated to become the Microsoft 365 Backup Storage Controller.
+
+**On completion of the Grace Period:**
+- Your application is still no longer available to become the Microsoft 365 Backup Storage Controller (unless it's reregistered).
+- If another application is not activated to be the Microsoft 365 Backup Storage Controller, then the offboarding of the Microsoft 365 Backup Service in the Consuming Tenant is initiated.
+- Your application continues to be responsible for the Microsoft 365 Backup billing and hence the consumption in the Consuming Tenant until another application is activated to be the Microsoft 365 Backup Storage Controller or until the billing period expires (30-days) as per the offboarding of the Microsoft 365 Backup Service in the Consuming Tenant.
+
+> [!WARNING]
+> If your application is the active Microsoft 365 Backup Storage Controller when you unregister it, you are potentially responsible for an additional 37 days (7 days plus 30 days) for the Microsoft 365 Backup pay-as-you-go billing in the Consuming Tenant.
backup Backup 3P Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/storage/backup-3p-overview.md
+
+ Title: Overview for third-party developers of Microsoft 365 Backup Storage (Preview)
+++
+audience: admin
+ Last updated : 06/03/2024+++
+search.appverid:
+
+ - essentials-overview
+ms.localizationpriority: medium
+description: Overview for third-party developers for Microsoft 365 Backup Storage.
++
+# Overview for third-party developers of Microsoft 365 Backup Storage (Preview)
+
+Third-party developers can create their own applications to manage Microsoft 365 Backup Storage instead of using the out-of-the-box experience provided by Microsoft.
+
+Creating an application means that your third-party application becomes the Microsoft 365 Backup Storage **Controller** in the tenant where your application is deployed.
+
+To create and deploy an application, the third-party developers perform the following tasks:
+
+1. Develop your third-party Microsoft 365 Backup Storage application with the required oAuth permissions scopes and [Backup storage Graph APIs](/graph/api/resources/backuprestoreroot?view=graph-rest-beta).
+
+2. Create a Billing Policy for your Microsoft 365 Backup Storage application as per [Set up third-party billing for Microsoft 365 Backup Storage](backup-3p-billing.md).
+
+3. Request the Consuming Tenant Backup Admin to consent your Microsoft 365 Backup Storage application to be able to execute in the Consuming Tenant.
+
+> [!NOTE]
+> This is the standard app registration workflow that is typically invoked by the Consuming Tenant Admin clicking on the following URL:
+> ```
+> https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={applicationId}&response_type=code&scope=https://graph.microsoft.com/.default
+> ```
bookings Bookings In Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-in-outlook.md
- essentials-get-started - essentials-manage - must-keep- description: "Steps to turn your Personal Bookings page on or off"
description: "Steps to turn your Personal Bookings page on or off"
Personal Bookings has two different views: -- **Organizer view**: An organizer is someone who creates meeting types and shares the booking page with others so that they can easily schedule meetings with them. A personal booking page is where you can create meeting types that others can book with you. Custom meeting types give you the ability to customize when you want to meet and how that meeting type is shared with others. You control whether each meeting type is public to your scheduling page or is private and can only be accessed by a select group of people. You can access your Bookings with me page through Outlook, web and Teams. After you set up your page and publish it, you can share it with others. For example, you can add it to your Outlook signature. [Learn more about setup and sharing in Bookings with me](https://support.microsoft.com/office/bookings-with-me-setup-and-sharing-ad2e28c4-4abd-45c7-9439-27a789d254a2).
+- **Organizer view**: An organizer is someone who creates meeting types and shares the booking page with others so that they can easily schedule meetings with them. A personal booking page is where you can create meeting types that others can book with you. Custom meeting types give you the ability to customize when you want to meet and how that meeting type is shared with others. You control whether each meeting type is public to your scheduling page or is private and can only be accessed by a select group of people. You can access your Bookings with me page through Outlook, web and Teams. After you set up your page and publish it, you can share it with others. For example, you can add it to your Outlook signature.
- **Attendee view**: An attendee is someone who uses the booking page to create or attend a meeting scheduled by an organizer. After the organizer shares their personal booking page with others, those visitors will see the attendee view.
Bookings with me is an ideal solution for enterprise, small business, and users
### End users
-For more information on how your users can work with Bookings with me, see the following articles:
--- [Set up Bookings with me](https://support.microsoft.com/office/bookings-with-me-setup-and-sharing-ad2e28c4-4abd-45c7-9439-27a789d254a2)-- [Bookings with me articles](https://support.microsoft.com/office/bookings-with-me-articles-c69c4703-e812-435c-9fc2-d194e10fd205)- ## Before you begin Personal Bookings can be turned on or off for your entire organization or for specific users. When you turn on Bookings for users, they can create a Bookings page, share their page with others, and allow other people to book time with them. This article is for owners and administrators who manage Personal Bookings for their organizations.
Also, Bookings with me won't create a new mailbox for each Bookings with me page
### Who can access my public Bookings page?
-Public meeting types can be accessed by anyone that has your Bookings with me page address. You decide who you share your Bookings with me page address with. For more information, see [Select a meeting time in Bookings with me](https://support.microsoft.com/office/select-a-meeting-time-in-bookings-with-me-8f3bbe5b-4bc6-4073-bf61-57383c00b43a).
+Public meeting types can be accessed by anyone that has your Bookings with me page address. You decide who you share your Bookings with me page address with.
### What is the difference between public and private meeting types? Meeting types can be public or private. Public meeting types are available to anyone that you share your Bookings page link with. Private meeting types are only available to people that you share the individual private meeting type with.
-Private meeting types can also generate single use links. Single use links expire after their first booking. For more information, see [setup Bookings with me meeting types](https://support.microsoft.com/office/bookings-with-me-setup-and-sharing-ad2e28c4-4abd-45c7-9439-27a789d254a2).
+Private meeting types can also generate single use links. Single use links expire after their first booking.
### Do people need to have a Microsoft account or Bookings license to schedule time with me?
enterprise Configure Exchange Server For Hybrid Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md
Title: "How to configure Exchange Server on-premises to use Hybrid Modern Authentication"
+ Title: "Configure Exchange Server to use Hybrid Modern Auth"
# How to configure Exchange Server on-premises to use Hybrid Modern Authentication
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
+## Overview
-Hybrid Modern Authentication (HMA) is a method of identity management that offers more secure user authentication and authorization, and is available for Exchange server on-premises hybrid deployments.
+Hybrid Modern Authentication (HMA) in Microsoft Exchange Server is a feature that allows users to access mailboxes, which are hosted on-premises, by using authorization tokens obtained from the cloud.
-## Enabling Hybrid Modern Authentication
+HMA enables Outlook to obtain Access and Refresh OAuth tokens from Microsoft Entra ID, either directly for password hash sync or Pass-Through Auth identities, or from their own Secure Token Service (STS) for federated identities. Exchange on-premises accepts these tokens and provide mailbox access. The method of obtaining these tokens and the credentials required are determined by the capabilities of the identity provider (iDP), which could range from simple username and password to more complex methods such as certificates, phone auth, or biometric methods.
-Turning on HMA requires that your environment meets the following:
+For HMA to work, the user's identity must be present in Microsoft Entra ID, and some configuration is required, which is handled by the Exchange Hybrid Configuration Wizard (HCW).
-1. Make sure you meet the prerequisites before you begin.
+In comparison to legacy authentication methods such as NTLM, HMA offers several advantages. It provides a more secure and flexible authentication method, leveraging the power of cloud-based authentication. Unlike NTLM, which relies on a challenge-response mechanism and doesn't support modern authentication protocols, HMA uses OAuth tokens, which are more secure and offer better interoperability.
-2. Since many prerequisites are common for both Skype for Business and Exchange, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md). Do this before you begin any of the steps in this article.
-Requirements about linked mailboxes to be inserted.
+HMA is a powerful feature that enhances the flexibility and security of accessing on-premises applications, leveraging the power of cloud-based authentication. It represents a significant improvement over legacy authentication methods, offering enhanced security, flexibility, and user convenience.
-3. Add on-premises web service URLs as **Service Principal Names (SPNs)** in Microsoft Entra ID. In case Exchange on-premises is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange on-premises.
+## Prerequisites to enable Hybrid Modern Auth
-4. Ensure all Virtual Directories are enabled for HMA
+In this section, we provide information and steps that need to be done to successfully configure and enable Hybrid Modern Auth in Microsoft Exchange Server.
-5. Check for the EvoSTS Auth Server object
+### Protocols that work with Hybrid Modern Auth
-6. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid
+Hybrid Modern Authentication works for the following Exchange Server protocols:
-7. Ensure that all user identities are synchronized with Microsoft Entra ID
+|Protocol|Hybrid Modern Auth Supported|
+|--||
+|MAPI over HTTP (MAPI/HTTP)|Yes|
+|Outlook Anywhere (RPC/HTTP)|No|
+|Exchange Active Sync (EAS)|Yes|
+|Exchange Web Services (EWS)|Yes|
+|Outlook on the Web (OWA)|Yes|
+|Exchange Admin Center (ECP)|Yes|
+|Offline Address Book (OAB)|Yes|
+|IMAP|No|
+|POP|No|
-8. Enable HMA in Exchange on-premises.
+### Steps to follow to configure and enable Hybrid Modern Auth
-> [!NOTE]
-> Does your version of Office support MA? See [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
+To enable Hybrid Modern Authentication (HMA), you must ensure that your organization meets all necessary prerequisites. Additionally, you should confirm that your Office client is compatible with Modern Authentication. For more details, refer to the documentation on [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
-> [!WARNING]
-> Publishing Outlook Web App and Exchange Control Panel through Microsoft Entra application proxy is unsupported.
+1. Make sure you meet the prerequisites before you begin. Since many prerequisites are common for both Skype for Business and Exchange Server, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md).
+
+2. [Add on-premises web service URLs to Microsoft Entra ID](#add-on-premises-web-service-urls-as-spns-in-microsoft-entra-id). The URLs must be added as `Service Principal Names (SPNs)`. In case that your Exchange Server setup is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange Server on-premises.
+
+3. [Ensure that all virtual directories are enabled for HMA](#verify-virtual-directories-are-properly-configured). If you want to configure [Hybrid Modern Authentication for Outlook on the Web (OWA) and Exchange Control Panel (ECP)](#enable-hybrid-modern-authentication-for-owa-and-ecp), it's important to also verify the respective directories.
+
+4. [Check for the EvoSTS Auth Server object](#confirm-the-evosts-auth-server-object-is-present).
+
+5. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid.
+
+6. Ensure that all user identities are synchronized with Microsoft Entra ID.
+
+7. (Optional) If you want to use the Outlook for iOS and Android client, make sure to [allow the AutoDetect service to connect to your Exchange Server](#using-hybrid-modern-authentication-with-outlook-for-ios-and-android).
+
+8. [Enable HMA in Exchange on-premises](#enable-hma).
<a name='add-on-premises-web-service-urls-as-spns-in-azure-ad'></a>
Run the commands that assign your on-premises web service URLs as Microsoft Entr
Get-ClientAccessService | fl Name, AutodiscoverServiceInternalUri Get-OABVirtualDirectory -ADPropertiesOnly | fl server,*url* Get-AutodiscoverVirtualDirectory -ADPropertiesOnly | fl server,*url*
- Get-OutlookAnywhere -ADPropertiesOnly | fl server,*hostname*
+ Get-ActiveSyncVirtualDirectory -ADPropertiesOnly | fl server,*url*
``` Ensure the URLs clients might connect to are listed as HTTPS service principal names in Microsoft Entra ID. In case Exchange on-premises is in hybrid with **multiple tenants**, these HTTPS SPNs should be added in the Microsoft Entra ID of all the tenants in hybrid with Exchange on-premises.
Run the commands that assign your on-premises web service URLs as Microsoft Entr
Install-Module Microsoft.Graph -Scope AllUsers ```
-3. Next, connect to Microsoft Entra ID with [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:
+3. Next, connect to Microsoft Entra ID by following [these instructions](connect-to-microsoft-365-powershell.md). To consent to the required permissions, run the following command:
```powershell Connect-MgGraph -Scopes Application.Read.All, Application.ReadWrite.All
Run the commands that assign your on-premises web service URLs as Microsoft Entr
Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'" | select -ExpandProperty ServicePrincipalNames ```
- Take a note of (and screenshot for later comparison) the output of this command, which should include an `https://*autodiscover.yourdomain.com*` and `https://*mail.yourdomain.com*` URL, but mostly consist of SPNs that begin with `00000002-0000-0ff1-ce00-000000000000/`. If there are `https://` URLs from your on-premises that are missing, those specific records should be added to this list.
-
-5. If you don't see your internal and external `MAPI/HTTP`, `EWS`, `ActiveSync`, `OAB`, and `Autodiscover` records in this list, you must add them. Use the following command to add all URLs that are missing:
+ Note down the output of this command, which should include an `https://*autodiscover.yourdomain.com*` and `https://*mail.yourdomain.com*` URL, but mostly consist of SPNs that begin with `00000002-0000-0ff1-ce00-000000000000/`. If there are `https://` URLs from your on-premises that are missing, those specific records should be added to this list.
- > [!IMPORTANT]
- > In our example, the URLs that will be added are `mail.corp.contoso.com` and `owa.contoso.com`. Make sure that they are replaced by the URLs that are configured in your environment.
+5. If you don't see your internal and external `MAPI/HTTP`, `EWS`, `ActiveSync`, `OAB`, and `AutoDiscover` records in this list, you must add them. Use the following command to add all URLs that are missing. In our example, the URLs that are added are `mail.corp.contoso.com` and `owa.contoso.com`. Make sure that they're replaced by the URLs that are configured in your environment.
```powershell $x = Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
Run the commands that assign your on-premises web service URLs as Microsoft Entr
Update-MgServicePrincipal -ServicePrincipalId $x.Id -ServicePrincipalNames $ServicePrincipalUpdate ```
-5. Verify your new records were added by running the `Get-MsolServicePrincipal` command from step 2 again, and looking through the output. Compare the list / screenshot from before to the new list of SPNs. You might also take a screenshot of the new list for your records. If you are successful, you'll see the two new URLs in the list. Going by our example, the list of SPNs now includes the specific URLs `https://mail.corp.contoso.com` and `https://owa.contoso.com`.
+6. Verify that your new records were added by running the `Get-MsolServicePrincipal` command from step 2 again, and validate the output. Compare the list from before to the new list of SPNs. You might also note down the new list for your records. If you're successful, you should see the two new URLs in the list. Going by our example, the list of SPNs now includes the specific URLs `https://mail.corp.contoso.com` and `https://owa.contoso.com`.
-## Verify Virtual Directories are Properly Configured
+## Verify virtual directories are properly configured
-Now verify OAuth is properly enabled in Exchange on all of the Virtual Directories Outlook might use by running the following commands:
+Now verify OAuth is properly enabled in Exchange on all of the virtual directories Outlook might use by running the following commands:
```powershell
-Get-MapiVirtualDirectory | FL server,*url*,*auth*
-Get-WebServicesVirtualDirectory | FL server,*url*,*oauth*
-Get-OABVirtualDirectory | FL server,*url*,*oauth*
-Get-AutoDiscoverVirtualDirectory | FL server,*oauth*
+Get-MapiVirtualDirectory | fl server,*url*,*auth*
+Get-WebServicesVirtualDirectory | fl server,*url*,*oauth*
+Get-OABVirtualDirectory | fl server,*url*,*oauth*
+Get-AutoDiscoverVirtualDirectory | fl server,*oauth*
+Get-ActiveSyncVirtualDirectory | fl server,*url*,*auth*
```
-Check the output to make sure **OAuth** is enabled on each of these VDirs, it looks something like this (and the key thing to look at is 'OAuth'):
+Check the output to make sure `OAuth` is enabled for each of these virtual directories, it looks something like this (and the key thing to look at is `OAuth` as mentioned before):
```powershell Get-MapiVirtualDirectory | fl server,*url*,*auth*
If OAuth is missing from any server and any of the four virtual directories, you
## Confirm the EvoSTS Auth Server Object is Present
-Return to the on-premises Exchange Management Shell for this last command. Now you can validate that your on-premises has an entry for the evoSTS authentication provider:
+Now on the Exchange Server on-premises Management Shell (EMS) run this last command. You can validate that your Exchange Server on-premises returns an entry for the evoSTS authentication provider:
```powershell Get-AuthServer | where {$_.Name -like "EvoSts*"} | ft name,enabled ```
-Your output should show an AuthServer of the Name EvoSts with a GUID and the 'Enabled' state should be **True**. If not, you should download and run the most recent version of the Hybrid Configuration Wizard.
+Your output should show an AuthServer of the Name `EvoSts - <GUID>` and the `Enabled` state should be `True`. If that's not the case, you should download and run the most recent version of the [Hybrid Configuration Wizard](https://aka.ms/HybridWizard).
-> [!NOTE]
-> In case Exchange on-premises is in hybrid with **multiple tenants**, your output should show one AuthServer of the Name `EvoSts - {GUID}` for each tenant in hybrid with Exchange on-premises and the *Enabled* state should be **True** for all of these AuthServer objects.
-
-> [!IMPORTANT]
-> If you're running Exchange 2010 in your environment, the EvoSTS authentication provider won't be created.
+In case that Exchange Server on-premises runs a hybrid configuration with **multiple tenants**, your output shows one AuthServer with the Name `EvoSts - <GUID>` for each tenant in hybrid with Exchange Server on-premises and the `Enabled` state should be `True` for all of these AuthServer objects.
## Enable HMA
-Run the following command in the Exchange Management Shell, on-premises, replacing \<GUID\> in the command line with the GUID from the output of the last command you ran:
+Run the following commands in the Exchange Server on-premises Management Shell (EMS) and replace the `<GUID>` in the command line with the GUID from the output of the last command you ran. In older versions of the Hybrid Configuration Wizard the EvoSts AuthServer was named `EvoSTS` without a GUID attached. There's no action you need to take, just modify the preceding command line by removing the GUID portion of the command.
```powershell Set-AuthServer -Identity "EvoSTS - <GUID>" -IsDefaultAuthorizationEndpoint $true Set-OrganizationConfig -OAuth2ClientProfileEnabled $true ```
-> [!NOTE]
-> In older versions of the Hybrid Configuration Wizard the EvoSts AuthServer was simply named EvoSTS without a GUID attached. There is no action you need to take, just modify the preceding command line to reflect this by removing the GUID portion of the command:
->
-> ```powershell
-> Set-AuthServer -Identity EvoSTS -IsDefaultAuthorizationEndpoint $true
-> ```
-
-If the Exchange on-premises version is Exchange 2016 (CU18 or higher) or Exchange 2019 (CU7 or higher) and hybrid was configured with HCW downloaded after September 2020, run the following command in the Exchange Management Shell, on-premises:
+If the Exchange Server on-premises version is Exchange Server 2016 (CU18 or higher) or Exchange Server 2019 (CU7 or higher) and hybrid was configured by the help of the HCW downloaded **after September 2020**, run the following command in the Exchange Server on-premises Management Shell (EMS). For the `DomainName` parameter, use the tenant domain value, which is usually in the form `contoso.onmicrosoft.com`:
```powershell Set-AuthServer -Identity "EvoSTS - {GUID}" -DomainName "Tenant Domain" -IsDefaultAuthorizationEndpoint $true Set-OrganizationConfig -OAuth2ClientProfileEnabled $true ```
-> [!NOTE]
-> In case Exchange on-premises is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in Exchange on-premises with domains corresponding to each tenant. The **IsDefaultAuthorizationEndpoint** flag should be set to true (using the **IsDefaultAuthorizationEndpoint** cmdlet) for any one of these AuthServer objects. This flag can't be set to true for all the Authserver objects and HMA would be enabled even if one of these AuthServer object's **IsDefaultAuthorizationEndpoint** flag is set to true.
-
-> [!NOTE]
-> For the **DomainName** parameter, use the tenant domain value, which is usually in the form `contoso.onmicrosoft.com`.
+In case Exchange Server on-premises is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in the Exchange Server on-premises organizations with domains corresponding to each tenant. The `IsDefaultAuthorizationEndpoint` flag should be set to `True` for any one of these AuthServer objects. The flag can't be set to true for all the AuthServer objects and HMA would be enabled even if one of these AuthServer object `IsDefaultAuthorizationEndpoint` flag is set to true.
## Verify Once you enable HMA, a client's next sign in will use the new auth flow. Just turning on HMA won't trigger a reauthentication for any client, and it might take a while for Exchange to pick up the new settings.
-You should also hold down the CTRL key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select **Connection Status**. Look for the client's SMTP address against an **AuthN** type of `Bearer\*`, which represents the bearer token used in OAuth.
-
-> [!NOTE]
-> Need to configure Skype for Business with HMA? You'll need two articles: One that lists [supported topologies](/skypeforbusiness/plan-your-deployment/modern-authentication/topologies-supported), and one that shows you [how to do the configuration](configure-skype-for-business-for-hybrid-modern-authentication.md).
+You should also hold down the `CTRL` key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select `Connection Status`. Look for the client's SMTP address against an `AuthN` type of `Bearer\*`, which represents the bearer token used in OAuth.
## Enable Hybrid Modern Authentication for OWA and ECP Hybrid Modern Authentication can now also be enabled for `OWA` and `ECP`. Make sure that the [Prerequisites](#prerequisites-to-enable-hybrid-modern-authentication-for-owa-and-ecp) are fulfilled before you continue.
-After the Hybrid Modern Authentication was enabled for `OWA` and `ECP`, each end user and administrator who tries to login into `OWA` or `ECP` will be redirected to the Microsoft Entra ID authentication page first. After the authentication was successful, the user will be redirected to `OWA` or `ECP`.
+After the Hybrid Modern Authentication was enabled for `OWA` and `ECP`, each end user and administrator who tries to log in into `OWA` or `ECP` will be redirected to the Microsoft Entra ID authentication page first. After the authentication was successful, the user will be redirected to `OWA` or `ECP`.
### Prerequisites to enable Hybrid Modern Authentication for OWA and ECP
+> [!IMPORTANT]
+> All servers must have at least the [Exchange Server 2019 CU14](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506) update installed. They must also run the [Exchange Server 2019 CU14 April 2024 HU](https://support.microsoft.com/help/5037224) or a later update.
+ To enable Hybrid Modern Authentication for `OWA` and `ECP`, all user identities must be synchronized with Microsoft Entra ID. In addition to this it's important that OAuth setup between Exchange Server on-premises and Exchange Online has been established before further configuration steps can be done.
-Customers who have already run the Hybrid Configuration Wizard (HCW) to configure hybrid, will have an OAuth configuration in place. If OAuth was not configured before, it can be done by running the HCW or by following the steps as outlined in the [Configure OAuth authentication between Exchange and Exchange Online organizations](/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help) documentation.
-
-It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory` settings before making any changes. This documentation will enable you to restore the original settings if any issues arise after configuring the feature.
+Customers who have already run the Hybrid Configuration Wizard (HCW) to configure hybrid, have an OAuth configuration in place. If OAuth wasn't configured before, it can be done by running the HCW or by following the steps as outlined in the [Configure OAuth authentication between Exchange and Exchange Online organizations](/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help) documentation.
-> [!IMPORTANT]
-> All servers must have at least the [Exchange Server 2019 CU14](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506) update installed. They must also run the [Exchange Server 2019 CU14 April 2024 HU](https://support.microsoft.com/help/5037224) or a later update.
+It's recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory` settings before making any changes. This documentation will enable you to restore the original settings if any issues arise after configuring the feature.
### Steps to enable Hybrid Modern Authentication for OWA and ECP
-1. Query the `OWA` and `ECP` URLs that are configured on your Exchange Server on-premises . This is important because they must be added as reply url to Microsoft Entra ID:
+> [!WARNING]
+> Publishing Outlook Web App (OWA) and Exchange Control Panel (ECP) through Microsoft Entra application proxy is unsupported.
+
+1. Query the `OWA` and `ECP` URLs that are configured on your Exchange Server on-premises. This is important because they must be added as reply url to Microsoft Entra ID:
```powershell Get-OwaVirtualDirectory -ADPropertiesOnly | fl name, *url* Get-EcpVirtualDirectory -ADPropertiesOnly | fl name, *url* ```
-2. Install the Microsoft Graph PowerShell module if it has not yet been installed:
+2. Install the Microsoft Graph PowerShell module if it hasn't yet been installed:
```powershell Install-Module Microsoft.Graph -Scope AllUsers
It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory
7. To enable Exchange Server on-premises ability to perform Hybrid Modern Authentication, follow the steps outlined in the [Enable HMA](#enable-hma) section.
-8. **(Optional)** Only required if [Download Domains](/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains) are used:
+8. (Optional) Only required if [Download Domains](/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains) are used:
Create a new global setting override by running the following commands from an elevated Exchange Management Shell (EMS). Run these commands on one Exchange Server:
It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory
Restart-Service -Name W3SVC, WAS -Force ```
-9. **(Optional)** Only required in [Exchange resource forest topology](/exchange/deploy-exchange-2013-in-an-exchange-resource-forest-topology-exchange-2013-help) scenarios:
+9. (Optional) Only required in [Exchange resource forest topology](/exchange/deploy-exchange-2013-in-an-exchange-resource-forest-topology-exchange-2013-help) scenarios:
Add the following keys to the `<appSettings>` node of the `<ExchangeInstallPath>\ClientAccess\Owa\web.config` file. Do this on each Exchange Server:
It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory
Restart-Service -Name W3SVC, WAS -Force ```
-10. To enable Hybrid Modern Authentication for `OWA` and `ECP`, you must first disable any other authentication method on these virtual directories. Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
-
- > [!IMPORTANT]
- > It's important to execute these commands in the given order. Otherwise, you'll see an error message when running the commands. After running these commands, login to `OWA` and `ECP` will stop work until the OAuth authentication for those virtual directories has been activated.
- >
- > Also, make sure that all accounts are synchronized, especially the accounts used for administration to Microsoft Entra ID. Otherwise, the login will stop working until they are synchronized. Note that accounts, such as the built-in Administrator, wonΓÇÖt be synchronized with Microsoft Entra ID and, therefore, canΓÇÖt be used for administration once HMA for OWA and ECP has been enabled. This is due to the `isCriticalSystemObject` attribute, which is set to `TRUE` for some accounts.
+10. To enable Hybrid Modern Authentication for `OWA` and `ECP`, you must first disable any other authentication method on these virtual directories. It's important to perform the configuration in the given order. Failing to do so may result in an error message during the command execution.<br><br>After running these commands, login to `OWA` and `ECP` will stop work until the OAuth authentication for those virtual directories has been activated. Ensure that all accounts are synchronized to Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized.<br>Accounts, such as the built-in Administrator, won't be synchronized with Microsoft Entra ID and, therefore, can't be used for administration once HMA for OWA and ECP has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts.<br><br>Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
```powershell Get-OwaVirtualDirectory -Server <computername> | Set-OwaVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false Get-EcpVirtualDirectory -Server <computername> | Set-EcpVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false ```
-11. Enable OAuth for the `OWA` and `ECP` virtual directory. Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
-
- > [!IMPORTANT]
- > It's important to execute these commands in the given order. Otherwise, you'll see an error message when running the commands.
+11. Enable OAuth for the `OWA` and `ECP` virtual directory. It's important to perform the configuration in the given order. Failing to do so may result in an error message during the command execution. For each `OWA` and `ECP` virtual directory on every Exchange Server, these commands must be run:
```powershell Get-EcpVirtualDirectory -Server <computername> | Set-EcpVirtualDirectory -OAuthAuthentication $true
It is recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory
## Using Hybrid Modern Authentication with Outlook for iOS and Android
-If you're an on-premises customer using Exchange Server on TCP 443, allow network traffic from the following IP ranges:
+If you want to use the Outlook for iOS and Android client together with Hybrid Modern Authentication, make sure to allow the AutoDetect service to connect to your Exchange Server on `TCP 443` (HTTPS):
```console 52.125.128.0/20 52.127.96.0/23 ```
-These IP address ranges are also documented in [Additional endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls).
+The IP address ranges can also be found in the [Additional endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls) documentation.
## Related articles
enterprise Plan Multi Tenant Org Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-multi-tenant-org-overview.md
External access is required for chats and calls between tenants. External access
Using [shared channels in Teams](/microsoftteams/shared-channels) with other tenants in a multitenant organization works the same as using shared channels with any other external organization. While the organizational relationship in Microsoft Entra ID is configured as part of multitenant organization configuration, you must still enable shared channels in Teams and configure the B2B direct connect settings in Microsoft Entra ID. For details, see [Collaborate with external participants in a shared channel](/microsoft-365/solutions/collaborate-teams-direct-connect). ## License requirements
-Use of the multitenant organization feature requires Microsoft 365 E3 or E5 subscriptions and Microsoft Entra ID P1 licenses or above in all multitenant organization tenants. For additional details, see [Entra multitenant organization licensing requirements](/entra/identity/multi-tenant-organizations/multi-tenant-organization-overview#license-requirements). If you plan on utilizing [Entra cross-tenant sync](/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview) via the Microsoft 365 admin center or Microsoft Entra ID, also see [Entra cross-tenant sync licensing requirements](/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview#license-requirements).
+Use of the multitenant organization feature requires Microsoft Entra ID P1 licenses or above in all multitenant organization tenants. For additional details, see [Entra multitenant organization licensing requirements](/entra/identity/multi-tenant-organizations/multi-tenant-organization-overview#license-requirements). If you plan on utilizing [Entra cross-tenant sync](/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview) via the Microsoft 365 admin center or Microsoft Entra ID, also see [Entra cross-tenant sync licensing requirements](/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview#license-requirements).
## Limitations for multitenant organizations in Microsoft 365
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Data columns shown are:
[!INCLUDE [Microsoft 365 worldwide endpoints](../includes/office-365-worldwide-endpoints.md)]
-> [!NOTE]
-> For recommendations on Viva Engage IP addresses and URLs, see [Using hard-coded IP addresses for Viva Engage is not recommended](https://techcommunity.microsoft.com/t5/yammer-Blog/Using-hard-coded-IP-addresses-for-yammer-is-not-recommended/ba-p/276592) on the Viva Engage blog.
- ## Related Topics [Additional endpoints not included in the Microsoft 365 IP Address and URL Web service](additional-office365-ip-addresses-and-urls.md)
frontline Frontline Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/frontline-usage-report.md
description: Use the frontline usage report on the Manage frontline teams page of the Teams admin center to get an overview of active users in Teams for each of your frontline locations. - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 05/03/2024 Last updated : 06/10/2024 # Microsoft Teams frontline usage report
In the Teams admin center, choose **Frontline deployment** > **Manage frontline
- Directly, by going to the **Usage** tab. :::image type="content" source="media/flw-usage-report-usage-tab.png" alt-text="Screenshot of the Usage tab on the Manage frontline teams page." lightbox="media/flw-usage-report-usage-tab.png":::-- Through the **App usage - Microsoft Teams** card. (Coming soon). This card shows the overall percentage of users across all your frontline teams that have been active on Teams in the last 30 days. Choose **View details** to go to the dashboard.
+- Through the **App usage - Microsoft Teams** card. If you leave the **Usage** tab before your report is generated, you can come back to the Manage frontline teams page to view your report later. When your report finishes loading, the card shows the overall percentage of users across all your frontline teams that have been active on Teams in the last 30 days. Choose **View details** to go to the dashboard and view your report.
:::image type="content" source="media/flw-usage-report-app-usage-card.png" alt-text="Screenshot of the App usage - Microsoft Teams card on the Manage frontline teams page." lightbox="media/flw-usage-report-app-usage-card.png":::
includes Change Library View https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/change-library-view.md
- Title: Change the view in a document library in Microsoft SharePoint Syntex---- Previously updated : 04/08/2022-
-ms.customer: intro-overview
--
- - enabler-strategic
- - m365initiative-syntex
-description: Learn how to change the view in a document library in Microsoft SharePoint Syntex.
--
-There are multiple ways to view how you see the information in a SharePoint document library. You can change the view in your document library to fit your needs or preferences.
-
-To change the view on the library page, select the view dropdown menu to show the options, and then select the view you want to use.
-
- ![Screenshot of a view dropdown menu showing the view options.](../media/content-understanding/document-library-view-menu.png)
-
-For example, if you select **Tiles** from the list, the page will display as shown.
-
- ![Screenshot of a document library showing the Tiles view.](../media/content-understanding/document-library-tiles-view.png)
-
-The **Tiles** view displays up to eight user-created fields. If there are fewer than eight, up to four system-generated fields are shown: Sensitivity (if available), Retention (if available), Content type, Modified date, Modified by, and Classification date.
-
-To edit any current view, on the view dropdown menu, select **Edit current view**.
includes Global Administrator Note https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/global-administrator-note.md
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
lighthouse M365 Lighthouse Overview Of Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md
Previously updated : 01/17/2024 Last updated : 06/10/2024 audience: Admin
Microsoft 365 Lighthouse permissions are primarily managed by the following:
To use Lighthouse, you need a combination of roles assigned via RBAC and GDAP.
+## Global Administrator permissions in the partner tenant
+
+Partner tenant users assigned the Global Administrator role in Microsoft Entra ID can do the following:
+
+- Sign up for Lighthouse in the Microsoft 365 admin center.
+- Activate and inactive a tenant.
+- Create, update, and delete tags.
+- Assign tags to and remove tags from a customer tenant.
+- Review audit logs.
+- Create, edit, and view alert rules.
+ ## Managing Lighthouse RBAC permissions in the partner tenant Lighthouse permissions in the partner tenant are managed by assigning RBAC roles. Each role has a set of permissions that determines which data users can access and change within the partner tenant.
For more information about least-privileged roles by task, seeΓÇ»[Least-privileg
For more information about GDAP or Delegated Admin Privileges (DAP) deprecation, see [GDAP frequently asked questions - Partner Center](/partner-center/gdap-faq), [Delegated administration privileges (DAP) FAQ - Partner Center](/partner-center/dap-faq), or search the [Partner Center announcements](/partner-center/announcements/) for dates and timelines.
+The following tasks in Lighthouse have specific Microsoft Entra role requirements:
+
+- To create and manage service requests, Lighthouse users must have at least one Microsoft Entra role assigned to them with the following property set: **microsoft.office365.supportTickets/allEntities/allTasks**.
+
+- To monitor service health, Lighthouse users must have at least one Microsoft Entra role assigned to them with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**.
+
+For a complete list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). For information on how to assign roles, see [Assign Microsoft Entra roles to users](/azure/active-directory/roles/manage-roles-portal).
+ ## Related content [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) (article)
loop Loop Workspaces Storage Permission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-workspaces-storage-permission.md
appliesto:
# Overview of Loop workspaces storage and permissions
-Where the loop content was originally created determines its storage location. See the [Loop Storage](/microsoft-365/loop/loop-compliance-summary#loop-storage) section in [Summary of governance, lifecycle and compliance capabilities](/microsoft-365/loop/loop-compliance-summary) for Loop for a diagram and more information.
+Where the loop content was originally created determines its storage location. See the [Loop Storage](/microsoft-365/loop/loop-compliance-summary#loop-storage) section in [Summary of governance, lifecycle, and compliance capabilities](/microsoft-365/loop/loop-compliance-summary) for Loop for a diagram and more information.
## Loop app's usage of organization's storage quota
-Loop app workspaces are stored inside your tenant. Loop workspaces and pages count against your tenant's storage quota, starting November 2023. (Note that during the Loop app's Public Preview in 2023, Loop app content did **not** use your existing storage quota.)
+Loop app workspaces are stored inside your tenant. Loop workspaces and pages count against your tenant's storage quota, starting November 2023. During the Loop app's Public Preview in 2023, Loop app content did **not** use your existing storage quota.
## Content permissions mechanism
There's a distinction between sharing a specific Loop page with a user versus in
When you invite a user to a workspace, that user has access to all the pages in that workspace. Loop only supports inviting users to a workspace via this Workspace roster management flow, which enables access and sends an email invite to the invited users.
-When you share only a Loop page, you're giving users access to that specific page exclusively (not the whole workspace). The user can choose to use a company share link or people-specific share link; unless their tenant admin has disabled some of the share link types. When sharing a page, you can choose to grant the user "*edit*" or "*read only*" access.
+When you share only a Loop page, you're giving users access to that specific page exclusively (not the whole workspace). The user can choose to use a company share link or people-specific share link; unless their tenant admin disabled some of the share link types. When sharing a page, you can choose to grant the user "*edit*", or "*read only*" access.
+
+## Guest/External sharing
+
+You can share Loop workspaces, pages, and components with users external to your company (guests) so they can collaborate with you. There are a few requirements that must be met for guest sharing to be possible:
+
+- Your organization must allow sharing files with guest users. Learn how to [manage this policy](/sharepoint/turn-external-sharing-on-or-off#change-the-organization-level-external-sharing-setting).
+- The user you're sharing with must have a guest account in your tenant or [Business-to-Business Invitation Manager is enabled](/entra/external-id/what-is-b2b).
+- Your organization doesn't have sensitivity labels configured. Loop external sharing won't work for companies with sensitivity labels configured. Once sensitivity labels for Loop workspaces, pages, and components are generally available, then external sharing for companies with sensitivity labels configured will function.
+
+Workspaces can only be shared with users that have an existing guest account in your tenant. If Business-to-business Invitation Manager is enabled, users can share a page or component with a guest user which will enable the flow to create a guest account for the user.
+
+If the above conditions are met, then you can share with guest users by:
+
+1. Navigate to the Loop workspace or page you want to share (or, navigate to the Loop file within OneDrive).
+1. Open the share menu in the top right of the screen within Loop (or, open the share menu next to the file while viewing it within OneDrive).
+1. Choose if you want to share the workspace or page (only applies within Loop).
+1. Enter the user's email address you wish to share with.
+1. Select **Send** or **Invite**.
+
+Sharing with external participants is done through "Share with specific people" links. Company-wide share links won't work with external participants. You must designate the guest user explicitly in the share dialog.
+
+When a guest user accesses the Loop workspace, page, or component from the link from your organization, they sign in and access the shared content using their guest account. They'll need to utilize the share link again to access the Loop workspace, page, or component in the future, as the content from your organization will not be accessible via their standard account.
## Loop workspace membership and Microsoft 365 groups
-Loop workspaces currently have one type, with membership visible and manageable within the Loop app by the workspace owner. However, there is no integration with Microsoft 365 groups or Security groups.
+Loop workspaces currently have one type, with membership visible and manageable within the Loop app by the workspace owner. However, there's no integration with Microsoft 365 groups or Security groups.
-At present, owners cannot assign new members as owners. If the owner leaves the company, the workspace becomes ownerless. Administrators cannot assign new owners to ownerless workspaces.
+Currently, owners can't assign new members as owners. If the owner leaves the company, the workspace becomes ownerless. Administrators can't assign new owners to ownerless workspaces.
-PowerShell support for number of owners on a SharePoint Embedded container is not yet available. Once it is, to find ownerless workspaces, query Loop workspace containers in SharePoint Embedded. For more information, see [Consuming Tenant Admin](/sharepoint/dev/embedded/concepts/admin-exp/cta), and [Get-SPO Container](/powershell/module/sharepoint-online/get-spocontainer). The Loop Application ID is listed in [Summary of governance, lifecycle and compliance capabilities](/microsoft-365/loop/loop-compliance-summary).
+PowerShell support for number of owners on a SharePoint Embedded container isn't yet available. Once it is, to find ownerless workspaces, query Loop workspace containers in SharePoint Embedded. For more information, see [Consuming Tenant Admin](/sharepoint/dev/embedded/concepts/admin-exp/cta), and [Get-SPO Container](/powershell/module/sharepoint-online/get-spocontainer). The Loop Application ID is listed in [Summary of governance, lifecycle, and compliance capabilities](/microsoft-365/loop/loop-compliance-summary).
-Note that there are other types of groups and membership lists in the Microsoft ecosystem, such as Microsoft 365 groups and Security groups. Currently, Loop workspace membership cannot be managed by or associated with these groups or lists.
+There are other types of groups and membership lists in the Microsoft ecosystem, such as Microsoft 365 groups and Security groups. Currently, Loop workspace membership does not use these groups or lists.
## Storage management after user departure
Note that there are other types of groups and membership lists in the Microsoft
The Loop app is designed for shared workspaces and personal workspaces.
-Shared workspaces are backed by a roster and continue to exist even if someone leaves the company. However, if the creator of the workspace is the person who left the company, then others can't delete the workspace.
+Shared workspaces are permissioned with a roster and continue to exist even if someone leaves the company. However, if the creator of the workspace is the person who left the company, then others can't delete the workspace.
-Personal workspaces are also backed by a roster, but there's only one person in them by design. When a user leaves a company, their personal workspaces become ownerless.
+Personal workspaces are also permissioned with a roster, but there's only one person in them by design. When a user leaves a company, their personal workspaces become ownerless.
### In Loop components created in Microsoft 365 outside of the Loop app
Loop components created outside of the Loop are stored in the OneDrive of the pe
## Management of Loop app's storage
-See [Admin Management of Loop workspaces](/microsoft-365/loop/loop-compliance-summary#admin-management-of-loop-workspaces) section of the [Summary of governance, lifecycle and compliance capabilities](/microsoft-365/loop/loop-compliance-summary) for more information.
+See [available admin capabilities](/microsoft-365/loop/loop-compliance-summary#available-admin-capabilities) section of the [Summary of governance, lifecycle, and compliance capabilities](/microsoft-365/loop/loop-compliance-summary) for more information.
## Pricing and licensing model for Loop app
Refer to [Loop access via Microsoft 365 subscriptions](https://support.microsoft
## Related topics
-[Summary of governance, lifecycle and compliance capabilities](/microsoft-365/loop/loop-compliance-summary)
+[Summary of governance, lifecycle, and compliance capabilities](/microsoft-365/loop/loop-compliance-summary)
solutions Collaborate As Team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-as-team.md
Title: Collaborate with guests in a team (IT Admins)
Previously updated : 07/18/2023 Last updated : 05/31/2024 audience: ITPro
This video shows the configuration steps described in this document.</br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE44NTr?autoplay=false]
-## Microsoft Entra ID external collaboration settings
+## Microsoft Entra External ID external collaboration settings
-Sharing in Microsoft 365 is governed at its highest level by the [B2B external collaboration settings in Microsoft Entra ID](/azure/active-directory/external-identities/delegate-invitations). If guest sharing is disabled or restricted in Microsoft Entra ID, this setting overrides any sharing settings that you configure in Microsoft 365.
+Sharing in Microsoft 365 is governed at its highest level by the [B2B external collaboration settings in Microsoft Entra External ID](/azure/active-directory/external-identities/delegate-invitations). If guest sharing is disabled or restricted in Microsoft Entra External ID, this setting overrides any sharing settings that you configure in Microsoft 365.
-Check the B2B external collaboration settings to ensure that sharing with guests isn't blocked.
+Check the external collaboration settings to ensure that sharing with guests isn't blocked.
![Screenshot of Microsoft Entra external collaboration settings page.](../media/azure-ad-organizational-relationships-settings.png) To set external collaboration settings
-1. Log in to Microsoft Entra ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
+1. Sign in to Microsoft Entra External ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
1. In the left navigation pane, expand **External identities**. 1. Select **External collaboration settings**. 1. Ensure that either **Member users and users assigned to specific admin roles can invite guest users including guests with member permissions** or **Anyone in the organization can invite guest users including guests and non-admins** is selected.
If you work with guests from multiple organizations, you might want to restrict
## Teams guest access settings
-Teams has an on/off switch for guest access and a variety of settings available to control what guests can do in a team. The **Allow guest access in Teams** setting must be **On** for guest access to work in Teams.
+Teams has an on/off switch for guest access and various settings available to control what guests can do in a team. The **Allow guest access in Teams** setting must be **On** for guest access to work in Teams.
Check to ensure that guest access is enabled in Teams and make any adjustment to the guest settings based on your business needs. Keep in mind that these settings affect all teams.
Check to ensure that guest access is enabled in Teams and make any adjustment to
To set Teams guest access settings
-1. Log in to the Microsoft 365 admin center at [https://admin.microsoft.com](https://admin.microsoft.com).
+1. Sign in to the Microsoft 365 admin center at [https://admin.microsoft.com](https://admin.microsoft.com).
1. In the left navigation pane, select **Show all**. 1. Under **Admin centers**, select **Teams**. 1. In the Teams admin center, in the left navigation pane select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2173122" target="_blank">**Guest access**</a>.
To set Microsoft 365 Groups guest settings
Teams content such as files, folders, and lists are all stored in SharePoint. In order for guests to have access to these items in Teams, the SharePoint organization-level sharing settings must allow for sharing with guests.
-The organization-level settings determine what settings are available for individual sites, including sites associated with teams. Site settings cannot be more permissive than the organization-level settings.
+The organization-level settings determine what settings are available for individual sites, including sites associated with teams. Site settings can't be more permissive than the organization-level settings.
If you want to allow file and folder sharing with unauthenticated people, choose **Anyone**. If you want to ensure that all guests have to authenticate, choose **New and existing guests**. Choose the most permissive setting that's needed by any site in your organization.
The default file and folder link settings determine the link option that's shown
Keep in mind that this setting affects all teams and SharePoint sites in your organization.
-Choose any one of the following link-types which will be selected by default when users share files and folders:
+Choose any one of the following link-types, which will be selected by default when users share files and folders:
-- **Anyone with the link** - Choose this option if you expect to do a lot of unauthenticated sharing of files and folders. If you want to allow *Anyone* links but are concerned about accidental unauthenticated sharing, consider one of the other options as the default. This link type is only available if you've enabled **Anyone** sharing.
+- **Anyone with the link** - Choose this option if you expect to do many unauthenticated sharing of files and folders. If you want to allow *Anyone* links but are concerned about accidental unauthenticated sharing, consider one of the other options as the default. This link type is only available if you've enabled **Anyone** sharing.
- **Only people in your organization** - Choose this option if you expect most file and folder sharing to be with people inside your organization.-- **Specific people** - Consider this option if you expect to do a lot of file and folder sharing with guests. This type of link works with guests and requires them to authenticate.
+- **Specific people** - Consider this option if you expect to do many file and folder sharing with guests. This type of link works with guests and requires them to authenticate.
![Screenshot of SharePoint organization-level files and folders sharing settings.](../media/sharepoint-organization-files-folders-sharing-settings.png)
To set the SharePoint organization-level default link settings
To set the permission for the sharing link, under **Choose the permission that's selected by default for sharing links.**
-1. Select **View** if you do not want users to make changes to the files and folders.
+1. Select **View** if you don't want users to make changes to the files and folders.
1. Select **Edit** if you want to allow users to make changes to the files and folders. Optionally, choose an expiration time for *Anyone* links.
To invite guests to a team
> [!NOTE] > Guests with a work or school account can only be invited by using their User Principal Name (UPN) (for example, adele@contoso.com). Inviting guests by using EAS ID, or other email formats, is not supported.
-## Related topics
+## Related articles
[Best practices for sharing files and folders with unauthenticated users](best-practices-anonymous-sharing.md)
To invite guests to a team
[Create a B2B extranet with managed guests](b2b-extranet.md)
-[SharePoint and OneDrive integration with Microsoft Entra B2B](/sharepoint/sharepoint-azureb2b-integration-preview)
+[SharePoint and OneDrive integration with Microsoft Entra External ID](/sharepoint/sharepoint-azureb2b-integration-preview)
solutions Collaborate In Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-in-site.md
Title: Collaborate with guests in a site (IT Admins)
Previously updated : 07/19/2023 Last updated : 05/31/2024 audience: ITPro
This video shows the configuration steps described in this document.</br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE44Llg?autoplay=false]
-## Microsoft Entra ID external collaboration settings
+## Microsoft Entra External ID external collaboration settings
-Sharing in Microsoft 365 is governed at its highest level by the [B2B external collaboration settings in Microsoft Entra ID](/azure/active-directory/external-identities/delegate-invitations). If guest sharing is disabled or restricted in Microsoft Entra ID, this setting overrides any sharing settings that you configure in Microsoft 365.
+Sharing in Microsoft 365 is governed at its highest level by the [external collaboration settings in Microsoft Entra External ID](/azure/active-directory/external-identities/delegate-invitations). If guest sharing is disabled or restricted in Microsoft Entra External ID, this setting overrides any sharing settings that you configure in Microsoft 365.
-Check the B2B external collaboration settings to ensure that sharing with guests is not blocked.
+Check the external collaboration settings to ensure that sharing with guests isn't blocked.
![Screenshot of Microsoft Entra External collaboration Settings page.](../media/azure-ad-organizational-relationships-settings.png) To set external collaboration settings
-1. Log in to Microsoft Entra ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
+1. Sign in to Microsoft Entra External ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
1. In the left navigation pane, expand **External identities**. 1. Select **External collaboration settings**. 1. Ensure that either **Member users and users assigned to specific admin roles can invite guest users including guests with member permissions** or **Anyone in the organization can invite guest users including guests and non-admins** is selected.
Modern SharePoint sites use Microsoft 365 Groups to control site access. The Mic
To set Microsoft 365 Groups guest settings 1. In the Microsoft 365 admin center, in the left navigation pane, expand **Settings**.
-1. Click **Org settings**.
-1. In the list, click **Microsoft 365 Groups**.
+1. Select **Org settings**.
+1. In the list, select **Microsoft 365 Groups**.
1. Ensure that the **Let group owners add people outside your organization to Microsoft 365 Groups as guests** and **Let guest group members access group content** check boxes are both checked.
-1. If you made changes, click **Save changes**.
+1. If you made changes, select **Save changes**.
## SharePoint organization-level sharing settings In order for guests to have access to SharePoint sites, the SharePoint organization-level sharing settings must allow for sharing with guests.
-The organization-level settings determine the settings that are available for individual sites. Site settings cannot be more permissive than the organization-level settings.
+The organization-level settings determine the settings that are available for individual sites. Site settings can't be more permissive than the organization-level settings.
If you want to allow unauthenticated file and folder sharing, choose **Anyone**. If you want to ensure that all people outside your organization have to authenticate, choose **New and existing guests**. Choose the most permissive setting that's needed by any site in your organization.
We'll invite users later. Next, it's important to check the site-level sharing s
Check the site-level sharing settings to make sure that they allow the type of access that you want for this site. For example, if you set the organization-level settings to **Anyone**, but you want all guests to authenticate for this site, then make sure the site-level sharing settings are set to **New and existing guests**.
-Note that the site cannot be shared with unauthenticated people (**Anyone** setting), but individual files and folders can.
+Note that the site can't be shared with unauthenticated people (**Anyone** setting), but individual files and folders can.
You can also use [sensitivity labels to control external sharing settings for SharePoint sites](../compliance/sensitivity-labels-teams-groups-sites.md).
Guest sharing settings are now configured, so you can start adding internal user
To invite internal users to a group 1. Navigate to the site where you want to add users.
-1. Select **Members** link in the upper right which denotes the member count.
+1. Select **Members** link in the upper right, which denotes the member count.
1. Select **Add members**. 1. Type the names or email addresses of the users that you want to invite to the site, and then select **Save**.
Guests can't be added to the Microsoft 365 group from the site. For information
[Create a B2B extranet with managed guests](b2b-extranet.md)
-[SharePoint and OneDrive integration with Microsoft Entra B2B](/sharepoint/sharepoint-azureb2b-integration-preview)
+[SharePoint and OneDrive integration with Microsoft Entra External ID](/sharepoint/sharepoint-azureb2b-integration-preview)
solutions Collaborate On Documents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-on-documents.md
Title: Collaborate with guests on a document (IT Admins)
Previously updated : 07/18/2023 Last updated : 05/31/2024 audience: ITPro
This video shows the configuration steps described in this document.</br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE450Vt?autoplay=false]
-## Microsoft Entra ID external collaboration settings
+## Microsoft Entra External ID external collaboration settings
-Sharing in Microsoft 365 is governed at its highest level by the [B2B external collaboration settings in Microsoft Entra ID](/azure/active-directory/external-identities/delegate-invitations). If guest-sharing is disabled or restricted in Microsoft Entra ID, this setting overrides any sharing settings that you configure in Microsoft 365.
+Sharing in Microsoft 365 is governed at its highest level by the [external collaboration settings in Microsoft Entra External ID](/azure/active-directory/external-identities/delegate-invitations). If guest-sharing is disabled or restricted in Microsoft Entra External ID, this setting overrides any sharing settings that you configure in Microsoft 365.
-Check the B2B external collaboration settings to ensure that sharing with guests is not blocked.
+Check the external collaboration settings to ensure that sharing with guests isn't blocked.
-![Screenshot of Microsoft Entra Organizational Relationships Settings page.](../media/azure-ad-organizational-relationships-settings.png)
+![Screenshot of Microsoft Entra External ID Organizational Relationships Settings page.](../media/azure-ad-organizational-relationships-settings.png)
To set external collaboration settings
-1. Log in to Microsoft Entra ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
+1. Sign in to Microsoft Entra External ID at [https://entra.microsoft.com/](https://entra.microsoft.com/).
1. In the left navigation pane, expand **External identities**. 1. Select **External collaboration settings**. 1. Ensure that either **Member users and users assigned to specific admin roles can invite guest users including guests with member permissions** or **Anyone in the organization can invite guest users including guests and non-admins** is selected.
If you work with guests from multiple organizations, you might want to restrict
In order for people outside your organization to have access to a document in SharePoint or OneDrive, the SharePoint and OneDrive organization-level sharing settings must allow for sharing with people outside your organization.
-The organization-level settings for SharePoint determine the settings that are available for individual SharePoint sites. Site settings cannot be more permissive than the organization-level settings. The organization-level setting for OneDrive determines the level of sharing that's available in users' OneDrive libraries.
+The organization-level settings for SharePoint determine the settings that are available for individual SharePoint sites. Site settings can't be more permissive than the organization-level settings. The organization-level setting for OneDrive determines the level of sharing that's available in users' OneDrive libraries.
For SharePoint and OneDrive, if you want to allow unauthenticated file and folder sharing, choose **Anyone**. If you want to ensure that people outside your organization have to authenticate, choose **New and existing guests**. *Anyone* links are the easiest way to share: people outside your organization can open the link without authentication and are free to pass it on to others.
For SharePoint, choose the most permissive setting that's needed by any site in
To set SharePoint organization-level sharing settings 1. In the SharePoint admin center, in the left navigation pane, under **Policies**, select <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a>.
-1. Ensure that external sharing for SharePoint or OneDrive is set to **Anyone** or **New and existing guests**. (Note that the OneDrive setting cannot be more permissive than the SharePoint setting.)
+1. Ensure that external sharing for SharePoint or OneDrive is set to **Anyone** or **New and existing guests**. (Note that the OneDrive setting can't be more permissive than the SharePoint setting.)
1. If you made changes, select **Save**. ## SharePoint organization-level default link settings
The default file and folder link settings determine the link option that's shown
Keep in mind that this setting affects SharePoint sites in your organization, as well as OneDrive.
-Choose a link from any of the following types which is then selected by default when users share files and folders:
+Choose a link from any of the following types, which is then selected by default when users share files and folders:
- **Anyone with the link** - Choose this option if you expect to do a lot of unauthenticated file and folder sharing. If you want to allow *Anyone* links but are concerned about accidental unauthenticated sharing, consider one of the other options as the default. This link type is only available if you've enabled **Anyone** sharing. - **Only people in your organization** - Choose this option if you expect most file and folder sharing to be with people inside your organization.-- **Specific people** - Consider this option if you expect to do a lot of file and folder sharing with guests. This type of link works with guests and requires them to authenticate.
+- **Specific people** - Consider this option if you expect to do many file and folder sharing with guests. This type of link works with guests and requires them to authenticate.
![Screenshot of SharePoint organization-level files and folders sharing settings.](../media/sharepoint-organization-files-folders-sharing-settings.png)
To set the SharePoint and OneDrive organization-level default link settings
1. Go to <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a> in the SharePoint admin center. 1. Under **File and folder links**, select the default sharing link that you want to use.
-1. If you made changes, click **Save**.
+1. If you made changes, select **Save**.
To set the permission for the sharing link, under **Choose the permission that's selected by default for sharing links.**
-1. Select **View** if you do not want users to make changes to the files and folders.
+1. Select **View** if you don't want users to make changes to the files and folders.
1. Select **Edit** if you want to allow users to make changes to the files and folders. Optionally, choose an expiration time for *Anyone* links. To set permissions for links that allow sharing with anyone
-1. Under the **These links can give these permissions:** sub-pane,
+1. Under the **These links can give these permissions:** subpane,
1. From the **Files** drop-down list, - Select **View and edit** if you want to allow unauthenticated users to make changes to the files.
- - Select **View** if you do not want unauthenticated users to make changes to the files.
+ - Select **View** if you don't want unauthenticated users to make changes to the files.
2. From the **Folders** drop-down list, - Select **View, edit, and upload** if you want to allow unauthenticated users to make changes to the folders.
- - Select **View** if you do not want unauthenticated users to make changes to the folders.
+ - Select **View** if you don't want unauthenticated users to make changes to the folders.
## SharePoint site-level sharing settings
Guest-sharing settings are now configured; so users can now share files and fold
[Limit accidental exposure to files when sharing with guests](share-limit-accidental-exposure.md)
-[SharePoint and OneDrive integration with Microsoft Entra B2B](/sharepoint/sharepoint-azureb2b-integration-preview)
+[SharePoint and OneDrive integration with Microsoft Entra External ID](/sharepoint/sharepoint-azureb2b-integration-preview)
syntex Autofill Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/autofill-overview.md
description: Learn about the autofill columns service in Microsoft Syntex.
# Overview of autofill columns in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out autofill columns and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out autofill columns and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
Autofill columns in Microsoft Syntex automatically extract, summarize, or generate content from files uploaded to a SharePoint document library. By using large language models (LLMs) through generative AI, autofill columns can save metadata automatically, streamlining the process of managing files and their associated information.
syntex Autofill Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/autofill-setup.md
Previously updated : 05/09/2024 Last updated : 06/12/2024 audience: admin
Before you can use autofill columns in Syntex, you must first link an Azure subs
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up autofill columns in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up autofill columns.
+ ## Set up autofill columns
By default, autofill columns is turned on for libraries in all SharePoint sites.
a. Choose which site or sites this service should be enabled for.
- b. To restrict user access to this service, under **Sites where autofill columns can be used when it's turned on**, select **Edit**. On the **Where can autofill columns be used?** panel, select **No sites** or **Selected sites (up to 100)** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.
+ b. To restrict user access to this service, under **Sites where autofill columns can be used when it's turned on**, select **Edit**. On the **Where can autofill columns be used?** panel, change the setting from **All sites** to **Selected sites (up to 100)** or **No sites**. For selected sites, follow the instructions to select the sites or upload a CSV listing of the sites. You can then manage site access permissions for the sites you selected.
c. Select **Save**.
syntex Content Assembly Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/content-assembly-setup.md
audience: admin Previously updated : 08/01/2023 Last updated : 06/12/2024
Before you can use content assembly in Syntex, you must first link an Azure subs
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up content assembly in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up content assembly.
+ ## Set up content assembly
syntex Content Assembly https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/content-assembly.md
description: Learn about how to create documents and other content using a moder
# Overview of content assembly in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out content assembly and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out content assembly and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
You can use the content assembly capabilities in Microsoft Syntex to help you automatically generate standard repetitive business documents, such as contracts, statements of work, service agreements, letters of consent, sales pitches, and correspondence. You can do all these actions quicker, more consistently, and with fewer errors by creating modern templates and using those templates to generate documents.
syntex Document Understanding Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/document-understanding-overview.md
description: Learn about the unstructured document processing model in Microsoft
# Overview of unstructured document processing in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out unstructured document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out unstructured document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
<!</br>
syntex Esignature Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/esignature-overview.md
description: Learn about SharePoint eSignature and how to send electronic signat
# Overview of SharePoint eSignature > [!NOTE]
-> Through June 2024, you can try out eSignature and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out eSignature and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
SharePoint eSignature simplifies the process of signing and sharing documents, while providing the security and compliance of Microsoft 365.
With SharePoint eSignature, you can quickly and securely send documents for sign
SharePoint eSignature uses simple electronic signatures. Determine whether this is appropriate for your needs and then read the [SharePoint eSignature terms of service](/legal/microsoft-365/esignature-terms-of-service). - ### Licensing Before you can use SharePoint eSignature, you must first link your Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). SharePoint eSignature is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md). Before you can enable SharePoint eSignature, an admin must [set up SharePoint eSignature](esignature-setup.md) in the Microsoft 365 admin center. - ### External sharing SharePoint eSignature enables binding agreements between parties by allowing guests access to SharePoint to electronically sign documents. Certain external sharing must be enabled at a tenant or site level to allow this access. For more information, see [Set up SharePoint eSignature for external recipients](esignature-setup.md#external-recipients). Consider whether this meets your compliance and security requirements when enabling eSignature. -- ## Release notes - Currently, SharePoint eSignature is rolling out to the US market. The feature rolls out to other regions later in 2024.
syntex Esignature Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/esignature-setup.md
Previously updated : 03/15/2024 Last updated : 06/12/2024 audience: admin
description: Learn how to set up and manage sites in SharePoint eSignature.
For US-located, multi-geo enabled tenants, eSignature will be available in the home geo only. > SharePoint eSignature will roll out to other regions later this year.
+The SharePoint eSignature service is set up in the Microsoft 365 admin center. Before you begin, determine whether this feature is appropriate for your needs by reading the [Before you begin section](esignature-overview.md#before-you-begin).
+ ## Prerequisites
-The SharePoint eSignature service is set up in the Microsoft 365 admin center. You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up SharePoint eSignature. Before you begin, determine whether this feature is appropriate for your needs by reading the [Before you begin section](esignature-overview.md#before-you-begin).
+### Licensing
+
+Before you can use SharePoint eSignature, you must first link an Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). Taxonomy tagging in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).
+
+### Permissions
+
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up SharePoint eSignature.
+ > [!NOTE] > If you will be requesting signatures from external recipients, you need to enable [Microsoft Entra B2B integration for SharePoint and OneDrive](/sharepoint/sharepoint-azureb2b-integration) and [guest sharing](/microsoft-365/solutions/collaborate-in-site). External recipients are people outside your organization and would be onboarded as guests into your tenant. Microsoft Entra B2B provides authentication and management of guests. For more information, see [External recipients](#external-recipients) later in this article.
syntex Feature Limited License https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/feature-limited-license.md
search.appverid: ms.localizationpriority: medium
-description: Read the Microsoft Syntex features limited time license to see the Syntex features available as a preview for all pay-as-you-go users on a limited time basis.
+description: Read the Microsoft Syntex features limited time license to see the Microsoft Syntex features available as a preview for all pay-as-you-go users on a limited time basis.
# Microsoft Syntex features limited time license
These license terms are an agreement between you and Microsoft Corporation (or o
**MICROSOFT OFFERING - MICROSOFT SYNTEX FEATURES**
-This License governs the limited time use of the following features, individually and collectively, and is referred to as ΓÇ£FeaturesΓÇ¥:
+This License governs the limited time use of the following features, individually and collectively, and is referred to as "Features":
&emsp;&emsp;i.&ensp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Content Query<br> &emsp;&emsp;ii.&ensp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Universal Annotation<br>
This License governs the limited time use of the following features, individuall
**REQUIREMENTS TO ENABLE THE FEATURES** &emsp;&emsp;a)&emsp;Customer must have a healthy Azure subscription connected to Microsoft Syntex<br>
-&emsp;&emsp;b)&emsp;A Microsoft 365 tenancy with either Microsoft 365 admin access or SharePoint Online admin access
+&emsp;&emsp;b)&emsp;A Microsoft 365 tenancy with either Microsoft 365 admin access or SharePoint admin access
**EVALUATION PERIOD**
-This Limited Time License is effective on your acceptance and terminates on the earlier of (i) 30 days following first general availability of a commercial release of the Features in a Microsoft product or a future Microsoft product or (ii) June 30, 2024.
+This Limited Time License is effective on your acceptance and terminates on the earlier of (i) 30 days following first general availability of a commercial release of the Features in a Microsoft product or a future Microsoft product or (ii) September 20, 2024.
-After the Evaluation Period, Microsoft reserves the right to require an additional SKU for these capabilities. You will not be billed for use during the Evaluation Period.
+After the Evaluation Period, Microsoft reserves the right to require an additional SKU for these capabilities. You won't be billed for use during the Evaluation Period.
**LICENSE**
-The Features are licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you will not (and have no right to):
+The Features are licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you won't (and have no right to):
**APPLICABLE LAW AND PLACE TO RESOLVE DISPUTES.**
syntex Form Processing Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/form-processing-overview.md
description: Learn how to use AI Builder to create structured or freeform docume
# Overview of structured and freeform document processing in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out structured and freeform document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out structured and freeform document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
<!</br>
syntex Image Tagging Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/image-tagging-overview.md
description: Learn about enhanced image tagging in Microsoft Syntex.
# Overview of enhanced image tagging in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out image tagging and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out image tagging and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
Microsoft Syntex makes it easier to find and manage images in SharePoint document libraries. It does this process by automatically tagging images with descriptive keywords using AI. These keywords are stored in a managed metadata column (the **Image Tags** column), which makes it easier to search, sort, filter, and manage the images. ![Screenshot of the library view showing the Image Tags column.](../media/content-understanding/image-tagger-image-tags-column-overview.png)
-The image tagging feature makes it even easier to tag images without any training, thereby reducing the need for manual tagging or custom AI model building. This result means you can quickly find images in your libraries and set up processes based on the tags for the images.
+The image tagging feature makes it even easier to tag images without any training, which means reducing the need for manual tagging or custom AI model building. This result means you can quickly find images in your libraries and set up processes based on the tags for the images.
## Requirements and limitations
syntex Image Tagging Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/image-tagging-setup.md
audience: admin Previously updated : 07/27/2023 Last updated : 06/12/2024
Before you can use image tagging in Syntex, you must first link an Azure subscri
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up image tagging in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up image tagging.
+ ## Set up image tagging
syntex Ocr Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr-overview.md
description: Learn about optical character recognition in Microsoft Syntex.
# Overview of optical character recognition in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out optical character recognition and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out optical character recognition and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
The optical character recognition (OCR) service in Microsoft Syntex lets you extract printed or handwritten text from images and documents. Examples of images include posters, drawings, and product labels. Examples of documents include articles, reports, forms, and invoices.
syntex Ocr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr.md
Previously updated : 10/16/2023 Last updated : 06/12/2024 audience: admin
The optical character recognition (OCR) service for Microsoft Syntex is set up i
### Licensing
-Before you can use the OCR service in Syntex, you must first link an Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). OCR in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).
+Before you can use the OCR service in Microsoft Syntex, you must first link an Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). OCR in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up the OCR service in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up the OCR service.
+ ## Set up optical character recognition
-After an [Azure subscription is linked to Microsoft Syntex](syntex-azure-billing.md), OCR will be automatically set up and enabled for all SharePoint sites for Syntex.
+After an [Azure subscription is linked to Microsoft Syntex](syntex-azure-billing.md), OCR will be automatically set up and enabled for all SharePoint sites for Microsoft Syntex.
### Set up data loss prevention policies using OCR
For more information, see [Learn about optical character recognition in Microsof
## Manage sites enabled for Syntex
-Follow these steps to manage which SharePoint sites have OCR enabled for Syntex in the Microsoft 365 admin center.
+Follow these steps to manage which SharePoint sites have OCR enabled for Microsoft Syntex in the Microsoft 365 admin center.
1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then select **Use content AI with Microsoft Syntex**.
Follow these steps to manage which SharePoint sites have OCR enabled for Syntex
b. To restrict user access to this service, select **No sites** or **Selected sites** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. Be sure to add your content center site if you want it to be included. You can then manage site access permissions for the sites you selected. c. Select **Save**.-
syntex Prebuilt Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/prebuilt-overview.md
description: Learn about prebuilt models in Microsoft Syntex.
# Overview of prebuilt document processing in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out prebuilt document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out prebuilt document processing and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
In addition to [custom models](model-types-overview.md#custom-models), Microsoft Syntex provides *prebuilt models* to automate the extraction of information.
syntex Prebuilt Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/prebuilt-setup.md
Before you can use prebuilt document processing in Syntex, you must first link a
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up prebuilt document processing in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up prebuilt document processing.
+ ## Set up prebuilt document processing
syntex Promo Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/promo-syntex.md
description: Learn how to try Microsoft Syntex services during a limited offerin
Microsoft Syntex (evolving to be SharePoint Premium) is a powerful tool that lets you do more with your documents. You can process, analyze, create, sign, manage, and enhance them with ease.
-Through June 2024, your organization can use included monthly capacity for some of these services when you set up [pay-as-you-go billing](syntex-azure-billing.md). It's a great way to try out Syntex capabilities, such as document processing, document tagging, and content assembly, to see how you can use them to streamline processes in your organization.
+Through June 2025, your organization can use included monthly capacity for some of these services when you set up [pay-as-you-go billing](syntex-azure-billing.md). It's a great way to try out Syntex capabilities, such as document processing, document tagging, and content assembly, to see how you can use them to streamline processes in your organization.
## Get started
syntex Structured Freeform Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/structured-freeform-setup.md
Previously updated : 08/08/2023 Last updated : 06/12/2024 audience: admin
Before you can use structured and freeform document processing in Syntex, you mu
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up structured and freeform document processing in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up structured and freeform document processing.
+ ## Set up structured and freeform document processing
syntex Syntex Azure Billing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-azure-billing.md
Title: Configure Microsoft Syntex for pay-as-you-go billing
Previously updated : 03/12/2024 Last updated : 06/12/2024 audience: admin
When you set up Microsoft Syntex billing in Azure, events will be sent to the Az
The following permissions are required to set up Microsoft Syntex billing: -- You must have Global Administrator or SharePoint Administrator permissions to be able to access the Microsoft 365 admin center and set up Syntex.
+- You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up Syntex.
+
+ [!INCLUDE [global-administrator-note](../includes/global-administrator-note.md)]
+ - You must have owner or contributor rights to the Azure subscription that you want to use for Microsoft Syntex billing. To configure Microsoft Syntex billing, follow these steps:
syntex Syntex Licensing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-licensing.md
More Syntex services will be added as they become available.
### Feature limited preview
-Pay-as-you-go licensing includes access to additional Syntex features for a limited time as a preview. You won't be charged on a pay-as-you-go basis during the preview. These features include:
+Pay-as-you-go licensing includes access to additional Syntex features for a limited time as a preview. The feature limited preview ends September 20, 2024. You won't be charged on a pay-as-you-go basis during the preview. These features include:
- Content query - Universal annotations
syntex Syntex Pay As You Go Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-pay-as-you-go-services.md
description: Learn about pay-as-you-go services and pricing for Microsoft Syntex
# Pay-as-you-go services and pricing for Microsoft Syntex > [!NOTE]
-> Through June 2024, if you have [pay-as-you-go billing](syntex-azure-billing.md) set up, your organization will receive a limited amount of included capacity each month for selected services, letting you try these services at no cost. This offering does not include capacity for Microsoft 365 Archive or Microsoft 365 Backup. For more information, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, if you have [pay-as-you-go billing](syntex-azure-billing.md) set up, your organization will receive a limited amount of included capacity each month for selected services, letting you try these services at no cost. This offering does not include capacity for Microsoft 365 Archive or Microsoft 365 Backup. For more information, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
-When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services are billed using Syntex meters in the Azure subscription that you specified when you set up Microsoft Syntex. The following table describes each meter, its pricing, and how it measures usage. When you connect your Azure subscription to Microsoft Syntex, users in your organization are able to take advantage of Syntex services right away. Your tenant is billed according to the details shown in this article.
+When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services are billed using Syntex meters in the Azure subscription that you specified when you set up Microsoft Syntex.
+
+The following table describes each meter, its pricing, and how it measures usage. When you connect your Azure subscription to Microsoft Syntex, users in your organization are able to take advantage of Syntex services right away. Your tenant is billed according to the details shown in this article.
+
+To help your organization in planning for pay-as-you-go services, you can use the [SharePoint cost calculator](https://aka.ms/SharePoint/PAYG-Calculator). This tool gives you a better understanding of your organizationΓÇÖs usage patterns and estimated costs so you can make more informed decisions.
|Service|What's counted?|What's billed? (USD)| |:-|:--|:-|
syntex Taxonomy Tagging Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/taxonomy-tagging-overview.md
description: Learn about taxonomy tagging in Microsoft Syntex.
# Overview of taxonomy tagging in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out taxonomy tagging and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out taxonomy tagging and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
Microsoft Syntex gives you the ability to automatically tag documents in SharePoint libraries with terms configured in your term store using AI. These terms are stored in a managed metadata column (also known as a taxonomy column) on the item, making the documents easier to search, sort, filter, and manage.
syntex Taxonomy Tagging Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/taxonomy-tagging-setup.md
audience: admin Previously updated : 08/31/2023 Last updated : 06/12/2024
Before you can use taxonomy tagging in Syntex, you must first link an Azure subs
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up taxonomy tagging in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up taxonomy tagging.
+ ## Set up taxonomy tagging
syntex Translation Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/translation-overview.md
description: Learn about the document translation service in Microsoft Syntex.
# Overview of document translation in Microsoft Syntex > [!NOTE]
-> Through June 2024, you can try out document translation and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
+> Through June 2025, you can try out document translation and other selected Syntex services at no cost if you have [pay-as-you-go billing](syntex-azure-billing.md) set up. For information and limitations, see [Try out Microsoft Syntex and explore its services](promo-syntex.md).
Microsoft Syntex lets you easily create a translated copy of a selected file or a set of files in a SharePoint document library. You can translate a file, while preserving the original format and structure of the file. Translation is available for all supported languages and dialects.
syntex Translation Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/translation-setup.md
Previously updated : 01/19/2024 Last updated : 06/12/2024 audience: admin
Before you can use translation in Syntex, you must first link an Azure subscript
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up translation in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up document translation.
+ ## Set up translation
By default, document translation is turned on for libraries in all SharePoint si
a. Choose which site or sites this service should be enabled for.
- b. To restrict user access to this service, under **Sites where document translation can be used when it's turned on**, select **Edit**. On the **Where can document translation be used?** panel, select **No sites** or **Selected sites (up to 100)** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.
+ b. To restrict user access to this service, under **Sites where document translation can be used when it's turned on**, select **Edit**. On the **Where can document translation be used?** panel, change the setting from **All sites** to **Selected sites (up to 100)** or **No sites**. For selected sites, follow the instructions to select the sites or upload a CSV listing of the sites. You can then manage site access permissions for the sites you selected.
c. Select **Save**.
syntex Unstructured Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/unstructured-setup.md
Previously updated : 07/12/2023 Last updated : 06/12/2024 audience: admin
Before you can use unstructured document processing in Syntex, you must first li
### Permissions
-You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up unstructured document processing in Syntex.
+You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up unstructured document processing.
+ ## Set up unstructured document processing
topics Add Topics App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/add-topics-app.md
Previously updated : 04/20/2023 Last updated : 01/01/2024 Title: Add the Topics app in the Teams Admin Center-+
topics Adoption Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/adoption-resources.md
Previously updated : 06/12/2023 Last updated : 01/01/2024 Title: Adoption resources for Topics-+
topics Changes Coming To Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/changes-coming-to-topics.md
Last updated 02/20/2024 Title: Changes coming to Topics-+
topics Create A Topic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/create-a-topic.md
Previously updated : 09/27/2023 Last updated : 01/01/2024 Title: Create a new topic in Topics-+
topics Curate A Topic In Multilingual https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/curate-a-topic-in-multilingual.md
Previously updated : 09/12/2023 Last updated : 01/01/2024 Title: Curate Multilingual topics in Topics-+ audience: admin
topics Edit A Topic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/edit-a-topic.md
Previously updated : 09/27/2023 Last updated : 01/01/2024 Title: Edit an existing topic in Topics-+ audience: admin
topics Export Topics Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/export-topics-powershell.md
Previously updated : 06/12/2023 Last updated : 01/01/2024 Title: Export topics created in Viva Engage with PowerShell-+
topics Faq Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/faq-topics.md
Previously updated : 07/17/2023 Last updated : 01/01/2024 Title: Frequently asked questions about Topics-+ audience: admin
The topics and metadata are updated incrementally as the changes are received in
### How does Topics work when discovering new topics?
-Topics builds an index similar to search, and relies on the SharePoint Online search crawler to keep the index up to date. The search crawler detects changes in SharePoint Online, performs basic parsing of various document formats; examples of this include files with the extensions: aspx, doc, docx, htm, html, mht, msg, one, pdf, ppt, pptx, pub, txt, xls, xlsx, visio. This list is subject to change as we learn more about what files are important to customers to include. Topics currently doesn't index image, video or audio file types. The file name, title, subject, author, last saved person, create date and its recent activities all play a role in contributing to the information used to discover topics. To inform suggestions for the topic description, people and resources, information from people and collaboration insights in the Microsoft Cloud that are available through [Microsoft Graph](/graph/overview) are used. Topics observes existing content security features in Microsoft 365.
+Topics builds an index similar to search, and relies on the SharePoint search crawler to keep the index up to date. The search crawler detects changes in SharePoint, performs basic parsing of various document formats; examples of this include files with the extensions: aspx, doc, docx, htm, html, mht, msg, one, pdf, ppt, pptx, pub, txt, xls, xlsx, visio. This list is subject to change as we learn more about what files are important to customers to include. Topics currently doesn't index image, video or audio file types. The file name, title, subject, author, last saved person, create date and its recent activities all play a role in contributing to the information used to discover topics. To inform suggestions for the topic description, people and resources, information from people and collaboration insights in the Microsoft Cloud that are available through [Microsoft Graph](/graph/overview) are used. Topics observes existing content security features in Microsoft 365.
Topics listens for changes in these documents, processing them for changes to the topics it has discovered. The main difference between Topics and search is that Topics builds a knowledge graph, not a full-text search index, making it possible to execute queries such as:
Topics index metadata and state are kept as long as the underlying content is pr
### Will data be decrypted or still be in encrypted form?
-All the data is kept within the Microsoft 365 compliance boundary, which is encrypted at rest and in transit. The content is decrypted when being processed. When the data is written to storage, it will be encrypted according to the tenant configuration.
+All the data is kept within the Microsoft Purview boundary, which is encrypted at rest and in transit. The content is decrypted when being processed. When the data is written to storage, it will be encrypted according to the tenant configuration.
### How does Topics protect security and compliance of content?
topics Get Started With Viva Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/get-started-with-viva-topics.md
Last updated 1/12/2024 Title: Learn about topics in Topics-+
topics Health Metrics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/health-metrics.md
Title: Adoption health metrics in Topics-+
search.appverid: MET150 ms.localizationpriority: medium description: Learn about healthy topic metrics in Topics. Previously updated : 11/20/2023 Last updated : 01/01/2024 # Adoption health metrics in Topics
topics Manage Topic Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/manage-topic-discovery.md
Previously updated : 04/20/2023 Last updated : 01/01/2024 Title: Manage topic discovery in Topics-+
description: Learn how to administer topic discovery in Topics.
# Manage topic discovery in Topics
-You can manage topic discovery settings in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator to perform these tasks.
+You can manage topic discovery settings in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a SharePoint administrator to perform these tasks.
## To access topics management settings
topics Manage Topic Visibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/manage-topic-visibility.md
Previously updated : 04/20/2023 Last updated : 01/01/2024 Title: Manage topic visibility in Topics-+
description: Learn how to administer topic visibility in Topics.
# Manage topic visibility in Topics
-You can manage who can see topic highlights, topic cards, and the topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator and Groups admin to do these tasks.
+You can manage who can see topic highlights, topic cards, and the topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a SharePoint administrator and Groups admin to do these tasks.
## To access topics management settings
topics Manage Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/manage-topics.md
Previously updated : 11/29/2023 Last updated : 01/01/2024 Title: Manage topics in the topic center in Topics-+
topics Merge Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/merge-topics.md
Previously updated : 08/23/2023 Last updated : 01/01/2024 Title: Merge topics in Topics-+ audience: admin
topics Plan Topic Experiences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/plan-topic-experiences.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Plan for Topics-+
Keep in mind that Topics needs access to the sites and files that your users use
## Requirements
-You must be [subscribed to Topics](https://www.microsoft.com/microsoft-viva/topics) and be either a global administrator or both SharePoint and Groups administrator to access the Microsoft 365 admin center and set up Topics.
+You must be [subscribed to Topics](https://www.microsoft.com/microsoft-viva/topics) and be both SharePoint and Groups administrator to access the Microsoft 365 admin center and set up Topics.
Assigning licenses is covered in [Set up Topics](set-up-topic-experiences.md). If you plan to assign licenses programmatically, be sure the users already have licenses for Microsoft 365 (for example, E3 or E5).
topics Rename Topic Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/rename-topic-center.md
Previously updated : 03/14/2023 Last updated : 01/01/2024 Title: Change the name of the topic center in Topics-+
description: Learn how to change the name of the topic center in Topics.
# Change the name of the topic center in Topics
-You can change the name of your topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator to perform these tasks.
+You can change the name of your topic center in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a SharePoint administrator to perform these tasks.
## Access topics management settings
topics Restrict Access To Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/restrict-access-to-topics.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Restrict access to topics in Topics-+
topics Save Topic As Draft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/save-topic-as-draft.md
Previously updated : 11/29/2021 Last updated : 01/01/2024 Title: Save a topic as a draft in Topics-+
topics Scale Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/scale-topics.md
Previously updated : 10/17/2023 Last updated : 01/01/2024 Title: Manage topics at scale in Topics-+
topics Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/search.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Use Microsoft Search to find topics in Topics-+
topics Set Up Topic Experiences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/set-up-topic-experiences.md
Previously updated : 10/6/2023 Last updated : 01/01/2024 Title: Set up and manage Topics-+
You can use the Microsoft 365 admin center to set up and configure [Topics](topi
It's important to plan the best way to set up and configure topics in your environment. Be sure to read [Plan for Topics](plan-topic-experiences.md) before you begin the procedures in this article.
-You must be [subscribed to a license that includes Topics](https://www.microsoft.com/microsoft-viva/topics) and be a global administrator, or both SharePoint administrator and groups administrator to access the Microsoft 365 admin center and set up Topics.
+You must be [subscribed to a license that includes Topics](https://www.microsoft.com/microsoft-viva/topics) and be both SharePoint administrator and groups administrator to access the Microsoft 365 admin center and set up Topics.
> [!IMPORTANT] > If you have configured SharePoint to [require managed devices](/sharepoint/control-access-from-unmanaged-devices), you must set up Topics from a managed device.
topics Sharepoint Taxonomy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/sharepoint-taxonomy.md
Title: Use SharePoint taxonomy terms to create topics in Topics-+ audience: admin Previously updated : 11/15/2021 Last updated : 01/01/2024 - m365initiative-viva-topics
topics Topic Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-center-overview.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Topic center overview in Topics-+
The topic center is created during Topics setup. After setup completes, an admin
On the topic center home page, you can see the topics in your organization to which you have a connection. -- Suggested connections - You will see topics listed under **We've listed you on these topics. Did we get it right?** These are topics in which your connection to the topic has been suggested through AI. For example, you might be an author of a related file or site. You are asked to confirm that you should stay listed as a related person for the topic.
+- Suggested connections - You will see topics listed under **We've listed you on these topics. Did we get it right?** These are topics in which your connection to the topic has been suggested through AI. For example, you might be an author of a related file or site. You're asked to confirm that you should stay listed as a related person for the topic.
![Screenshot of suggested topics in the topic center.](../media/knowledge-management/my-topics.png) -- Confirmed connections - These are topics in which you are pinned on the topic page or you've confirmed a suggested connection to the topic. Topics will move from the suggested to confirmed section when you confirm a suggested connection.
+- Confirmed connections - These are topics in which you're pinned on the topic page or you've confirmed a suggested connection to the topic. Topics will move from the suggested to confirmed section when you confirm a suggested connection.
![Screenshot of confirmed connections in the topic center.](../media/knowledge-management/my-topics-confirmed.png)
topics Topic Experiences Discovery Curation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-discovery-curation.md
Previously updated : 08/03/2023 Last updated : 01/01/2024 Title: Topic discovery and curation in Topics-+
topics Topic Experiences Get Ready https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-get-ready.md
Previously updated : 11/13/2023 Last updated : 01/01/2024 Title: Get your environment ready for Topics-+
topics Topic Experiences Knowledge Managers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-knowledge-managers.md
Previously updated : 07/11/2023 Last updated : 01/01/2024 Title: Knowledge managersΓÇöBuild and manage a knowledge base in Topics-+ audience: admin
topics Topic Experiences Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-overview.md
Previously updated : 05/04/2023 Last updated : 01/01/2024 Title: Topics overview-+
When you use Topics in your Microsoft 365 environment, your users will have the
- Knowledge managers: Users who guide topics through the topic lifecycle. Knowledge managers use the **Manage topics** page in the topic center to confirm AI-suggested topics, remove topics that are no longer relevant, as well as edit existing topics or create new ones, and are the only users who have access to it. Knowledge admins assign knowledge manager permissions to users through the Topics admin settings in the Microsoft 365 admin center. -- Knowledge admins: Admins set up Topics and manage it through the admin controls in the Microsoft 365 admin center. Currently, a Microsoft 365 global or SharePoint administrator can serve as a knowledge admin.
+- Knowledge admins: Admins set up Topics and manage it through the admin controls in the Microsoft 365 admin center. A SharePoint administrator can serve as a knowledge admin.
For more information, see [Topics roles](topic-experiences-roles.md).
For more information, see [Manage topics in the topic center](manage-topics.md).
## Admin controls
-Admin controls in the Microsoft 365 admin center allow you to manage Topics. They allow a Microsoft 365 global or SharePoint administrator to:
+Admin controls in the Microsoft 365 admin center allow you to manage Topics. They allow a Microsoft 365 SharePoint administrator to:
- Control which users in your organization are allowed to see topics in SharePoint modern pages or in SharePoint search results. - Control which SharePoint sites will be crawled to identify topics.
topics Topic Experiences Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-roles.md
Previously updated : 07/13/2023 Last updated : 01/01/2024 Title: Roles in Topics-+
Knowledge managers need to be able to coordinate with all Topics stakeholders in
## Topics admin
-Topics admins are admins who set up and configure Topics in your Microsoft 365 environment. They also manage the Topics settings after set up has completed. To administer Topics, you must be a Microsoft 365 global administrator, or a SharePoint administrator and Groups administrator, since setup and management are done in the Microsoft 365 admin center.
+Topics admins are admins who set up and configure Topics in your Microsoft 365 environment. They also manage the Topics settings after set up has completed. To administer Topics, you must be a SharePoint administrator and Groups administrator, since setup and management are done in the Microsoft 365 admin center.
During setup, Topics admins can configure Topics to:
topics Topic Experiences Security Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-security-privacy.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Security and privacy in Topics-+
topics Topic Experiences Security Trimming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-security-trimming.md
Previously updated : 11/15/2021 Last updated : 01/01/2024 Title: Security trimming in Topics-+
topics Topic Experiences Topic Contributors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-topic-contributors.md
Previously updated : 05/10/2022 Last updated : 01/01/2024 Title: Topic ContributorsΓÇöShare knowledge and expertise in Topics-+ audience: admin
topics Topic Experiences User Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-user-permissions.md
Previously updated : 04/20/2023 Last updated : 01/01/2024 Title: Manage topic permissions in Topics-+
description: Learn how to administer topic permissions in Topics.
# Manage topic permissions in Topics
-You can manage topic permissions settings in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a global administrator or SharePoint administrator to perform these tasks.
+You can manage topic permissions settings in the [Microsoft 365 admin center](https://admin.microsoft.com). You must be a SharePoint administrator to perform these tasks.
With topic permissions settings you can choose:
topics Topic Experiences Viva Engage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topic-experiences-viva-engage.md
Last updated 01/16/2024 Title: Topics in Viva Engage-+ audience: admin
topics Topics Adoption Getstarted https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-adoption-getstarted.md
Title: Get started driving adoption of Topics-+ Previously updated : 07/13/2023 Last updated : 01/01/2024 audience: admin
topics Topics Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-analytics.md
Previously updated : 11/21/2023 Last updated : 01/01/2024 Title: Analytics for Topics-+
topics Topics Card Viva Connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-card-viva-connections.md
Previously updated : 12/07/2023 Last updated : 01/01/2024 Title: Use Topics cards in the Viva Connections dashboard-+
topics Topics Changes Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-changes-faq.md
Last updated 02/20/2024 Title: Frequently asked questions about changes coming to Topics-+
topics Topics Engagement Metrics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-engagement-metrics.md
Last updated 1/9/2024 Title: Usage and engagement metrics in Topics-+
topics Topics Language Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-language-support.md
Previously updated : 08/14/2023 Last updated : 01/01/2024 Title: Supported languages in Topics-+ audience: admin
topics Topics Lightweight Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/topics-lightweight-management.md
Previously updated : 09/11/2023 Last updated : 01/01/2024 Title: Topics lightweight management in Viva Engage-+
topics Trial Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/trial-topics.md
Title: Run a trial of Topics-+ Previously updated : 11/15/2021 Last updated : 01/01/2024 audience: admin
Trials are publicly available from one of the following sources. These trials of
5. Select **Get free trial**. 6. Follow the remaining wizard steps to confirm the trial.
-You must be a Microsoft 365 global administrator or billing administrator to activate a trial.
+You must be a Microsoft 365 billing administrator to activate a trial.
> [!NOTE] >
You must be a Microsoft 365 global administrator or billing administrator to act
|Role|Activity| |||
-|Microsoft 365 global admin or billing admin|Activate the trial and assign licenses|
-|Microsoft 365 global admin or SharePoint admin|Configure Topics and create topic centers|
+|Microsoft 365 billing admin|Activate the trial and assign licenses|
+|Microsoft 365 SharePoint admin|Configure Topics and create topic centers|
|Business user|Perform knowledge manager, topic contributor, and topic consumer roles| ### Before you activate a trial
topics Where To Find Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/topics/where-to-find-topics.md
Previously updated : 05/04/2023 Last updated : 01/01/2024 Title: Where to find topics-+