+[Microsoft 365 Government - how to buy](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/microsoft-365-government-how-to-buy)

+ Title: "Configure People Picker in SharePoint Server Subscription Edition"

+audience: ITPro

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+description: "Learn how to configure the People Picker web control in SharePoint Subscription Edition."

+# Configure People Picker in SharePoint Server Subscription Edition

+When modern authentication (a trusted identity provider) such as SAML 1.1 or OIDC 1.0 is used, the People Picker control can't search, resolve, and validate users and groups without writing a custom claim provider through C#. In SharePoint Server Subscription Edition, the People Picker has been enhanced to allow resolving users and groups based on their profiles in the User Profile Application (UPA).

+UPA must be configured to synchronize users and groups from the trusted identity provider membership store. This allows the People Picker to only resolve valid users and groups without requiring a custom claims provider. For more information, see [Enhanced People Picker for modern authentication](../administration/enhanced-people-picker-for-trusted-authentication-method.md).

+This article will help you to configure People Picker in SharePoint Server Subscription Edition using PowerShell cmdlets.

+## People Picker supports LDAPS (TLS connection encryption)

+As organizations become more aware of the risks of unencrypted communication over a network, some are choosing to implement policies that require encryption for all network connections. HTTP is one of the most common protocols that organizations want to protect, but there are other network communication protocols as well. One of those is the Lightweight Directory Access Protocol (LDAP), which is used by applications to access directory services. The SharePoint People Picker feature uses LDAP to look up users and groups in Active Directory forests and domains. LDAP isn't an encrypted protocol by default, although there are several options to enable encryption with it.

+To facilitate organizations that require encryption for LDAP traffic, the SharePoint People Picker feature has added support for Secure LDAP (LDAPS) in SharePoint Server Subscription Edition Version 23H2. This allows the People Picker to use TLS connection encryption to protect LDAP traffic to TCP ports 636 and 3269.

+To enable Secure LDAP (LDAPS) in the SharePoint People Picker, use the `SecureSocketsLayer` switch parameter with the `Set-SPPeoplePickerConfig` and `Add-SPPeoplePickerSearchADDomain` PowerShell cmdlets.

+Examples:

+- `Set-SPPeoplePickerConfig -WebApplication https://team.contoso.local -SecureSocketsLayer`

+- `Add-SPPeoplePickerSearchADDomain -WebApplication https://team.contoso.local -DomainName "contoso.local" -SecureSocketsLayer`

+For more information, see [Plan for People Picker in SharePoint](plan-for-people-picker.md).

+## PowerShell cmdlets to configure People Picker

+With SharePoint Server Subscription Edition, you can use PowerShell cmdlets to configure the People Picker settings instead of `stsadm.exe` commands.

+### Get-SPPeoplePickerConfig

+Use the following PowerShell cmdlet to get People Picker settings of a specified Web application.

+```powershell

+Get-SPPeoplePickerConfig

+ -WebApplication <SPWebApplicationPipeBind>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Get-SPPeoplePickerConfig`](/powershell/module/sharepoint-server/get-sppeoplepickerconfig).

+### Set-SPPeoplePickerConfig

+Use the `Set-SPPeoplePickerConfig` cmdlet to configure the following People Picker settings of a specified Web application:

+- Customized query filter sent to AD with People Picker query

+- Customized query sent to AD with People Picker query

+- The amount of time before AD search time-out

+- Whether the People Picker control should only return the site collection users when clicking the "Check Names" button

+- Whether the People Picker control should only return the site collection users when using the "Select People and Groups" dialog box

+- Whether return only non-Active Directory users when the Web application uses form-based authentication

+```powershell

+Set-SPPeoplePickerConfig

+ -WebApplication <SPWebApplicationPipeBind>

+ [-ActiveDirectoryCustomFilter <String>]

+ [-ActiveDirectoryCustomQuery <String>]

+ [-ActiveDirectorySearchTimeout <Int32>]

+ [-PeopleEditorOnlyResolveWithinSiteCollection]

+ [-OnlySearchWithinSiteCollection]

+ [-NoWindowsAccountsForNonWindowsAuthenticationMode]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Set-SPPeoplePickerConfig`](/powershell/module/sharepoint-server/set-sppeoplepickerconfig).

+### Add-SPPeoplePickerSearchADDomain

+Use this cmdlet to add a forest or domain to the list that the People Picker uses when searching for users.

+```powershell

+Add-SPPeoplePickerSearchADDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ -DomainName <String>

+ [-IsForest]

+ [-Index <Int32>]

+ [-Credential <PSCredential>]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Add-SPPeoplePickerSearchADDomain`](/powershell/module/sharepoint-server/add-sppeoplepickersearchaddomain).

+### Clear-SPPeoplePickerSearchADDomain

+Use this cmdlet to clear the list of People Picker search forests and domains for a specified Web application.

+```powershell

+Clear-SPPeoplePickerSearchADDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Clear-SPPeoplePickerSearchADDomain`](/powershell/module/sharepoint-server/clear-sppeoplepickersearchaddomain).

+### Get-SPPeoplePickerSearchADDomain

+Use this cmdlet to return all Active Directory forests or domains that the People Picker uses when searching for users.

+```powershell

+Get-SPPeoplePickerSearchADDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Get-SPPeoplePickerSearchADDomain`](/powershell/module/sharepoint-server/get-sppeoplepickersearchaddomain).

+### Remove-SPPeoplePickerSearchADDomain

+Use this cmdlet to remove a forest of domain from the list that the People Picker uses when searching for users.

+```powershell

+Remove-SPPeoplePickerSearchADDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ -DomainName <String>

+ [-IsForest]

+ [-UserName <String>]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Remove-SPPeoplePickerSearchADDomain`](/powershell/module/sharepoint-server/remove-sppeoplepickersearchaddomain).

+### Add-SPPeoplePickerDistributionListSearchDomain

+Use this cmdlet to add a domain to the People Picker distribution list search domains.

+```powershell

+Add-SPPeoplePickerDistributionListSearchDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ -DomainName <String>

+ [-Index <Int32>]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Add-SPPeoplePickerDistributionListSearchDomain`](/powershell/module/sharepoint-server/add-sppeoplepickerdistributionlistsearchdomain).

+### Clear-SPPeoplePickerDistributionListSearchDomain

+Use this cmdlet to clear the list of People Picker distribution list search domains.

+```powershell

+Clear-SPPeoplePickerDistributionListSearchDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Clear-SPPeoplePickerDistributionListSearchDomain`](/powershell/module/sharepoint-server/clear-sppeoplepickerdistributionlistsearchdomain).

+### Get-SPPeoplePickerDistributionListSearchDomain

+Use this cmdlet to return all domains in the People Picker distribution list search domains.

+```powershell

+Get-SPPeoplePickerDistributionListSearchDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ [-DomainName <String>]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Get-SPPeoplePickerDistributionListSearchDomain`](/powershell/module/sharepoint-server/get-sppeoplepickerdistributionlistsearchdomain).

+### Remove-SPPeoplePickerDistributionListSearchDomain

+Use this cmdlet to remove a domain from the People Picker distribution list search domains.

+```powershell

+Remove-SPPeoplePickerDistributionListSearchDomain

+ -WebApplication <SPWebApplicationPipeBind>

+ -DomainName <String>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Remove-SPPeoplePickerDistributionListSearchDomain`](/powershell/module/sharepoint-server/remove-sppeoplepickerdistributionlistsearchdomain).

+### Add-SPPeoplePickerServiceAccountDirectoryPath

+Use this cmdlet to add an OU to People Picker service account directory path list.

+```powershell

+Add-SPPeoplePickerServiceAccountDirectoryPath

+ -WebApplication <SPWebApplicationPipeBind>

+ -OrganizationalUnitName <String>

+ [-Index <Int32>]

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Add-SPPeoplePickerServiceAccountDirectoryPath`](/powershell/module/sharepoint-server/add-sppeoplepickerserviceaccountdirectorypath).

+### Clear-SPPeoplePickerServiceAccountDirectoryPath

+Use this cmdlet to clear the OUs of People Picker service account directory path list.

+```powershell

+Clear-SPPeoplePickerServiceAccountDirectoryPath

+ -WebApplication <SPWebApplicationPipeBind>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Clear-SPPeoplePickerServiceAccountDirectoryPath`](/powershell/module/sharepoint-server/clear-sppeoplepickerserviceaccountdirectorypath).

+### Remove-SPPeoplePickerServiceAccountDirectoryPath

+Use this cmdlet to remove an OU from People Picker service account directory path list.

+```powershell

+Remove-SPPeoplePickerServiceAccountDirectoryPath

+ -WebApplication <SPWebApplicationPipeBind>

+ -OrganizationalUnitName <String>

+ [-AssignmentCollection <SPAssignmentCollection>]

+ [-WhatIf]

+ [-Confirm]

+ [<CommonParameters>]

+```

+For more information, see [`Remove-SPPeoplePickerServiceAccountDirectoryPath`](/powershell/module/sharepoint-server/remove-sppeoplepickerserviceaccountdirectorypath).

+## See also

+- [Configure People Picker in SharePoint Server](configure-people-picker.md)

+- [Plan for People Picker in SharePoint](plan-for-people-picker.md)

+ Title: "Configure People Picker in SharePoint Server"

+audience: ITPro

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+description: "Learn how to configure the People Picker web control in SharePoint Server."

+# Configure People Picker in SharePoint Server

+People Picker can be configured for a farm at the zone level by using the Stsadm **setproperty** operation. By configuring the settings for this control, you can filter and restrict the results that are displayed when a user searches for a user, group, or claim. Those settings will apply to every site within the site collection.

+The information in this article applies only to Web applications that use Windows authentication in either classic mode or claims mode.

+The People Picker control is used to find and select users, groups, and claims when a site, list, or library owner assigns permissions in Microsoft SharePoint Server. For more information about the People Picker properties, see [Peoplepicker: Stsadm properties](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263318(v=office.12)).

+> [!NOTE]

+> There are no Windows PowerShell commands to configure People Picker in SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, or SharePoint Server 2019. However, you can use the PowerShell commands to configure People Picker in SharePoint Subscription Edition. For more information, see [Configure People Picker in SharePoint Subscription Edition](configure-people-picker-subscription-edition.md).

+This article contains information on how to configure People Picker for specific scenarios. For more information about the People Picker control and how it works, its relationship to authentication and claim providers, and how to plan for People Picker, see [People Picker and claims providers overview](people-picker-and-claims-providers-overview.md).

+## Prerequisites to configure People Picker

+Ensure that the following requirements are met before configuring People Picker:

+- Verify that the account you use to run `Stsadm` is a member of the local Administrators group on the server in which SharePoint Server is installed.

+- Open the command prompt window as an administrator to perform the procedures in this article.

+- In the command prompt on the driver where SharePoint Server is installed, change to the following directory: `%CommonProgramFiles%\Microsoft Shared\Web Server Extensions\x\Bin`.

+ >[!NOTE]

+ > Replace the number mapping value, that is "x" in the directory based on the version of SharePoint you have installed. The following are the SharePoint versions and their respective number mapping values:

+ >

+ > - SharePoint 2010: **14**

+ > - SharePoint 2013: **15**

+ > - SharePoint 2016 and SharePoint 2019: **16**

+## People Picker settings configuration

+Once the prerequisites are met, you can perform the following procedures:

+- [Check the setting value for any property](#check-the-setting-value-for-any-property)

+- [Clear a property value from People Picker](#clear-a-property-value-from-people-picker)

+- [Set an encryption key for use with a one-way trust](#set-an-encryption-key-for-use-with-a-one-way-trust)

+- [Enable cross-forest or cross-domain queries with a one-way trust](#enable-cross-forest-or-cross-domain-queries-when-using-a-one-way-trust)

+- [Restrict People Picker to a certain group in Active Directory](#restrict-people-picker-to-a-certain-group-in-active-directory)

+- [Define the location of administrator accounts](#define-the-location-of-administrator-accounts)

+- [Force People Picker to pick only from users in the site collection](#force-people-picker-to-pick-only-from-users-in-the-site-collection)

+- [Filter Active Directory accounts by using LDAP queries](#filter-active-directory-accounts-by-using-ldap-queries)

+- [Return only non-Active Directory user accounts](#return-only-non-active-directory-user-accounts)

+### Check the setting value for any property

+To check the setting for any People Picker property, type the following command:

+```console

+stsadm.exe -o getproperty -pn <Property Name> -url <Web application URL>

+```

+For more information, see [Peoplepicker: Stsadm properties](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263318(v=office.12)).

+### Clear a property value from People Picker

+You can remove the setting for a People Picker property by specifying the property name you want to clear and using empty quotation marks for the property value.

+To remove a property setting from People Picker, type the following command:

+```console

+stsadm.exe -o setproperty -pn <Property Name> -pv "" -url <Web application URL>

+```

+For more information, see [Peoplepicker-searchadforests: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263460(v=office.12)).

+### Set an encryption key for use with a one-way trust

+If the forest or domain on which SharePoint Server is installed has a one-way trust with another forest or domain, you must first set the credentials for the account that is allowed to authenticate with the forest or domain to be queried before you can use the Stsadm **peoplepicker-searchadforests** property.

+> [!NOTE]

+> The encryption key must be set on every front-end Web server in the farm on which SharePoint Server is installed.

+To set an encryption key, type the following command:

+```console

+stsadm.exe -o setapppassword -password <key>

+```

+### Enable cross-forest or cross-domain queries when using a one-way trust

+If the forest or domain on which SharePoint Server is installed has a one-way trust with another forest or domain, you must specify the credentials to be used to query the forest or domain, in addition to the names of the forests or domains to be queried. People Picker will only query the forests or domains that you specify in the **peoplepicker-searchadforests** property setting.

+To specify the forests or domains to be queried along with the credentials, type the following command:

+```console

+stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv <Valid list of forests or domains, Login name, Password> -url <Web application URL>

+```

+> [!NOTE]

+> You do not need to include the encryption key password that you assigned to the account when using the **peoplepicker-searchadforests** property. However, if you have not already set an encryption key for the account, en error message will be displayed.

+The following example configures People Picker for use with a forest named Contoso.com and a domain named Fabrikam.com, and includes the credentials for each:

+```console

+sTSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "forest:Contoso.com,Contoso\User1,Password1; domain:Fabrikam.com,Fabrikam\User2,Password2" -url https://ServerName

+```

+For more information, see [Peoplepicker-searchadforests: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263460(v=office.12)).

+### Restrict People Picker to a certain group in Active Directory

+If a Web application is using Windows authentication and the site user directory path isn't set, the People Picker control searches the entire Active Directory to resolve users' names or find users, instead of searching only users within a particular organizational unit (OU). The Stsadm **setsiteuseraccountdirectorypath** operation allows the user's directory path to be set to a specific OU in the same domain. After the directory path is set to a site collection, the People Picker control will only search under that particular OU.

+To restrict People Picker to a certain OU in Active Directory, type the following command:

+```console

+stsadm -o setsiteuseraccountdirectorypath -path <Valid OU name> ΓÇôurl <Web application URL>

+```

+The following example configures People Picker to only return users and groups in the OU named "Sales":

+```console

+stsadm -o setsiteuseraccountdirectorypath -path "OU=Sales,DC=ContosoCorp,DC=local" -url https://ServerName

+```

+> [!NOTE]

+> Only a single site user directory path can be set at a time for a site collection. Hence this property specifies only one OU at a time, and you should run the Stsadm **setsiteuseraccountdirectorypath** operation only once per site collection.

+For more information, see [Setsiteuseraccountdirectorypath: Stsadm operation](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263328(v=office.12)).

+### Define the location of administrator accounts

+Administrative user accounts are often located in a different OU from regular site users. If you have used the Stsadm **setsiteuseraccountdirectorypath** operation to force People Picker to only return query resulting from a specific OU, you must also set the Stsadm **peoplepicker-serviceaccountdirectorypaths** property so the administrator can manage the site collection.

+> [!NOTE]

+> Before the **peoplepicker-serviceaccountdirectorypaths** property works, the **Setsiteuseraccountdirectorypath** operation must be set to contain a value.

+To define the location of administrator accounts, type the following command:

+```console

+stsadm -o setproperty -pn peoplepicker-serviceaccountdirectorypaths -pv <A list of OU names> -url <Web application URL>

+```

+The following example configures People Picker to allow users that are in the OU "FarmAdmin":

+```console

+stsadm -o setproperty -pn peoplepicker-serviceaccountdirectorypaths -pv "OU=FarmAdmin,DC=Contoso,DC=local" -url https://ServerName

+```

+For more information, see [Peoplepicker-serviceaccountdirectorypaths: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263012(v=office.12))).

+## Force People Picker to pick only from users in the site collection

+The People Picker control consists of a text box, and two buttons, such as the **Check Names** button and the **Browse** button.

+- The **Check Names** button is used to resolve a user name, group name or e-mail address exactly as it was typed into the text box.

+- The **Browse** button opens the **Select People and Groups** dialog box, which can be used to submit a query for a full or partial string.

+The main difference between the two is that the **Check Names** button only resolves exactly what is in the text box, whereas the **Select People and Groups** dialog box searches for the query string. You can force People Picker to only return users who have permissions in the site collection by using either the **PeoplePicker-Peopleeditoronlyresolvewithinsitecollection** property or the **PeoplePicker-Onlysearchwithinsitecollection** property. However, the property you use to configure this restriction will depend on whether you want to set the restriction for the text box (People editor) and **Check Names** button, or for the **Select People and Groups** dialog box.

+To force People Picker to only return users who have permissions in the site collection when the **Check Names** button is clicked, type the following command:

+```console

+stsadm -o setproperty ΓÇôpn peoplepicker-Peopleeditoronlyresolvewithinsitecollection ΓÇôpv yes ΓÇôurl <Web application URL>

+```

+To force People Picker to only return users who have permissions in the site collection when the **Select People and Groups** dialog box is used, type the following command:

+```console

+stsadm -o setproperty ΓÇôpn peoplepicker-onlysearchwithinsitecollection ΓÇôpv yes ΓÇôurl <Web application URL>

+```

+For more information, see [Peoplepicker-onlysearchwithinsitecollection: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc261988(v=office.12)) and [Peoplepicker-peopleeditoronlyresolvewithinsitecollection: Stsadm property](/previous-versions/office/sharepoint-foundation-2010/gg602064(v=office.14)).

+### Filter Active Directory accounts by using LDAP queries

+You can use a Lightweight Directory Access Protocol (LDAP) query to create a custom filter for displaying query results. For more information about LDAP queries, see [LDAP Query Basics](https://go.microsoft.com/fwlink/p/?linkid=207670).

+To use a custom LDAP query, type the following command:

+```console

+Stsadm ΓÇôo setproperty ΓÇôpn peoplepicker-searchadcustomfilter -pv <LDAP query filter> -url <Web application URL>

+```

+The following example filters out user accounts that don't have e-mail addresses, or that are disabled. Because security groups don't always have e-mail addresses associated with them, an *OR* statement is used to ensure that security groups are still included in the query results:

+```console

+stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(|(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectcategory=group))" -url https://ServerName

+```

+The following example only returns active users, and not groups:

+```console

+stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -url https://ServerName

+```

+For an explanation of the user account control string used in this query, see [Search Filter Syntax](https://go.microsoft.com/fwlink/p/?linkid=210020).

+The following example returns a list of Active Directory users with the title "Manager":

+```console

+stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "((Title=Manager))" -url https://ServerName

+```

+> [!IMPORTANT]

+> Remember that every time you run the `setproperty` command for a specific property, that property's current values will be overwritten by the new values you specify. If you need to filter query results based on multiple criteria, you will need to build a compound LDAP query that includes all the values for which you want to filter.

+For more information, see [Peoplepicker-searchadcustomfilter: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263452(v=office.12)).

+### Return only non-Active Directory user accounts

+If your Web application uses forms-based authentication, you can prevent People Picker from returning Active Directory accounts in the query results.

+To return only non-Active Directory user accounts, type the following command:

+```console

+stsadm -o setproperty -pn peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode -pv yes -url <Web application URL>

+```

+For more information, see [Peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode: Stsadm property](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263264(v=office.12)).

+## See Also

+- [Configure People Picker in SharePoint Subscription Edition](configure-people-picker-subscription-edition.md)

+- [Enhanced People Picker for modern authentication](enhanced-people-picker-for-trusted-authentication-method.md)

+Follow these steps to select a feature release preference for your SharePoint farm using SharePoint Central Administration:

+1. Click **System Settings**.

+1. Click **Feature release preference**.

+1. Select either **Early release** or **Standard release (Default)** and then click **OK**.

+1. Run **SharePoint Products Configuration Wizard** on each server in your SharePoint farm to ensure all features recognize the new feature release preference.

+Follow these steps to select a feature release preference for your SharePoint farm using Windows PowerShell:

+> To set this using Windows PowerShell, you must be running **SharePoint Server Subscription Edition Version 23H2** or a newer version.

+1. Launch the **SharePoint Management Shell** or a Windows PowerShell console.

+1. Run the **Set-SPFeatureReleasePreference** cmdlet with the **FeatureReleaseRing** parameter, specifying either **Early** or **Standard** for the parameter value. <br>Set-SPFeatureReleasePreference -FeatureReleaseRing {Early | Standard}

+1. Run **SharePoint Products Configuration Wizard** on each server in your SharePoint farm to ensure all features recognize the new feature release preference.

+People Picker is configured at the zone level for a farm by using the Stsadm **setproperty** operation. By configuring the settings for the control, you can filter and restrict the results that are displayed when a user searches for a user, group, or claim. Those settings will apply to every site in a specific site collection. For more information about how to configure People Picker, see [Configure People Picker in SharePoint Server](configure-people-picker.md).

+When a web application is configured to use Windows authentication, you can limit the suggested results by using the Stsadm **setproperty** operation to change the settings for the People Picker control. For example, you can configure People Picker to return only users, groups, and claims that belong to a certain Active Directory domain or are members of a specific site collection. For more information about how to configure the People Picker control, see [Configure People Picker in SharePoint Server](configure-people-picker.md).

+[Configure People Picker in SharePoint Server](configure-people-picker.md)

+You use the People Picker control to find and select people, groups, and claims when a site, list, or library owner assigns permissions in SharePoint Server. This article describes how to plan for People Picker. For information about how to configure People Picker, see [Configure People Picker in SharePoint Server](configure-people-picker.md).

+To configure People Picker for a one-way trust, see [Configure People Picker in SharePoint Server](configure-people-picker.md).

+[Configure People Picker in SharePoint Server](configure-people-picker.md)

+**APPLIES TO:** 2010 2013 2016 2019 Subscription Edition

+Before you begin this operation, see the following article for information about prerequisites regarding the creation of content sources:

+- [Create a Search service application](create-and-configure-a-search-service-application.md)

+2. On SharePoint Server Central Administration home page, navigate to **Application Management > Manage service applications > Search service application**.

+

+3. On the **Search Administration** page, under **Crawling**, select **Content Sources**.

+1. On the **Manage Content Sources** page, select **New Content Source**.

+2. On the **Add Content Source** page, under **Name**, type a name for the new content source in the **Name** box.

+3. Under **Content Source Type**, select the type of content that you want to crawl.

+4. Under **Start Addresses**, type the URLs from which the crawler should begin crawling in the **Type start addresses below (one per line)** box.

+5. Under **Crawl Settings**, select the crawling behavior that you want.

+6. Under **Crawl Schedules**, to specify a schedule for full crawls, select a defined schedule from the **Full Crawl** list. A full crawl involves crawling all content that is specified by the content source, regardless of whether the content has changed. To define a full crawl schedule, select **Create schedule**.

+7. To specify a schedule for incremental crawls, select a defined schedule from the **Incremental Crawl** list. An incremental crawl involves crawling content that is specified by the content source that has changed since the last crawl. To define a schedule, select **Create schedule**. You can change a defined schedule by selecting **Edit schedule**.

+ > [!NOTE]

+ > For a content source that is of type SharePoint Server sites, you can enable continuous crawls. For more information, see [Manage continuous crawls in SharePoint Server](manage-continuous-crawls.md).

+8. To set the priority of this content source, under **Content Source Priority**, select **Normal** or **High** from the **Priority** list.

+9. Select **OK**.

+2. On the **Manage Content Sources** page, in the list of content sources, point to the name of the content source that you want to edit, click the arrow that appears, and then select **Edit**.

+3. After you make the changes that you want, select **OK**.

+1. On the **Manage Content Sources** page, in the list of content sources, point to the name of the content source that you want to delete, click the arrow that appears, and then select **Delete**.

+2. Select **OK** to confirm that you want to delete this content source.

+Starting with the SharePoint Server Subscription Edition Version 23H2 feature update, you have the ability to configure the HTTP protocol version that applications would use to search your content sources.

+> [!NOTE]

+> By default, the search service application search crawler uses the HTTP 1.1 protocol version. The search crawler will use the HTTP 1.0 protocol version when configured so.

+You can configure an HTTP protocol version to be applicable to specific content sources. These HTTP protocol versions can be configured only by using the following cmdlets:

+- New-SPEnterpriseSearchCrawlContentSource

+- Set-SPEnterpriseSearchCrawlContentSource

+When you use these PowerShell cmdlets, you can specify the `HttpProtocol` parameter with the following options:

+- **Default**: This option refers to the system default one, currently HTTP 1.1.

+- **Http_1_0**: This option refers to the HTTP 1.0 protocol.

+- **Http_1_1**: This option refers to the HTTP 1.1 protocol.

+When an AMSI-capable antivirus or anti-malware solution is integrated with SharePoint Server, it can examine `HTTP` and `HTTPS` requests made to the server and prevent SharePoint Server from processing dangerous requests. Any AMSI-capable antivirus or anti-malware program that is installed on the server performs the scan as soon as the server starts to process the request.

+Starting with the September 2023 security updates for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition, AMSI integration with SharePoint Server becomes enabled by default for all web applications within SharePoint Server. This modification aims to enhance the general security of customer environments and mitigate potential security breaches. However, based on their requirements, customers retain the option to deactivate the AMSI integration functionality.

+To initiate the September 2023 security updates, customers only need to install the update and run the SharePoint Products Configuration Wizard.

+> [!NOTE]

+> If customers skip installing the September 2023 public update, this change will be activated upon their installation of the subsequent public update that includes the September 2023 security updates for SharePoint Server 2016/2019 or the Version 23H2 feature update for SharePoint Server Subscription Edition.

+If customers prefer not to have AMSI integration enabled automatically within their SharePoint Server farms, they can follow these steps:

+1. Install the September 2023 security updates for SharePoint Server 2016/2019 or the Version 23H2 feature update for SharePoint Server Subscription Edition.

+1. Run the SharePoint Products Configuration Wizard.

+1. Follow the standard steps to disable the AMSI integration feature in your web applications.

+If you follow these steps, SharePoint won't attempt to re-enable the feature while installing future public updates.

+To manually deactivate/activate the AMSI integration per web application, perform the following steps:

+4. On the **SharePoint Server Antimalware Scanning** screen, select **Deactivate** to switch off AMSI integration, or select **Activate** to switch on AMSI integration.

+Alternatively, you can deactivate AMSI integration for a web application by running the following PowerShell command:

+Disable-SPFeature -Identity 4cf046f3-38c7-495f-a7da-a1292d32e8e9 -Url <web application URL>

+Or activate AMSI integration for a web application by running the following PowerShell command:

+Enable-SPFeature -Identity 4cf046f3-38c7-495f-a7da-a1292d32e8e9 -Url <web application URL>

+You can test the Antimalware Scan Interface (AMSI) feature to verify that it's working correctly. This involves sending a request to SharePoint Server with a special test string that Microsoft Defender recognizes is for testing purposes. This test string isn't dangerous, but Microsoft Defender treats it as if it is malicious so you can confirm how it behaves when it encounters malicious requests.

+If AMSI integration is enabled in SharePoint Server and is using Microsoft Defender as its malware detection engine, the presence of this test string results in the request being blocked by AMSI instead of being processed by SharePoint.

+By default, [Microsoft Defender Antivirus](https://support.microsoft.com/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963) (MDAV), an AMSI-capable solution, is automatically enabled and installed on endpoints and devices that are running Windows 10, Windows Server 2016, and later. If you haven't installed an antivirus/anti-malware application, SharePoint Server AMSI integration will work with MDAV. If you install and enable another antivirus/anti-malware application, MDAV will automatically turn off. If you uninstall the other app, MDAV will automatically turn back on, and the SharePoint Server integration will work with MDAV.

+These steps determine your current engine version, check for updated definitions, and report.

+ Title: "Custom branding in Suite Navigation Bar"

+audience: ITPro

+f1.keywords:

+- NOCSH

+ms.localizationpriority: high

+- IT_Sharepoint_Server

+- IT_Sharepoint_Server_Top

+- Strat_SP_server

+description: "Learn about the Custom Branding feature, which is one of the newly introduced features in SharePoint Server Subscription Edition Version 23H2."

+# Custom branding in Suite Navigation Bar

+This article describes the "Custom branding in Suite Navigation Bar" feature, which is one of the new features introduced in the SharePoint Server Subscription Edition Version 23H2 feature update.

+## Custom branding in the Suite Navigation Bar

+The SharePoint Server modern UX provides a powerful yet intuitive user interface that scales from desktop to mobile devices. However, the architecture of the modern UX limited the opportunities for organizations to apply custom branding to the Suite Navigation Bar, which is the global navigation bar that provides access to the App Launcher, contextual settings menu, and user welcome control in SharePoint sites.

+SharePoint Server Subscription Edition Version 23H2 introduces the ability for organizations to apply custom branding in the Suite Bar to better align with their branding standards. SharePoint farm administrators can specify and update the following attributes of the Suite Navigation Bar:

+- **SuiteNavAllowOverwrite**: Determines whether the Suite Navigation Bar settings of the web application can be overridden at the site-collection level. The default value is **false**, meaning any attempt to customize the Suite Navigation Bar at the site collection-level will be ignored. When this attribute's value is set to **true**, the web application-level Suite Navigation Bar settings apply to all site collections, except those collections to which explicit customizations have been made.

+- **SuiteNavBrandingText**: Specifies the branding text of the Suite Navigation Bar.

+- **SuiteNavBrandingLogoUrl**: Specifies a URL location that points to your logo. Ensure that the logo is from within the web application. The logo can be in the BMP, JPG, JPE, JPEG, PNG, GIF, or SVG format.

+- **SuiteNavBrandingLogoTitle**: Specifies the title of your logo.

+- **SuiteNavBrandingLogoNavigationUrl**: Specifies the URL to which users will navigate when they select the branding text or the logo.

+- **SuiteBarBackground**: Sets a color to use for the background of the Suite Navigation Bar. The Suite Navigation Bar appears at the top on every page of your web application. The color value should be in the form #AARRGGBB, #RRGGBB, or #RGB as hex values.

+- **SuiteBarText**: Sets a color to use for the text and icons on the Suite Navigation Bar.

+- **SuiteNavAccentColor**: Sets a color to use for the background color of buttons on the Suite Navigation Bar when you hover on them.

+### Example 1

+1. Set the feature release ring to **Early release** for your farm to make this feature available in the SharePoint Server Subscription Edition version 23H2. For more information, see

+[Feature release rings](../administration/feature-release-rings.md).

+2. Enable a web application to allow custom branding by setting the **SuiteNavAllowCustom** web application-level property to **true**. This property must be set to **true** for any of the other properties to take effect.

+ ```PowerShell

+ $webapp = Get-SPWebApplication http://spwfe

+ $webapp.SuiteNavAllowCustom = $true

+ $webapp.Update()

+ ```

+3. Set all the options, as shown in the following command-syntax example:

+ ```PowerShell

+ $webapp.SuiteNavBrandingText = "Suite Bar Branding"

+ $webapp.SuiteNavBrandingLogoUrl = "http://spwfe/Photos/IMG_5004-1-scaled.jpg"

+ $webapp.SuiteNavBrandingLogoTitle = "Logo Branding"

+ $webapp.SuiteNavBrandingLogoNavigationUrl = "https://www.microsoft.com/"

+ $webapp.SuiteBarBackground = '#eed5b7'

+ $webapp.SuiteNavAccentColor = '#7fffd4'

+ $webapp.SuiteBarText = '#000000'

+ $webapp.update()

+ ```

+### Example 2

+1. Allow the custom branding by running the following command-syntax:

+ ```PowerShell

+ $webapp = Get-SPWebApplication http://spwfe

+ $webapp.SuiteNavAllowCustom = $true

+ $webapp.Update()

+ ```

+2. Set all the options by running the following command-syntax:

+ ```PowerShell

+ $webapp.SuiteNavBrandingText = "Contoso Bass Adventures"

+ $webapp.SuiteNavBrandingLogoUrl = "http://spwfe/Photos/bass-illustration.svg"

+ $webapp.SuiteNavBrandingLogoTitle = "Contoso Logo"

+ $webapp.SuiteNavBrandingLogoNavigationUrl = "https://www.contoso.com/"

+ $webapp.SuiteBarBackground = '#999966'

+ $webapp.SuiteNavAccentColor = '#006600'

+ $webapp.SuiteBarText = '#000000'

+ $webapp.update()

+ ```

+ :::image type="content" source="../media/apply-custom-branding.png" alt-text="Screenshot that shows the site page after the custom branding feature has been applied." lightbox="../media/apply-custom-branding.png":::

+If you're using Microsoft Defender as your antimalware scan engine, ensure that real-time protection is enabled on each server listed in the "Failing Servers" section of this health report.

+1. Select the **Start** button.

+2. Select **Settings**.

+3. Select **Update & Security**.

+4. Select **Windows Security**.

+5. Select **Virus & protection settings**.

+6. Select **Manage settings**.

+7. Ensure Real-time protection is set to **On**.

+ Title: "Basic authentication is being deprecated (SharePoint Server)"

+audience: ITPro

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+- IT_Sharepoint_Server

+- IT_Sharepoint_Server_Top

+description: "Learn how to disable Basic authentication as it is being deprecated."

+# Basic authentication is being deprecated (SharePoint Server)

+**Rule Name:** Basic authentication is being deprecated

+**Summary:** Basic authentication is currently enabled in one or more web applications within SharePoint Server. It's important to note that Basic authentication is being deprecated and will no longer be supported in SharePoint Server for all scenarios. For more information, see [What's deprecated or removed from SharePoint Server Subscription Edition](../what-s-new/what-s-deprecated-or-removed-from-SharePoint-Server-Subscription-Edition.md#basic-authentication).

+Basic authentication doesn't provide confidentiality protection for the transmitted credentials. To better protect your SharePoint Server, it's highly recommended that you migrate web applications to a modern authentication mechanism (for example, Trusted Identity providers) as soon as possible.

+**Cause:** One or more web applications in your SharePoint Server are using Basic authentication, which is being deprecated.

+**Resolution: Disable Basic authentication**

+Ensure that Basic authentication is disabled in both SharePoint Server and IIS settings:

+Follow these steps to disable Basic authentication in SharePoint Server:

+1. Verify that you're the farm admin.

+2. Navigate to **Central Administration,** select **Application Management,** and then select **Manage web applications**.

+3. Select the web application you want to disable Basic authentication.

+4. Click on the **Authentication Providers** link in the ribbon.

+5. Choose the appropriate zone for the web application.

+6. Uncheck the option **Basic authentication (password is sent in clear text)**.

+Follow these steps to disable Basic authentication in IIS:

+1. Verify that you're a member of the Administrators group on the server where you're configuring IIS.

+2. On the Start menu, point to All Programs, select **Administrative Tools,** and then select **Internet Information Services (IIS) Manager** to start the IIS Management Console.

+3. Expand Sites on the console tree, right-click the IIS web site that corresponds to the web application zone where you want to disable Basic authentication.

+4. In the middle pane, double-click the **Authentication** icon.

+5. In the Authentication pane, locate and select **Basic authentication**.

+6. In the Actions pane on the right-hand side, click **Disable** to disable Basic authentication.

+- [Basic authentication is being deprecated (SharePoint Server)](basic-auth-is-being-deprecated.md)

+## Summary of the features

+The following table provides a summary of the new features introduced in the SharePoint Server Subscription Edition Version 23H1 feature update.

+ Title: "New and improved features in SharePoint Server Subscription Edition Version 23H2"

+audience: ITPro

+f1.keywords:

+- NOCSH

+ms.localizationpriority: high

+- IT_Sharepoint_Server

+- IT_Sharepoint_Server_Top

+- Strat_SP_server

+description: "Learn about the new features and updates to existing features in SharePoint Server Subscription Edition Version 23H2."

+# New and improved features in SharePoint Server Subscription Edition Version 23H2

+Learn about the new features and updates introduced in the SharePoint Server Subscription Edition Version 23H2 feature update.

+## Summary of the features

+The following table provides a summary of the new features introduced in the SharePoint Server Subscription Edition Version 23H2 feature update.

+|**Feature**|**Release ring**|**More information**|

+|:--|:--|:--|

+| **Private key management in certificate management** | Standard release | For more information, see [Private key management in certificate management](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#private-key-management-in-certificate-management). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **Support for wildcard host header bindings** | Standard release | For more information, see [Support for wildcard host header bindings](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#support-for-wildcard-host-header-bindings). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **Expanded usage of modern sharing dialog** | Standard release | For more information, see [Expanded usage of modern sharing dialog](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#expanded-usage-of-modern-sharing-dialog). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **Column totals in modern list views** | Standard release | For more information, see [Column totals in modern list views](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#column-totals-in-modern-list-views). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **Enhanced Quick Chart web part** | Standard release | For more information, see [Enhanced Quick Chart web part](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#enhanced-quick-chart-web-part). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **Improved file picker** | Standard release | For more information, see [Improved file picker](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release#improved-file-picker). <br/> <br/> This was part of *Early release* in the Version 23H1 feature update. |

+| **AMSI integration enabled by default** | Standard release | For more information, see [AMSI integration enabled by default](#amsi-integration-enabled-by-default). |

+| **AMSI health analyzer rule** | Standard release | For more information, see [AMSI health analyzer rule](#amsi-health-analyzer-rule). |

+| **People Picker supports LDAPS (TLS connection encryption)** | Standard release | For more information, see [People Picker supports LDAPS (TLS connection encryption)](#people-picker-supports-ldaps-tls-connection-encryption). |

+| **Search crawler uses HTTP 1.1 by default** | Standard release | For more information, see [Search crawler uses HTTP 1.1 by default](#search-crawler-uses-http-11-by-default). |

+| **SharePoint Framework (SPFx) component upgrades** | Standard release | For more information, see [SharePoint Framework (SPFx) component upgrades](#sharepoint-framework-spfx-component-upgrades). |

+| **New PowerShell cmdlets to manage feature release rings** | Standard release | For more information, see [New PowerShell cmdlets to manage feature release rings](#new-powershell-cmdlets-to-manage-feature-release-rings). |

+| **Custom branding in the Suite Bar** | Early release | For more information, see [Custom branding in the Suite Bar](#custom-branding-in-the-suite-bar). |

+## Detailed description of features

+This section provides detailed descriptions of the new and updated features in SharePoint Server Subscription Edition Version 23H2.

+> [!NOTE]

+> Features previously introduced in the Version 23H1 feature update will not be described here. For more information on Version 23H1, see [New and improved features in SharePoint Server Subscription Edition Version 23H1](/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-23h1-release).

+### AMSI integration enabled by default

+Antimalware Scan Interface (AMSI) integration allows AMSI-capable antimalware solutions to scan `HTTP` and `HTTPS` requests that are sent to SharePoint Server. If a request is deemed to be dangerous by that antimalware solution, AMSI can block the request from being processed by SharePoint Server, providing an additional layer of protection from cybersecurity attacks.

+Although the AMSI integration feature was first introduced in SharePoint Server Subscription Edition Version 22H2, it wasn't enabled by default. Customers had to enable the feature on each web application that they wanted to protect in the farm. Since then, we've seen security attacks continue to become more sophisticated and the potential impact to customers has grown.

+To help prevent successful security attacks and improve the overall security of customer environments, AMSI integration will be enabled by default for all web applications starting with the Version 23H2 feature update. Customers only need to install the update and run the SharePoint Products Configuration Wizard to trigger the upgrade action. If customers skip installing the September 2023 Public Update, this change will be triggered by the next public update they install that contains the Version 23H2 feature update.

+If customers don't want AMSI integration to be enabled in their SharePoint Server farms, they can install the Version 23H2 feature update, run the SharePoint Products Configuration Wizard, and then follow the standard steps to disable the feature in their web applications. If you follow these steps, SharePoint won't attempt to re-enable the feature when installing future public updates.

+For more information, see [Configure AMSI integration with SharePoint Server](/sharepoint/security-for-sharepoint-server/configure-amsi-integration).

+### AMSI health analyzer rule

+SharePoint Server Subscription Edition Version 23H2 further improves AMSI protection with the introduction of a SharePoint health analyzer rule. This health rule is designed to confirm that AMSI protection is functioning as expected and notify SharePoint farm administrators when it isn't.

+Once an hour, this health analyzer rule will check to see if AMSI integration is enabled on any web applications in the farm. If it is, the health analyzer rule will send simulated web requests through AMSI on every server in the farm that hosts a web application. It checks to see if AMSI returns the expected status code showing that the request has been successfully scanned. If any of the simulated web requests don't result in a successful status code (meaning AMSI didn't successfully scan the simulated web request), then this health analyzer rule will record a failure. The health analyzer rule report in Central Administration will list which servers in the farm experienced a failure and recommended steps to fix it.

+For more information, see [Antimalware Scan Interface (AMSI) protection may not be working](/sharepoint/technical-reference/amsi-protection-may-not-be-working).

+### People Picker supports LDAPS (TLS connection encryption)

+As organizations become more aware of the risks of unencrypted communication over a network, some are choosing to implement policies that require encryption for all network connections. `HTTP` is one of the most common protocols that organizations want to protect, but there are other network communication protocols as well. One of those is the Lightweight Directory Access Protocol (LDAP), which is used by applications to access directory services. The SharePoint People Picker feature uses LDAP to look up users and groups in Active Directory forests and domains. LDAP is not an encrypted protocol by default, although there are several options to enable encryption with it.

+To better support organizations that want to require encryption for LDAP traffic, the SharePoint People Picker feature has added support for Secure LDAP (LDAPS) in SharePoint Server Subscription Edition Version 23H2. This allows the People Picker to use TLS connection encryption to protect LDAP traffic to TCP ports 636 and 3269.

+To enable Secure LDAP (LDAPS) in the SharePoint People Picker, use the SecureSocketsLayer switch parameter with the *Set-SPPeoplePickerConfig* and *Add-SPPeoplePickerSearchADDomain* PowerShell cmdlets.

+For more information, see [Configure People Picker in SharePoint Server Subscription Edition](/sharepoint/administration/configure-people-picker-subscription-edition).

+### Search crawler uses HTTP 1.1 by default

+Previously, a SharePoint Search Service Application would crawl `HTTP` or `HTTPS`-based content sources using the `HTTP` 1.0 protocol. Although this is a valid version of the `HTTP` protocol, some network and security infrastructure may choose to block requests that use this protocol version.

+To ensure better compatibility with modern network and security infrastructure, SharePoint Search Service Applications will now crawl `HTTP` and `HTTPS`-based content sources using the `HTTP` 1.1 protocol by default. `HTTP` 1.1 is a well-supported protocol across the ecosystem and we don't anticipate any negative impact as a result of this change in our default behavior.

+Customers who wish to directly control which `HTTP` protocol version is used for each of their content sources can do so by specifying the HttpProtocol parameter with the *New-SPEnterpriseSearchCrawlContentSource* and *Set-SPEnterpriseSearchCrawlContentSource* PowerShell cmdlets.

+For more information, see [Add, edit, or delete a content source in SharePoint Server](/sharepoint/search/add-edit-or-delete-a-content-source).

+### SharePoint Framework (SPFx) component upgrades

+SharePoint Server Subscription Edition Version 23H2 adds support for React version 16 and Office UI Fabric React 7, allowing developers to utilize these newer component versions in their SharePoint Framework solutions. Microsoft will continue to improve and expand the capabilities of SharePoint Framework in SharePoint Server Subscription Edition in future feature updates.

+For more information, see [SharePoint Framework development with SharePoint Server 2019 and Subscription Edition](/sharepoint/dev/spfx/sharepoint-2019-and-subscription-edition-support) and [Upgrade components in SharePoint Framework development with SharePoint Server Subscription Edition](/sharepoint/dev/spfx/sharepoint-subscription-edition-component).

+### New PowerShell cmdlets to manage feature release rings

+When Microsoft released the Version 22H2 feature update for SharePoint Server Subscription Edition, it included the concept of feature release rings to support its new evergreen experience. Feature release rings allow Microsoft to introduce new feature experiences in stages. New feature experiences that are ready for production use are typically first introduced in the **Early release** ring. Once the new feature experiences are ready for all customers to use by default, they're moved into the **Standard release** ring.

+SharePoint Server Subscription Edition farms are in the Standard release ring by default, but organizations can choose to move their SharePoint farms to Early release or Standard release at any time. Up until now, organizations could only make this choice through the Feature Release Preference page in SharePoint Central Administration. This made it challenging to configure this preference in scripted deployments.

+Microsoft now adds new PowerShell cmdlets to manage the feature release preference in the farm. Those cmdlets are:

+- Get-SPFeatureReleasePreference

+- Set-SPFeatureReleasePreference -FeatureReleaseRing {Early | Standard}

+For more information, see [Feature release rings](/sharepoint/administration/feature-release-rings).

+### Custom branding in the Suite Bar

+The SharePoint Server modern UX provides a powerful yet intuitive user interface that scales from desktop to mobile devices. However, the architecture of the modern UX limited the opportunities for organizations to apply custom branding to the Suite Bar, which is the global navigation bar that provides access to the App Launcher, contextual settings menu, and user welcome control in SharePoint sites.

+SharePoint Server Subscription Edition Version 23H2 introduces the ability for organizations to apply custom branding in the Suite Bar to better align with their branding standards. SharePoint farm administrators will be able to specify custom text, logos, hyperlinks, and color schemes in the Suite Bar that apply to all sites within a web application.

+For more information, see [Custom branding in Suite Navigation Bar](/sharepoint/sites/custom-branding-in-suite-bar).