Updates from: 07/17/2024 02:16:52
Category Microsoft Docs article Related commit history on GitHub Change details
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
f1.keywords:
Previously updated : 02/18/2020 Last updated : 07/11/2024 audience: Admin
- highpri - M365-subscription-management - Adm_O365
+- must-keep
search.appverid: - BCS160 - MET150
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
Some invoices are generated within 24 hours of the purchase. Other invoices are
### How do I pay the amount due on my invoice?
-Payment instructions depend on your payment method and are provided at the bottom of the invoice PDF. If your payment method is a credit or debit card, we automatically charge the card within 10 days of the invoice date. If your payment method is by wire transfer, see the information under **Payment Instructions** in the PDF.
+Payment instructions depend on your payment method and are provided at the bottom of the invoice PDF. If your payment method is a credit or debit card, we automatically charge the card within 10 days of the invoice date. If your payment method is by electronic payment (wire transfer, SEPA, and so on), see the information under **Payment Instructions** in the PDF.
### What's the difference between "Sold to" and "Bill to" addresses?
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
If you pay by credit card, you see "Please DO NOT PAY. You will be charged the a
### Wire transfer
-If you chose "invoice" as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire transfer, ACH, SEPA, and so on). Usually, your bank has a reference field that you complete when you send a payment. Make sure that you reference the invoice number in that field.
+If you chose "invoice" as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire transfer, SEPA, and so on). Usually, your bank has a reference field that you complete when you send a payment. Make sure that you reference the invoice number in that field.
### Support
commerce Use Cost Mgmt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/use-cost-mgmt.md
- admindeeplinkMAC search.appverid: MET150 description: "Learn how to use the cost management feature in the Microsoft 365 admin center to view, analyze, and manage costs for your organization." Previously updated : 03/09/2022 Last updated : 07/16/2024 # Use Cost management in the Microsoft 365 admin center
-If you're a Global or Billing admin with a Microsoft Customer Agreement (MCA), you can use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2201187" target="_blank">Cost management</a> page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
+If you have a Microsoft Customer Agreement (MCA) billing account type, you can use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2201187" target="_blank">Cost management</a> page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
## Before you begin
-You must be a Global or Billing admin to do the steps described in this article. For more information, see [About admin roles](../admin/add-users/about-admin-roles.md).
+- [Find out what type of billing account you have](manage-billing-accounts.md#view-my-billing-accounts).
+- You must have a Microsoft Customer Agreement (MCA) billing account type and have any billing account role, or any billing profile role to use the features described in this article. For information about billing account roles, see [What are billing account roles?](manage-billing-accounts.md#what-are-billing-account-roles). For information about billing profile roles, see [What are billing profile roles?](billing-and-payments/manage-billing-profiles.md#what-are-billing-profile-roles)
## What is cost management?
Cost management is a methodology used to plan and control an organization's budg
## Understand your costs
-You can use Microsoft 365 billing features to review your invoiced costs and manage access to billing information. In larger organizations, procurement and finance teams usually conduct billing tasks.
+You can use cost management features to review your invoiced costs and manage access to billing information. In larger organizations, procurement and finance teams usually conduct billing tasks.
-When you sign up to use Microsoft 365, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. It's possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
+When you sign up to use a Microsoft 365 for business product, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. It's possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
## Plan and control costs
Cost management in the Microsoft 365 admin center helps you plan for and control
## View costs
-The **Cost management** page in the admin center has a **Services** tab where you can see the breakdown of the different products and services you're using today.
--
-Use the **Services** tab to see the list of all services being used during the selected period. The chart on the page breaks down the costs daily for the top 10 services. Use the date picker to look back at historical costs and use different date ranges to compare cost trends.
+The **Cost management** page in the admin center has a default tab with a link to the **Products + Services** smart view where you can see the breakdown of the products and services used during the selected period. The chart on the page breaks down the daily costs for the top services. Use the date picker to look back at historical costs and use different date ranges to compare cost trends.
## Download costs
Select **Download** to download your daily cost data into a CSV or Excel file. Y
## Create budgets
-Budgets let you monitor your charges and ensure you're aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The quick budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget.
--
-To customize the budget, select **Configure advanced settings**. You can give your budget a name and change the budget frequency. You can also set up a monthly, quarterly, or annual budget, and choose the period for which budget notifications are sent.
+Budgets let you monitor your charges and ensure you're aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget. To create a budget, select **create**, enter a threshold amount, then select **Save**.
+To customize the budget, select **Configure advanced settings**. You can give your budget a name and change the threshold amount. You can also set up a monthly, quarterly, or annual budget, and choose the period for which budget notifications are sent.
## Related content
enterprise Configure Exchange Server For Hybrid Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md
In comparison to legacy authentication methods such as NTLM, HMA offers several
HMA is a powerful feature that enhances the flexibility and security of accessing on-premises applications, leveraging the power of cloud-based authentication. It represents a significant improvement over legacy authentication methods, offering enhanced security, flexibility, and user convenience.
+## Steps to follow to configure and enable Hybrid Modern Auth
+
+To enable Hybrid Modern Authentication (HMA), you must ensure that your organization meets all necessary prerequisites. Additionally, you should confirm that your Office client is compatible with Modern Authentication. For more details, refer to the documentation on [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
+
+1. Make sure you [meet the prerequisites](#exchange-server-specific-prerequisites) before you begin.
+
+2. [Add on-premises web service URLs to Microsoft Entra ID](#add-on-premises-web-service-urls-as-spns-in-microsoft-entra-id). The URLs must be added as `Service Principal Names (SPNs)`. In case that your Exchange Server setup is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange Server on-premises.
+
+3. [Ensure that all virtual directories are enabled for HMA](#verify-virtual-directories-are-properly-configured). If you want to configure [Hybrid Modern Authentication for Outlook on the Web (OWA) and Exchange Control Panel (ECP)](#enable-hybrid-modern-authentication-for-owa-and-ecp), it's important to also verify the respective directories.
+
+4. [Check for the EvoSTS Auth Server object](#confirm-the-evosts-auth-server-object-is-present).
+
+5. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid. The [MonitorExchangeAuthCertificate script](https://aka.ms/MonitorExchangeAuthCertificate) script can be utilized to verify the validity of the OAuth certificate. In the event of its expiration, the script assists in the renewal process.
+
+6. Ensure that all user identities are synchronized with Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized. Accounts, such as the built-in Administrator, will never be synchronized with Microsoft Entra ID and, therefore, can't be used on any OAuth login once HMA has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts including the default administrator.
+
+7. (Optional) If you want to use the Outlook for iOS and Android client, make sure to [allow the AutoDetect service to connect to your Exchange Server](#using-hybrid-modern-authentication-with-outlook-for-ios-and-android).
+
+8. [Enable HMA in Exchange on-premises](#enable-hma).
+
+<a name='add-on-premises-web-service-urls-as-spns-in-azure-ad'></a>
+ ## Prerequisites to enable Hybrid Modern Auth In this section, we provide information and steps that need to be done to successfully configure and enable Hybrid Modern Auth in Microsoft Exchange Server.
Hybrid Modern Authentication works for the following Exchange Server protocols:
|IMAP|No| |POP|No|
-### Steps to follow to configure and enable Hybrid Modern Auth
-
-To enable Hybrid Modern Authentication (HMA), you must ensure that your organization meets all necessary prerequisites. Additionally, you should confirm that your Office client is compatible with Modern Authentication. For more details, refer to the documentation on [How modern authentication works for Office 2013 and Office 2016 client apps](modern-auth-for-office-2013-and-2016.md).
-
-1. Make sure you [meet the prerequisites](#exchange-server-specific-prerequisites) before you begin.
-
-2. [Add on-premises web service URLs to Microsoft Entra ID](#add-on-premises-web-service-urls-as-spns-in-microsoft-entra-id). The URLs must be added as `Service Principal Names (SPNs)`. In case that your Exchange Server setup is in hybrid with **multiple tenants**, these on-premises web service URLs must be added as SPNs in the Microsoft Entra ID of all the tenants, which are in hybrid with Exchange Server on-premises.
-
-3. [Ensure that all virtual directories are enabled for HMA](#verify-virtual-directories-are-properly-configured). If you want to configure [Hybrid Modern Authentication for Outlook on the Web (OWA) and Exchange Control Panel (ECP)](#enable-hybrid-modern-authentication-for-owa-and-ecp), it's important to also verify the respective directories.
-
-4. [Check for the EvoSTS Auth Server object](#confirm-the-evosts-auth-server-object-is-present).
-
-5. Ensure that the [Exchange Server OAuth certificate](/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate) is valid. The [MonitorExchangeAuthCertificate script](https://aka.ms/MonitorExchangeAuthCertificate) script can be utilized to verify the validity of the OAuth certificate. In the event of its expiration, the script assists in the renewal process.
-
-6. Ensure that all user identities are synchronized with Microsoft Entra ID, especially all accounts, which are used for administration. Otherwise, the login stops working until they're synchronized. Accounts, such as the built-in Administrator, will never be synchronized with Microsoft Entra ID and, therefore, can't be used on any OAuth login once HMA has been enabled. This behavior is due to the `isCriticalSystemObject` attribute, which is set to `True` for some accounts including the default administrator.
-
-7. (Optional) If you want to use the Outlook for iOS and Android client, make sure to [allow the AutoDetect service to connect to your Exchange Server](#using-hybrid-modern-authentication-with-outlook-for-ios-and-android).
-
-8. [Enable HMA in Exchange on-premises](#enable-hma).
-
-<a name='add-on-premises-web-service-urls-as-spns-in-azure-ad'></a>
- ## Add on-premises web service URLs as SPNs in Microsoft Entra ID Run the commands that assign your on-premises web service URLs as Microsoft Entra SPNs. SPNs are used by client machines and devices during authentication and authorization. All the URLs that might be used to connect from on-premises to Microsoft Entra ID must be registered in Microsoft Entra ID (including both internal and external namespaces).
Run the commands that assign your on-premises web service URLs as Microsoft Entr
```powershell $x = Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
- $ServicePrincipalUpdate = @(
- "https://mail.corp.contoso.com/","https://owa.contoso.com/"
- )
- Update-MgServicePrincipal -ServicePrincipalId $x.Id -ServicePrincipalNames $ServicePrincipalUpdate
+ $x.ServicePrincipalNames += "https://mail.corp.contoso.com/"
+ $x.ServicePrincipalNames += "https://owa.contoso.com/"
+ Update-MgServicePrincipal -ServicePrincipalId $x.Id -ServicePrincipalNames $x.ServicePrincipalNames
``` 6. Verify that your new records were added by running the `Get-MgServicePrincipal` command from step 4 again, and validate the output. Compare the list from before to the new list of SPNs. You might also note down the new list for your records. If you're successful, you should see the two new URLs in the list. Going by our example, the list of SPNs now includes the specific URLs `https://mail.corp.contoso.com` and `https://owa.contoso.com`.
It's recommended to document the `OwaVirtualDirectory` and `EcpVirtualDirectory`
Connect-Graph -Scopes User.Read, Application.ReadWrite.All ```
-4. Specify your `OWA` and `ECP` URLs:
-
- ```powershell
- $replyUrlsToBeAdded = @(
- "https://YourDomain.contoso.com/owa","https://YourDomain.contoso.com/ecp"
- )
- ```
-
-5. Update your application with the reply URLs:
+4. Specify your `OWA` and `ECP` URLs and update your application with the reply URLs:
```powershell $servicePrincipal = Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'"
- $servicePrincipal.ReplyUrls += $replyUrlsToBeAdded
+ $servicePrincipal.ReplyUrls += "https://YourDomain.contoso.com/owa"
+ $servicePrincipal.ReplyUrls += "https://YourDomain.contoso.com/ecp"
Update-MgServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AppId "00000002-0000-0ff1-ce00-000000000000" -ReplyUrls $servicePrincipal.ReplyUrls ```
-6. Verify that the reply URLs have been added successfully:
+5. Verify that the reply URLs have been added successfully:
```powershell (Get-MgServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'").ReplyUrls ```
-7. To enable Exchange Server on-premises ability to perform Hybrid Modern Authentication, follow the steps outlined in the [Enable HMA](#enable-hma) section.
-
-8. (Optional) Only required if [Download Domains](/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains) are used:
+6. To enable Exchange Server on-premises ability to perform Hybrid Modern Authentication, follow the steps outlined in the [Enable HMA](#enable-hma) section.
+7. (Optional) Only required if [Download Domains](/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-download-domains) are used:
Create a new global setting override by running the following commands from an elevated Exchange Management Shell (EMS). Run these commands on one Exchange Server:
enterprise M365 Dr Workload Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-spo.md
Followed sites and groups show up in the user's OneDrive regardless of their _Ge
Users are sent to the Delve _Geography_ corresponding to their PDL only after their OneDrive has been moved to the new _Geography_.
-### **Move a SharePoint site**
+### **Move a SharePoint site or SharePoint Embedded container site**
-#### **Move a SharePoint site to a different _Geography_ location**
+#### **Move a SharePoint site or SharePoint Embedded container site to a different _Geography_ location**
-With SharePoint site _Geography_ move, you can move SharePoint sites to other _Geography_ locations within your Multi-Geo environment.
+With SharePoint site _Geography_ move, you can move SharePoint sites and SharePoint Embedded container sites to other _Geography_ locations within your Multi-Geo environment.
The following types of site can be moved between _Geography_ locations: - Microsoft 365 group-connected sites, including those sites associated with Microsoft Teams - Modern sites without a Microsoft 365 group association - Classic SharePoint sites - Communication sites
+- SharePoint Embedded container sites (excluding those where the owner is a group)
> [!NOTE] > You must be a SharePoint Administrator to move a site between _Geography_ locations.
Start-SPOSiteContentMove -SourceSiteUrl <SourceSiteUrl> -ValidationOnly -Destina
This returns _Success_ if the site is ready to be moved or _Fail_ if any of blocked conditions are present.
-#### **Start a SharePoint site _Geography_ move for a site with no associated Microsoft 365 group**
+#### **Start a SharePoint site _Geography_ move for a site with no associated Microsoft 365 group or a SharePoint Embedded container site**
By default, initial URL for the site will change to the URL of the destination _Geography_ location. For example:
For sites with no Microsoft 365 group association, you can also rename the site
`https://Contoso.sharepoint.com/sites/projectx` to `https://ContosoEUR.sharepoint.com/sites/projecty`
+This capability to rename the site as part of the move is not applicable for SharePoint Embedded container sites.
+ To start the site move without renaming the site, run: ```powershell Start-SPOSiteContentMove -SourceSiteUrl <siteURL> -DestinationDataLocation <DestinationDataLocation> ```
-And to start the site move while also renaming the site, run:
+To get the SourceSiteUrl for a SharePoint Embedded container site, you must use the SharePoint Embedded admin cmdlets. You can use the `Get-SPOContainer` PowerShell cmdlet and pass the container ID as the `-Identity` parameter to determine the site URL of a specific container.
+
+If the SharePoint Embedded container site is owned by an individual user, the container site can only be moved to the geography matching the Preferred Data Location (PDL) of the user.
+
+And to start the site move while also renaming the site (excluding SharePoint Embedded container sites), run:
```powershell Start-SPOSiteContentMove -SourceSiteUrl <siteURL> -DestinationUrl <DestinationSiteURL>
You can stop a SharePoint site _Geography_ move, provided the move isn't in prog
You can determine the status of a site move in our out of the _Geography_ that you're connected to by using the following cmdlets: -- [Get-SPOSiteContentMoveState](/powershell/module/sharepoint-online/get-spositecontentmovestate) (non-Group-connected sites)
+- [Get-SPOSiteContentMoveState](/powershell/module/sharepoint-online/get-spositecontentmovestate) (non-Group-connected sites and SharePoint Embedded container sites)
- [Get-SPOUnifiedGroupMoveState](/powershell/module/sharepoint-online/get-spounifiedgroupmovestate) (Group-connected sites) Use the `-SourceSiteUrl` parameter to specify the site for which you want to see move status.
The move statuses are described in the following table.
|InProgress (n/4)|The move is in progress in one of the following states: Validation (1/4), Back up (2/4), Restore (3/4), Cleanup (4/4).| |Success|The move completed successfully.| |Failed|The move failed.|
-|
You can also apply the `-Verbose` option to see additional information about the move.
frontline Flw Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-devices.md
The following table lists some of the most common app launchers available today
|App launcher |Capabilities| |-|| |Managed Home Screen |Use Managed Home Screen when you want your users to have access to a specific set of apps on your Intune-enrolled dedicated devices. Because Managed Home Screen can be automatically launched as the default home screen on the device and appears to the user as the only home screen, itΓÇÖs useful in shared devices scenarios when a locked-down experience is required. [Learn more](/mem/intune/apps/app-configuration-managed-home-screen-app).|
-|VMware Workspace ONE Launcher |If youΓÇÖre using VMware, the Workspace ONE Launcher is the best tool to curate a set of apps that your frontline needs to access. VMware Workspace ONE Launcher doesnΓÇÖt currently support shared device mode for global sign and global sign out from the launcher. Therefore, frontline workers need to sign in and sign out of Teams upon each use. [Learn more](https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/Launcher_Publication/GUID-AWLAUNCHERINTRO.html).|
+|VMware Workspace ONE Launcher |If youΓÇÖre using VMware, the Workspace ONE Launcher is a tool to curate a set of apps that your frontline needs to access. VMware Workspace ONE Launcher doesnΓÇÖt currently support shared device mode. [Learn more](https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/Launcher_Publication/GUID-AWLAUNCHERINTRO.html).|
|SOTI|If youΓÇÖre using SOTI, the SOTI app launcher is the best tool to curate a set of apps that your frontline needs to access. The SOTI app launcher supports shared device mode today.| |BlueFletch|[BlueFletch Launcher](https://docs.bluefletch.com/bluefletch-enterprise/product-guides/bluefletch-launcher) can be used on devices, regardless of your MDM solution. BlueFletch supports shared device mode today. [Learn more](https://soti.net/mc/help/v2024.0/en/console/system/microsoft_365_integration/change_device_reg_to_shared_mode_in_azure.html). | |Custom app launcher |If you want a fully customized experience, you can build out your own custom app launcher. You can integrate your launcher with shared device mode so that your users only need to sign in and out once. |
loop Loop Compliance Summary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-compliance-summary.md
Where the Loop content was originally created determines its storage location:
|EUDB |**EUDB** compliant - [What is the EU Data Boundary?](/privacy/eudb/eu-data-boundary-learn)|**EUDB** compliant - [What is the EU Data Boundary?](/privacy/eudb/eu-data-boundary-learn)| |***Data Security, Devices***||| |Intune |Basic **Intune** [Device Management Support](/mem/intune/remote-actions/device-management) exists for Loop app on iOS and Android.|Basic **Intune** [Device Management Support](/mem/intune/remote-actions/device-management) exists for Loop app on iOS and Android.|
-|Conditional Access |**[Conditional Access](/sharepoint/control-access-from-unmanaged-devices)** is supported. See [manual initialization](#manually-initializing-microsoft-loop-app-for-conditional-access-management-in-microsoft-entra) for Microsoft Entra support.|**[Conditional Access](/sharepoint/control-access-from-unmanaged-devices)** supported. See [manual initialization](#manually-initializing-microsoft-loop-app-for-conditional-access-management-in-microsoft-entra) for Microsoft Entra support.|
+|Conditional Access |**[Conditional Access](/sharepoint/control-access-from-unmanaged-devices)** is supported.|**[Conditional Access](/sharepoint/control-access-from-unmanaged-devices)** supported.|
|Information Barriers |**[Information Barriers](/purview/information-barriers-sharepoint)** are enforced.|**[Information Barriers](/purview/information-barriers-sharepoint)** are enforced.| |Customer Key |**[Customer Lockbox](/purview/customer-lockbox-requests)** is supported.|**[Customer Lockbox](/purview/customer-lockbox-requests)** is supported.| |Programmatic APIs for Loop content |Yes, they're files in OneDrive or SharePoint and all current functionality applies.| **Not Yet Available**: <br>API access to Loop workspace containers isn't yet available. This impacts third party export and eDiscovery tools, migration tools, tools used to communicate in bulk to end-users about their content such as compliance requirements, and developer APIs.| |***Data Lifecycle***|||
-|Multi-Geo |**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities are supported, including creation of .loop files in a user's OneDrive in the geo that matches the user's [preferred data location](/microsoft-365/enterprise/plan-for-multi-geo#best-practices) and ability to move the user's OneDrive when their preferred data location changes.|**Not Yet Available**: <br>**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities, including creation of .loop files in a user's Loop workspaces in the geo that matches the user's [preferred data location](/microsoft-365/enterprise/plan-for-multi-geo#best-practices), aren't yet supported. <br>**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** rehome of Loop workspaces and contained .loop files as needed isn't yet supported.|
-|User leaves organization |When a user leaves an organization, [OneDrive retention policies](/sharepoint/retention-and-deletion) apply to the .loop files in their OneDrive just as they do to other content created by the user. See [Loop storage](#loop-storage) for more information.|Manage the lifetime of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites or Teams channels.|
+|Multi-Geo |**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities are supported, including creation of .loop files in a user's OneDrive in the geo that matches the user's [preferred data location](/microsoft-365/enterprise/plan-for-multi-geo#best-practices) and ability to move the user's OneDrive when their preferred data location changes.|**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities for Loop workspaces are supported using the [same mechanism as SPO sites](/powershell/module/sharepoint-online/start-spositecontentmove), including rehome. Manage the location of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites or Teams channels. <br><br>**Not Yet Available**: <br>Loop does not create user-owned workspaces. All workspaces are created as tenant-owned, in the tenant default geo.|
+|User leaves organization |When a user leaves an organization, [OneDrive retention policies](/sharepoint/retention-and-deletion) apply to the .loop files in their OneDrive just as they do to other content created by the user. See [Loop storage](#loop-storage) for more information.|Manage the lifetime of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites or Teams channels. <br><br>**Not Yet Available**: <br>Loop does not create user-owned workspaces. All workspaces are created as tenant-owned.|
|Loop workspaces |n/a|See [Available](#available-admin-capabilities) and [Admin Management not yet available](#admin-management-not-yet-available).| |Recycle bin |End user Recycle bin for deleted content is available.|End user Recycle bin for deleted content is available in each Loop workspace. <br><br>**Not Yet Available**: <br>End user Recycle bin for deleted Loop workspaces.| |Version history |**Version History** [export in Purview](/purview/ediscovery-export-search-results#step-1-prepare-search-results-for-export) or via [Graph API](/graph/api/driveitem-get-content-format) is available.|**Version History** [export in Purview](/purview/ediscovery-export-search-results#step-1-prepare-search-results-for-export) is available. <br><br>**Not Yet Available**: <br>[Programmatic API access to Loop workspace containers](#programmatic-apis-not-yet-available) isn't yet available.|
The following sections detail capabilities that are **not yet available** for Mi
- **Programmatic APIs for Loop workspace content**: API access to Loop workspace containers isn't yet available. These APIs are required in order to use third party tools for export and eDiscovery, migration, communicating in bulk to end-users about their content such as compliance requirements, and developer APIs. ### Admin Management not yet available-- **Multi-Geo** rehome of Loop workspaces and all contained .loop files isn't available. All Loop workspaces are created in the tenant default geo.+ - When users delete an entire Loop workspace, that Loop workspace isn't available in an **end-user visible Recycle bin**. Furthermore, restoring the Loop workspace using admin tooling doesn't update in the Loop app user experience. The user would need to visit a saved page link for a workspace that's restored in order to see it again. - When an **admin deletes** a Loop workspace, it **will not be removed from the user's view** of Loop workspaces. When users click on the deleted Loop workspace, it displays an error. - When an **admin modifies the list of owners or members** of a Loop workspace through the SharePoint Admin Center or via PowerShell, the **changes won't be visible to the users within that Loop workspace**. Changes to the workspace membership are only updated in the user's view of the Loop app if they're made directly within the Loop app itself.
+- All Loop workspaces are created as tenant-owned, in the tenant default geo. Loop does not create **user-owned workspace types**, so when an employee leaves the organization, their non-shared Loop workspaces such as Ideas become ownerless, remain in the tenant and are not automatically deleted.
- **Individual controls for guest or external sharing** of a specific Loop workspace isn't available.-- Get and set **conditional access policy** and **block download policy** tenant defaults are available. Individual controls per Loop workspace for these capabilities aren't available. ### Records Management not yet available - While Retention policies are enforced if configured at the *all SharePoint site* level, **setting or overriding the *all SharePoint sites* Retention policy on an individual Loop workspace** isn't yet available.
The following sections detail capabilities that are **not yet available** for Mi
- **Sensitivity Labeling** can't be configured at the Loop workspace level within the Loop app. It can be set using PowerShell per Loop workspace and viewed in the SharePoint Embedded admin center.
-## Manually initializing Microsoft Loop app for Conditional Access management in Microsoft Entra
-
-In order to select Microsoft Loop app from the cloud app target UX in the Microsoft Entra admin center: Protection | Conditional Access | Select what this policy applies to | select apps | Microsoft Loop, manual provisioning may be required.
-
-1. [Connect to Microsoft 365 with PowerShell - Microsoft 365 Enterprise | Microsoft Learn](/microsoft-365/enterprise/connect-to-microsoft-365-powershell)
-1. Copy the command, Paste into your PowerShell window's command line, and hit Enter to execute:
-
- ```PowerShell
- New-AzureADServicePrincipal -AccountEnabled $true -AppId a187e399-0c36-4b98-8f04-1edc167a0996 -AppRoleAssignmentRequired $false -DisplayName "Microsoft Loop app" -Tags {WindowsAzureActiveDirectoryIntegratedApp}
- ```
-- ## Managing Loop in your organization By reviewing the above information, you can make an informed decision on whether Microsoft Loop is ready for use as a software solution in your organization. As always, we continue to update this and other documentation to provide the compliance status of Microsoft Loop to help you make the best decisions for your organization.
solutions Apps License Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-license-manage.md
audience: ITPro Previously updated : 03/29/2024 Last updated : 07/15/2024 description: Manage app licenses used in Intune. ms.localizationpriority: high
Your Intune tenant maintains a connection with each of the apps stores to ensure
## Monitor app licenses used in Intune
-Intune provides a list of all the app licenses your tenant currently has in use. You can see the license name, the total number of licenses, the available licenses left to use, and the current licenses in use. When you view this list, you can also sync your volume purchased (VPP) licenses to be certain the list is up-to-date. For related information, see [Monitor app information and assignments with Microsoft Intune](/mem/
-intune/apps/apps-monitor).
+Intune provides a list of all the app licenses your tenant currently has in use. You can see the license name, the total number of licenses, the available licenses left to use, and the current licenses in use. When you view this list, you can also sync your volume purchased (VPP) licenses to be certain the list is up-to-date. For related information, see [Monitor app information and assignments with Microsoft Intune](/mem/intune/apps/apps-monitor).
:::image type="content" source="../media/purchase-add-managed-apps/purchase-add-managed-apps-17.png" alt-text="App licenses in Intune" border="false" :::