Merge branch 'main' into docs-editor/pay-for-your-subscription-1750360306

Author: cmcatee-MSFT

copilot/copilot-tuning-admin-guide.md

@@ -32,7 +32,7 @@ To manage Copilot Tuning governance controls, make sure that you meet the follow
     - Your tenant must have at least 5,000 active Microsoft 365 Copilot add-on licenses.
     - An AI Admin must accept the EAP terms on behalf of the organization.
     > [!NOTE]
-    > If Copilot Tuning isn't available in your tenant, contact Microsoft support or your account team to request EAP provisioning.
+    > If Copilot Tuning isn't available in your tenant, contact your Microsoft Customer Success Account Manager (CSAM) to request EAP provisioning.
 - You must have one of the following roles:
     - Global Administrator
     - AI Administrator (if defined as a custom role in your organization)

microsoft-365/business-premium/m365bp-add-m365e5s.md

@@ -9,7 +9,7 @@ author: chrisda
 manager: deniseb
 audience: Admin
 ms.topic: overview
-ms.date: 03/05/2025
+ms.date: 06/18/2025
 ms.service: microsoft-365-business-security
 ms.localizationpriority: medium
 ms.collection:
@@ -25,7 +25,7 @@ f1.keywords: NOCSH
 
 - [Microsoft 365 Business Premium](m365bp-overview.md)
 
-As you probably already know, [Microsoft 365 Business Premium](m365bp-overview.md) is an excellent productivity and security solution for small and medium-sized businesses (1-300 employees). With this solution, you get:
+As you probably already know, [Microsoft 365 Business Premium](m365bp-overview.md) is an excellent productivity and security solution for small and medium-sized businesses (1-300 user accounts). With this solution, you get:
 
 - [Microsoft 365 Apps](/microsoft-365/admin/setup/install-applications) installed on your devices
 - Protection for your user accounts with [Microsoft Entra ID Plan 1](/entra/fundamentals/whatis)

microsoft-365/enterprise/PortalLaunchScheduler.md

@@ -181,6 +181,9 @@ The SharePoint Portal launch scheduler tool was originally only available via [S
 
 1. Connect to SharePoint as a [global admin or SharePoint admin](/sharepoint/sharepoint-admin-role) in Microsoft 365. To learn how, see [Getting started with SharePoint Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online).
 
+   > [!IMPORTANT]
+   > Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ### View any existing portal launch setups
 
 To see if there are existing portal launch configurations:

microsoft-365/enterprise/add-a-sharepoint-geo-admin.md

@@ -1,7 +1,7 @@
 ---
 title: "Add or remove a geo administrator"
 ms.reviewer: anfra
-ms.date: 09/27/2024
+ms.date: 06/19/2025
 ms.author: kvice
 author: kelleyvice-msft
 manager: scotv
@@ -29,6 +29,9 @@ Some services - such as the term store - are administered from the _Primary Prov
 
 Global administrators and SharePoint administrators continue to have access to settings in the _Primary Provisioned Geography_ location and all _Satellite Geography_ locations.
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ## Configuring _Geography_ administrators
 
 Configuring _Geography_ admins requires the SharePoint PowerShell module.

microsoft-365/enterprise/additional-network-security-requirements-for-office-365-gcchigh-and-dod.md

@@ -3,7 +3,7 @@ title: "Additional network security requirements for Office 365 Government Commu
 ms.author: dzazzo
 author: dzazzo-msft
 manager: dzazzo
-ms.date: 05/19/2020
+ms.date: 06/19/2025
 audience: ITPro
 ms.topic: article
 ms.service: microsoft-365-enterprise
@@ -37,30 +37,33 @@ GCC High and DOD customers planning to use federated identities or hybrid coexis
 To permit the service to communicate with your on-premises endpoints, you **must** send an email to Office 365 engineering for network changes.
 
 > [!WARNING]
-> All requests have a **three-week** SLA and cannot be expedited due to the required security and compliance controls and deployment pipelines.  This includes initial onboarding network requests as well as any changes after you have migrated to the service.  Make sure that your network teams are aware of this timeline and include it in their planning cycles.
+> All requests have a **three-week** SLA and can't be expedited due to the required security and compliance controls and deployment pipelines. This SLA includes initial onboarding network requests and any changes after you have migrated to the service. Make sure that your network teams are aware of this timeline and include it in their planning cycles.
 
-Send an email to [Office 365 Government Allow-List Requests](mailto:[email protected]) with the following information:
+Send an email to [Office 365 Government allowlist requests](mailto:[email protected]) with the following information:
 
-* **To**: [Office 365 Government Allow-List Requests](mailto:[email protected])
-* **From**: A tenant administrator - the send email **must** match a Global Administrator contact in your tenant
+* **To**: [Office 365 Government allowlist requests](mailto:[email protected])
+* **From**: A tenant administrator - the sent email **must** match a Global Administrator contact in your tenant
 * **Email subject**: Office 365 GCC High Network Request - contoso.onmicrosoft.us (replace with your tenant name)
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 The body of your message should include the following data:
 
 * Your Microsoft Online Services tenant name (for example, contoso.onmicrosoft.com, fabrikam.onmicrosoft.us)
-* An email distribution list that Microsoft communicates with for on-going communications related to network changes and/or follow up for invalid subnets
+* An email distribution list that Microsoft communicates with for ongoing communications related to network changes and/or follow up for invalid subnets
 * Indicate whether you plan to use Microsoft Teams hybrid coexistence with your on-premises deployments
 * Federated identity system externally accessible URL (for example, sts.contoso.com) and IP address range in CIDR (Classless Inter-Domain Routing) notation (for example, 10.1.1.0/28)
-* On-Premises public key infrastructure (PKI) Certificate Revocation List URL and IP address range in CIDR notation
+* On-premises public key infrastructure (PKI) Certificate Revocation List URL and IP address range in CIDR notation
 * Externally accessible URL and IP address range for Exchange Server on-premises deployment in CIDR notation
 * Externally accessible URL and IP address range for Skype for Business on-premises deployment in CIDR notation
 
 For security and compliance reasons, keep in mind the following restrictions on your request:
 
 * There's a four subnet limitation per tenant
 * Subnets must be in CIDR Notation (for example, 10.1.1.0/28)
-* Subnet ranges can’t be larger than /24
+* Subnet ranges can't be larger than /24
 * We **cannot** accommodate requests to allow access to commercial cloud services (commercial Office 365, Google G-Suite, Amazon Web Services, etc.)
 
-Once Microsoft receives and approves your request, there's a three-week service-level agreement (SLA) for implementation and can’t be expedited. You receive an initial acknowledgment when we receive your request and a final acknowledgment once it's complete.
+Once Microsoft receives and approves your request, there's a three-week service-level agreement (SLA) for implementation and can't be expedited. You receive an initial acknowledgment when we receive your request and a final acknowledgment once it's complete.
 

microsoft-365/enterprise/contoso-infra-needs.md

@@ -5,7 +5,7 @@ f1.keywords:
 - NOCSH
 ms.author: kvice
 manager: scotv
-ms.date: 09/06/2024
+ms.date: 06/19/2025
 audience: ITPro
 ms.topic: article
 ms.service: microsoft-365-enterprise
@@ -67,47 +67,29 @@ Contoso business needs fall into five main categories:
 
 ### Security
 
-- Identity and access management
+- Identity and access management: Enforce multifactor and other forms of authentication and protect user and administrator account credentials.
 
-  Enforce multifactor and other forms of authentication and protect user and administrator account credentials.
+- Threat protection: Protect against external security threats, including email and operating system-based malware.
 
-- Threat protection
+- Information protection: Lock down access to and encrypt high-value digital assets, such as customer data, design and manufacturing specifications, and employee information.
 
-  Protect against external security threats, including email and operating system-based malware.
-
-- Information protection
-
-  Lock down access to and encrypt high-value digital assets, such as customer data, design and manufacturing specifications, and employee information.
-
-- Security management
-
-  Monitor security posture and detect and respond to threats in real time.
+- Security management: Monitor security posture and detect and respond to threats in real time.
 
 ### Remote and mobile access and business partners
 
-- Improve security for remote and mobile workers
-
-  Implement bring your own device (BYOD) and company-owned device management to ensure secured access, correct application behavior, and company data protection.
+- Improve security for remote and mobile workers: Implement bring your own device (BYOD) and company-owned device management to ensure secured access, correct application behavior, and company data protection.
 
-- Reduce remote access infrastructure for employees
+- Reduce remote access infrastructure for employees: Reduce maintenance and support costs and improve performance for remote access solution by moving commonly accessed resources to the cloud.
 
-  Reduce maintenance and support costs and improve performance for remote access solution by moving commonly accessed resources to the cloud.
-
-- Provide better connectivity and lower overhead for business-to-business (B2B) transactions
-
-  Replace an aging and expensive partner extranet with a cloud-based solution that uses federated authentication.
+- Provide better connectivity and lower overhead for business-to-business (B2B) transactions: Replace an aging and expensive partner extranet with a cloud-based solution that uses federated authentication.
 
 ### Compliance
 
-- Adhere to regional regulatory requirements
-
-  Ensure compliance with industry and regional regulations for data storage, encryption, data privacy, and personal data regulations, such as the General Data Protection Regulation (GDPR) for the Europe Union.
+- Adhere to regional regulatory requirements: Ensure compliance with industry and regional regulations for data storage, encryption, data privacy, and personal data regulations, such as the General Data Protection Regulation (GDPR) for the Europe Union.
 
 ### Management
 
-- Lower IT overhead for managing software running on client PCs and devices
-
-  Automate installation of updates to the Windows operating system and Microsoft 365 Apps for enterprise across the organization.
+- Lower IT overhead for managing software running on client PCs and devices: Automate installation of updates to the Windows operating system and Microsoft 365 Apps for enterprise across the organization.
 
 ## Mapping Contoso business needs to Microsoft 365 for enterprise
 
@@ -132,7 +114,9 @@ The Contoso IT department determined the following mapping of business needs to
 |  | Adhere to regional regulatory requirements | GDPR features in Microsoft 365 |
 | Management |  |  |
 |  | Lower IT overhead for installing client updates | Windows 11 Enterprise updates <br> Microsoft 365 Apps for enterprise updates |
-||||
+
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## Next step