Updates from: 06/18/2024 01:09:47
Category Microsoft Docs article Related commit history on GitHub Change details
admin Organizational Messages Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/organizational-messages-microsoft-365.md
As an admin, you can now connect with your organization through customized messa
To get started, go to [organizational messages in the Microsoft 365 admin center](https://aka.ms/organizationalmessagesportal). >[!NOTE]
-> The experience will start rolling out in preview on May 2, 2024.
+> The preview experiences will start rolling out in preview on May 2, 2024.
## What can I do with organizational messages?
If you have the Organizational Messages Writer Entra role as described above, yo
## Create a message
+> [!IMPORTANT]
+> Organizational messages delivers messages to end users within the time windows configured by admins via Microsoft 365 admin center experiences. However, occasionally, messages may not be delivered as expected due to system or user device conditions, such as urgent messages not being delivered to devices that are disconnected from the internet. In such instances, our system will continue trying to deliver messages as possible and appropriate.
+ Users with the Organizational Messages Writer Entra role described previously will have access to the **Create a message** button and capability in the centralized experience. Selecting this button will invoke the wizard, which includes these primary creation steps: - **Objective** for selecting the nature or purpose of your new message.
backup Backup 3P Pricing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/backup/storage/backup-3p-pricing.md
+
+ Title: Pricing model for Microsoft 365 Backup Storage (Preview)
+++
+audience: admin
+ Last updated : 06/13/2024+++
+search.appverid:
+
+ - essentials-get-started
+ms.localizationpriority: medium
+description: Learn about the charge model and pricing calculator for Microsoft 365 Backup Storage.
++
+# Microsoft 365 Backup Storage Charge Model (Preview)
+
+> [!NOTE]
+> This feature is currently in preview and subject to change.
+
+## Microsoft 365 Backup Storage charge model
+
+Usage of Microsoft 365 Backup Storage is billed to the application that has "controllership" of a end customer tenant's Microsoft 365 Backups. In other words, the application integrated with Microsoft 365 Backup Storage that is the master operator of a tenant's Backups will be charged for the user-facing Backup storage consumption. This is a [pay-as-you-go consumption-based service](/microsoft-365/syntex/syntex-pay-as-you-go-services). The preview list price is $0.07/GB/month of protected content.
+
+### WhatΓÇÖs counted towards protected backup storage?
+
+Microsoft 365 Backup Storage will charge application owners based on the content size of the following for the duration of Backup retention as calculated in the following manner:
+
+- Cumulative size of the mailboxes, SharePoint sites, and OneDrive accounts being protected. Size of OneDrive accounts and SharePoint sites are the size of the live OneDrive accounts and SharePoint sites as displayed in the live sitesΓÇÖ usage reports, plus the size of their recycle bins. Mailboxes are the size of the user's mailbox plus their online archives plus deleted items held for Backup.
+
+- Deleted content being held for restorability purposes via the Backup Storage platform will no longer count towards Backup Storage usage once they expire based on the retention period defined by the Backup tool (currently 365 days).
+
+> [!NOTE]
+> Restore points or size of restores will not be charged. There are no additional Azure API or storage costs beyond the Microsoft 365 Backup usage charges mentioned above.
+
+As an example, if you have a site under protection that is currently 1 GB for the first month, you'll be charged 1 GB of Backup usage. If you delete content in that site such that it's now only 0.5 GB, your next monthly bill will still be for 1 GB since the backup tool is retaining that deleted content for a year. After a year when the backup of that deleted content expires, the 0.5 GB being retained for backup purposes will no longer be charged for Backup.
+
+> [!NOTE]
+> These prices are subject to change when the product becomes generally available.
+
+## Pricing calculator
+
+The [Microsoft 365 Backup Storage pricing calculator](/microsoft-365/backup/backup-pricing.md#pricing-calculator) is a tool that helps you estimate the amount of backup storage and the costs that you'll incur to protect and back up your Microsoft 365 data.
+
+> [!NOTE]
+> The tool is not intended to provide an exact prediction of your backup consumption, but rather to give you an estimate based on your current usage reports that are forecasted for the next 24 months based on historical trends. The tool does not currently account for the size of the archive mailboxes or data in the second stage SharePoint recycle bins, though those can be estimated using PowerShell or looking at the general net growth of content in a tenant.
enterprise Configure Exchange Server For Hybrid Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md
HMA is a powerful feature that enhances the flexibility and security of accessin
In this section, we provide information and steps that need to be done to successfully configure and enable Hybrid Modern Auth in Microsoft Exchange Server.
+### Exchange Server specific prerequisites
+
+Your Exchange servers must fulfill the following requirements before Hybrid Modern Authentication can be configured and enabled. In case you have a hybrid configuration, you must run the latest Cumulative Update (CU) to be in a supported state. You can find the supported Exchange Server versions and build in the [Exchange Server supportability matrix](/exchange/plan-and-deploy/supportability-matrix#supported-versions-and-builds).
+
+- Make sure that there are no end-of-life Exchange servers in the organization.
+- Exchange Server 2016 must be running CU8 or later.
+- Exchange Server 2019 must be running CU1 or later.
+- Make sure that all servers can connect to the internet. If a proxy is required, [configure Exchange Server to use it](/powershell/module/exchange/set-exchangeserver#-internetwebproxy).
+- If you already have a hybrid configuration, make sure it's a classic hybrid deployment as modern hybrid doesn't support HMA.
+- Make sure that SSL Offloading is not used (it's unsupported). SSL Bridging, however, can be used and is supported.
+
+More information can also be found in the [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md) documentation.
+ ### Protocols that work with Hybrid Modern Auth Hybrid Modern Authentication works for the following Exchange Server protocols:
Hybrid Modern Authentication works for the following Exchange Server protocols:
To enable Hybrid Modern Authentication (HMA), you must ensure that your organization meets all necessary prerequisites. Additionally, you should confirm that your Office client is compatible with Modern Authentication. For more details, refer to the documentation on [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
-1. Make sure you meet the prerequisites before you begin. Since many prerequisites are common for both Skype for Business and Exchange Server, review them in [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md).
+1. Make sure you [meet the prerequisites](#exchange-server-specific-prerequisites) before you begin.
2. [Add on-premises web service URLs to Microsoft Entra ID](#add-on-premises-web-service-urls-as-spns-in-microsoft-entra-id). The URLs must be added as `Service Principal Names (SPNs)`. In case that your Exchange Server setup is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange Server on-premises.
To enable Hybrid Modern Authentication (HMA), you must ensure that your organiza
4. [Check for the EvoSTS Auth Server object](#confirm-the-evosts-auth-server-object-is-present).
-5. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid.
+5. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid. The [MonitorExchangeAuthCertificate script](https://aka.ms/MonitorExchangeAuthCertificate) script can be utilized to verify the validity of the OAuth certificate. In the event of its expiration, the script assists in the renewal process.
-6. Ensure that all user identities are synchronized with Microsoft Entra ID.
+6. Ensure that all user identities are synchronized with Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized. Accounts, such as the built-in Administrator, will never be synchronized with Microsoft Entra ID and, therefore, can't be used on any OAuth login once HMA has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts including the default administrator.
7. (Optional) If you want to use the Outlook for iOS and Android client, make sure to [allow the AutoDetect service to connect to your Exchange Server](#using-hybrid-modern-authentication-with-outlook-for-ios-and-android).
Run the commands that assign your on-premises web service URLs as Microsoft Entr
Update-MgServicePrincipal -ServicePrincipalId $x.Id -ServicePrincipalNames $ServicePrincipalUpdate ```
-6. Verify that your new records were added by running the `Get-MsolServicePrincipal` command from step 2 again, and validate the output. Compare the list from before to the new list of SPNs. You might also note down the new list for your records. If you're successful, you should see the two new URLs in the list. Going by our example, the list of SPNs now includes the specific URLs `https://mail.corp.contoso.com` and `https://owa.contoso.com`.
+6. Verify that your new records were added by running the `Get-MgServicePrincipal` command from step 4 again, and validate the output. Compare the list from before to the new list of SPNs. You might also note down the new list for your records. If you're successful, you should see the two new URLs in the list. Going by our example, the list of SPNs now includes the specific URLs `https://mail.corp.contoso.com` and `https://owa.contoso.com`.
## Verify virtual directories are properly configured
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate} ```
-If OAuth is missing from any server and any of the four virtual directories, you need to add it by using the relevant commands before proceeding ([Set-MapiVirtualDirectory](/powershell/module/exchange/set-mapivirtualdirectory), [Set-WebServicesVirtualDirectory](/powershell/module/exchange/set-webservicesvirtualdirectory), [Set-OABVirtualDirectory](/powershell/module/exchange/set-oabvirtualdirectory), and [Set-AutodiscoverVirtualDirectory](/powershell/module/exchange/set-autodiscovervirtualdirectory)).
+If OAuth is missing from any server and any of the five virtual directories, you need to add it by using the relevant commands before proceeding ([Set-MapiVirtualDirectory](/powershell/module/exchange/set-mapivirtualdirectory), [Set-WebServicesVirtualDirectory](/powershell/module/exchange/set-webservicesvirtualdirectory), [Set-OABVirtualDirectory](/powershell/module/exchange/set-oabvirtualdirectory), [Set-AutodiscoverVirtualDirectory](/powershell/module/exchange/set-autodiscovervirtualdirectory)), and [Set-ActiveSyncVirtualDirectory](/powershell/module/exchange/set-activesyncvirtualdirectory).
## Confirm the EvoSTS Auth Server Object is Present
Get-AuthServer | where {$_.Name -like "EvoSts*"} | ft name,enabled
Your output should show an AuthServer of the Name `EvoSts - <GUID>` and the `Enabled` state should be `True`. If that's not the case, you should download and run the most recent version of the [Hybrid Configuration Wizard](https://aka.ms/HybridWizard).
-In case that Exchange Server on-premises runs a hybrid configuration with **multiple tenants**, your output shows one AuthServer with the Name `EvoSts - <GUID>` for each tenant in hybrid with Exchange Server on-premises and the `Enabled` state should be `True` for all of these AuthServer objects.
+In case that Exchange Server on-premises runs a hybrid configuration with **multiple tenants**, your output shows one AuthServer with the Name `EvoSts - <GUID>` for each tenant in hybrid with Exchange Server on-premises and the `Enabled` state should be `True` for all of these AuthServer objects. Please make a note of the identifier `EvoSts - <GUID>`, as it will be required in the subsequent step.
## Enable HMA
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
If the Exchange Server on-premises version is Exchange Server 2016 (CU18 or higher) or Exchange Server 2019 (CU7 or higher) and hybrid was configured by the help of the HCW downloaded **after September 2020**, run the following command in the Exchange Server on-premises Management Shell (EMS). For the `DomainName` parameter, use the tenant domain value, which is usually in the form `contoso.onmicrosoft.com`: ```powershell
-Set-AuthServer -Identity "EvoSTS - {GUID}" -DomainName "Tenant Domain" -IsDefaultAuthorizationEndpoint $true
+Set-AuthServer -Identity "EvoSTS - <GUID>" -DomainName "Tenant Domain" -IsDefaultAuthorizationEndpoint $true
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true ``` In case Exchange Server on-premises is in hybrid with **multiple tenants**, there are multiple AuthServer objects present in the Exchange Server on-premises organizations with domains corresponding to each tenant. The `IsDefaultAuthorizationEndpoint` flag should be set to `True` for any one of these AuthServer objects. The flag can't be set to true for all the AuthServer objects and HMA would be enabled even if one of these AuthServer object `IsDefaultAuthorizationEndpoint` flag is set to true.
+> [!IMPORTANT]
+> When working with **multiple tenants** they must all be in the same cloud environment such as all in `Global` or all in `GCC`. They cannot exist in mix environments such as one tenant in `Global` and another one in `GCC`.
+ ## Verify
-Once you enable HMA, a client's next sign in will use the new auth flow. Just turning on HMA won't trigger a reauthentication for any client, and it might take a while for Exchange to pick up the new settings.
+Once you enable HMA, a client's next sign in will use the new auth flow. Just turning on HMA won't trigger a reauthentication for any client, and it might take a while for Exchange Server to pick up the new settings. This process does not necessitate the creation of a new profile.
You should also hold down the `CTRL` key at the same time you right-click the icon for the Outlook client (also in the Windows Notifications tray) and select `Connection Status`. Look for the client's SMTP address against an `AuthN` type of `Bearer\*`, which represents the bearer token used in OAuth.
It's recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory`
Restart-Service -Name W3SVC, WAS -Force ```
-10. To enable Hybrid Modern Authentication for `OWA` and `ECP`, you must first disable any other authentication method on these virtual directories. It's important to perform the configuration in the given order. Failing to do so may result in an error message during the command execution.<br><br>After running these commands, login to `OWA` and `ECP` will stop work until the OAuth authentication for those virtual directories has been activated. Ensure that all accounts are synchronized to Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized.<br>Accounts, such as the built-in Administrator, won't be synchronized with Microsoft Entra ID and, therefore, can't be used for administration once HMA for OWA and ECP has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts.<br><br>Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server:
+10. To enable Hybrid Modern Authentication for `OWA` and `ECP`, you must first disable any other authentication method on these virtual directories. It's important to perform the configuration in the given order. Failing to do so may result in an error message during the command execution.<br><br>Run these commands for each `OWA` and `ECP` virtual directory on each Exchange Server to disable all other authentication methods:
```powershell Get-OwaVirtualDirectory -Server <computername> | Set-OwaVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false Get-EcpVirtualDirectory -Server <computername> | Set-EcpVirtualDirectory -AdfsAuthentication $false ΓÇôBasicAuthentication $false ΓÇôFormsAuthentication $false ΓÇôDigestAuthentication $false ```
+ > [!IMPORTANT]
+ > Ensure that all accounts are synchronized to Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized.
+ > Accounts, such as the built-in Administrator, won't be synchronized with Microsoft Entra ID and, therefore, can't be used for administration once HMA for OWA and ECP has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts.
+ 11. Enable OAuth for the `OWA` and `ECP` virtual directory. It's important to perform the configuration in the given order. Failing to do so may result in an error message during the command execution. For each `OWA` and `ECP` virtual directory on every Exchange Server, these commands must be run: ```powershell
It's recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory`
If you want to use the Outlook for iOS and Android client together with Hybrid Modern Authentication, make sure to allow the AutoDetect service to connect to your Exchange Server on `TCP 443` (HTTPS): ```console
+<email_domain>.outlookmobile.com
+<email_domain>.outlookmobile.us
52.125.128.0/20 52.127.96.0/23 ```
syntex Promo Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/promo-syntex.md
You'll get a limited amount of usage each month during the offering period. The
|Service |Units |Monthly included capacity at no charge | ||||
+|Autofill columns | Pages | 100* |
|Content assembly | Documents | 50 | |Document translation | Characters | 1 million | |eSignature | Requests | 5 |
You'll get a limited amount of usage each month during the offering period. The
|Prebuilt document processing | Pages | 100 | |Structured document processing | Pages | 100 | |Taxonomy tagging | Documents | 50 |
-|Unstructured document processing | Pages | 100 |
+|Unstructured document processing | Pages | 100* |
+
+<sup>*The monthly included capacity for autofill columns is shared with unstructured document processing for a total of 100 pages.</sup>
Monthly usage over the limitations will be billed as described in [Pay-as-you-go services and pricing](syntex-pay-as-you-go-services.md). This offering doesn't include capacity for Microsoft 365 Archive and Microsoft 365 Backup. For ideas about how you might use Syntex services in your organization, see [Scenarios and use cases for Microsoft Syntex](adoption-scenarios.md) and [Get started driving adoption of Microsoft Syntex](adoption-getstarted.md).--
-<!
-This article describes how to set up and run a trial pilot program to deploy Microsoft Syntex in your organization. It also recommends best practices for the trial.
-
-## Sign up for a trial
-
-The trial of Syntex gives access to 300 users for 30 days.
-
-> [!NOTE]
-> Up to 300 users are included in the trial to ensure the automatic addition of 1 million AI Builder credits. You do not have to include 300 users for a trial to succeed.
-
-You can get the trial version from one of the following sources:
--- The [Syntex product page](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex?activetab=pivot:overviewtab)--- The [Microsoft 365 admin center](https://admin.microsoft.com)
- 1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com).
- 2. Go to **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">**Purchase Services**</a>.
- 3. Scroll down to the **Add-Ons** section.
- 4. On the Syntex tile, select **Details**.
- 5. Select **Start free trial**.
- 6. To confirm the trial, follow the remaining wizard steps.
-
-You must be a Microsoft 365 global administrator or billing administrator to activate a trial.
-
-### Who should be involved in a trial
-
-|Role|Activity|
-|||
-|Microsoft 365 global admin or billing admin|Activate the trial and assign licenses|
-|Microsoft 365 global admin or SharePoint admin|Configure Syntex and create content centers|
-|Business users|Model building and testing|
-
-### Before you activate a trial
-
-To successfully plan a Syntex trial, consider the following factors:
--- The most meaningful testing is completed on ΓÇ£real worldΓÇ¥ scenarios and data.-- You can only activate a Syntex trial once per tenant.-
-A test or demo tenant can be used as a ΓÇ£dry runΓÇ¥ to walk through the activation steps and administrative controls. But it's probably best to evaluate model building on a production tenant.
-
-To maximize the value of a trial on a production tenant, planning and business engagement are essential. You should engage one or more business areas to identify three to six use cases that could potentially be addressed by Syntex. These use cases should:
--- Include scenarios that could be solved by using either a custom model or a prebuilt model.--- Have a clear understanding of the purpose for any extracted metadata; for example, view formatting or automation by using Power Automate. While Syntex is focused on classifying documents and extracting metadata, the value to quantify is what this metadata enables.--- Be based on a defined set of data; for example, specific SharePoint sites or libraries. A common misconception of Syntex is that general purpose models can be applied across all organization content. A more accurate view is that models are built to help solve specific business problems in targeted locations.-
-All of these use cases might not be a good fit for Syntex. The goal of a quality trial isn't to prove that Syntex will fit all the scenarios. Instead, the trial should help you better understand the value of the product.
-
-For each of the planned use cases, identify users who are subject matter experts in the related content or process. The creation of Syntex models is focused on domain experts in the content, rather than on IT professionals or developer resources.
-
-## Activate a trial
-
-When you initiate a trial, you need to:
--- Assign licenses to the relevant users.-- Perform [additional setup of Syntex](set-up-content-understanding.md).
- - You might want to [create more content centers](create-a-content-center.md).
-
-After the trial is activated, you can create models and process files. See [guidance for model creation](create-a-content-center.md).
-
-## During a trial
-
-Trial periods are limited, so it's best to focus initially on whether Syntex models can classify documents and extract metadata for the defined use cases. After the trial period is over, you can evaluate how the metadata can be used.
-
-## After a trial
-
-Based on the outcome of the trial, you can decide whether to proceed to production use of Syntex.
-
-### Proceed to production use
-
-To ensure continuity of service, you need to purchase the required number of [licenses](syntex-licensing.md) and assign those licenses to users. Trial users who don't have a full license at the end of the trial period won't be able to fully use Syntex.
-
-You might have to estimate your projected use of structured document processing or freeform document processing models, and plan for the expected number of AI Builder credits. For help, see [Estimate the AI Builder capacity that's right for you](https://powerapps.microsoft.com/ai-builder-calculator/).
-
-### Don't proceed to production use
-
-If you don't purchase licenses following the trial:
--- You won't be able to create new models.--- Libraries that were running models will no longer automatically classify files or extract models.--- Any previously classified files or extracted metadata won't be affected.--- Content centers and any models in them won't be automatically deleted. These will remain available for use if you decide to purchase licenses in the future.--- Structured document processing or freeform document processing models will be stored in the Dataverse (formerly named Common Data Service (CDS)) instance of the default Power Platform environment. These could be used with future licensing for Syntex or with AI Builder capabilities in the Power Platform.-
-## See also
-
-[Get started driving adoption of Microsoft Syntex](adoption-getstarted.md)
-
-[Scenarios and use cases for Microsoft Syntex](adoption-scenarios.md)>
syntex Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/set-up-content-understanding.md
For an overview of licensing options for Microsoft Syntex, see [Licensing for Mi
## Plan for per-user licenses
-To use Microsoft Syntex per-user licensing, your organization must have a subscription to Syntex, and each user must have a license assigned. Licenses include the following apps, which must all be assigned:
+To use Microsoft Syntex per-user licensing, your organization must have a subscription to Microsoft Syntex, and each user must have a license assigned. Licenses include the following apps, which must all be assigned:
-- Syntex-- Syntex - SPO type-- Common Data Service for Syntex
+- Microsoft Syntex
+- Microsoft Syntex - SPO type
+- Common Data Service for Microsoft Syntex
-To use structured document processing or freeform document processing models, you also need AI Builder credits. For each licensed user of Syntex, an allocation of AI Builder credits is provided each month.
+To use structured document processing or freeform document processing models, you also need AI Builder credits. For each licensed user of Microsoft Syntex, an allocation of AI Builder credits is provided each month.
Consider the following before you start: -- In which SharePoint sites will you enable document processing? All of them, some, or select sites?
+- In which SharePoint sites will you enable structured document processing? All of them, some, or select sites?
- What will you name your default content center? You can change your settings after initial setup in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
Prior to setup, make sure to plan for the best way to set up and configure conte
## Requirements > [!NOTE]
-> You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up Syntex.
+> You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to be able to access the Microsoft 365 admin center and set up Syntex.
+ As an admin, you can also make changes to your selected settings anytime after setup, and throughout the content understanding management settings in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
syntex Use Content Center Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/use-content-center-site.md
The content center site can be provisioned from the [SharePoint look book servic
![Screenshot of the content center site template provisioning page.](../media/content-understanding/content-center-site-provisioning-page.png) > [!NOTE]
-> You must be a global administrator or SharePoint administrator in Microsoft 365 to provision the site.
+> You must be a [SharePoint Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) to provision the site.
+ 1. From the main page of the [SharePoint look book](https://lookbook.microsoft.com/), on the **View the designs** menu, select **Syntex** > **Syntex content center**.