Merge branch 'main' into repo-health-check-Q1

Author: aditisrivastava07

.github/workflows/AutoLabelMsftContributor.yml

@@ -31,4 +31,5 @@ jobs:
           PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
         secrets:
           AccessToken: ${{ secrets.GITHUB_TOKEN }}
-          TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
+          ClientId: ${{ secrets.M365_APP_CLIENT_ID }}
+          PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}

.github/workflows/M365Endpoints.yml

@@ -0,0 +1,25 @@
+name: (Scheduled) Stale branch removal
+
+permissions:
+  contents: write
+      
+on:
+  schedule:
+    - cron: "0 */12 * * *"
+
+  workflow_dispatch:
+  
+
+jobs:
+
+  stale-branch:
+    uses: MicrosoftDocs/max-cpub-test/.github/workflows/Shared-StaleBranch.yml@main
+    with:
+        PayloadJson: ${{ toJSON(github) }}
+        RepoBranchSkipList: '[
+                              "ExampleBranch1",
+                              "ExampleBranch2"
+                             ]'
+        ReportOnly: true
+    secrets:
+        AccessToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/StaleBranch.yml

@@ -1315,6 +1315,11 @@
        "redirect_url": "/microsoft-365/admin/support-contact-info",
        "redirect_document_id": false
      },
+     {
+      "source_path": "microsoft-365/admin/support-contact-info.md",
+      "redirect_url": "https://support.microsoft.com/topic/customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2#ID0EBBD=signinorgid",
+      "redirect_document_id": false
+     },
      {
        "source_path": "microsoft-365/admin/misc/sign-up-for-online-services.md",
        "redirect_url": "/microsoft-365/admin/misc/remove-a-domain-from-another-account",
@@ -2204,6 +2209,16 @@
                 "source_path": "microsoft-365/admin/misc/admin-controls-profile-videos.md",
                 "redirect_url": "/microsoft-365/admin/add-users/change-user-profile-photos.md",
                 "redirect_document_id": false
-                }
+                },
+                {
+                  "source_path": "microsoft-365/admin/manage/change-contact-preferences.md",
+                  "redirect_url": "/microsoft-365/admin/manage/change-address-contact-and-more",
+                  "redirect_document_id": false
+                  },
+                  {
+                    "source_path": "microsoft-365/admin/manage/use-qr-code-download-outlook.md",
+                    "redirect_url": "https://go.microsoft.com/fwlink/?linkid=2309759",
+                    "redirect_document_id": false
+                    }
    ]
  }

.openpublishing.redirection.admin.json

@@ -1424,6 +1424,11 @@
       "source_path": "microsoft-365/enterprise/tune-microsoft-365-performance.md",
       "redirect_url": "/microsoft-365/enterprise/index",
       "redirect_document_id": false
+   },
+   {
+      "source_path": "microsoft-365/enterprise/contoso-win10.md",
+      "redirect_url": "/microsoft-365/enterprise/contoso-win11",
+      "redirect_document_id": false
    }
   ]
 }

.openpublishing.redirection.enterprise.json

@@ -15,11 +15,6 @@
          "redirect_url":"/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview",
          "redirect_document_id":false
       },
-      {
-         "source_path":"microsoft-365/lighthouse/m365-lighthouse-create-customer-report.md",
-         "redirect_url":"/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview",
-         "redirect_document_id":false
-      },
       {
          "source_path":"microsoft-365/lighthouse/m365-lighthouse-get-access-to-sales-advisor.md",
          "redirect_url":"/microsoft-365/lighthouse/m365-lighthouse-sales-advisor-overview",

.openpublishing.redirection.lighthouse.json

@@ -44,6 +44,16 @@ items:
       href: copilot-prompt-gallery.md
     - name: Adoption resources
       href: microsoft-365-copilot-enablement-resources.md
+- name: Pay-as-you-go for Microsoft 365 Copilot
+  items:
+    - name: Microsoft 365 Copilot pay-as-you-go overview
+      href: pay-as-you-go/overview.md
+    - name: Set up pay-as-you-go for Microsoft 365 Copilot Chat
+      href: pay-as-you-go/setup.md
+    - name: Meters for Microsoft 365 Copilot Chat pay-as-you-go
+      href: pay-as-you-go/meters.md
+    - name: View costs and billing for Microsoft 365 Copilot Chat pay-as-you-go
+      href: pay-as-you-go/view-cost.md
 - name: Manage Microsoft 365 Copilot
   items:
     - name: Manage Microsoft 365 Copilot scenarios 

copilot/TOC.yml

@@ -13,7 +13,7 @@ ms.collection:
 - m365copilot
 - magic-ai-copilot
 hideEdit: true
-ms.date: 02/25/2025
+ms.date: 03/13/2025
 ---
 
 # Enterprise data protection in Microsoft 365 Copilot and Microsoft 365 Copilot Chat
@@ -32,7 +32,7 @@ Use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat involves prompts (en
 
 - **We secure your data:** We help protect your data with [encryption](/purview/office-365-encryption-in-the-microsoft-cloud-overview) at rest and in transit, rigorous physical security controls, and data [isolation](/compliance/assurance/assurance-microsoft-365-isolation-controls) between tenants.
 
-- **Your data is private:** We won’t use your data except as you instruct. Our commitments to [privacy](https://www.microsoft.com/trust-center/privacy) include support for [GDPR](/compliance/regulatory/gdpr), [ISO/IEC 27018](/compliance/regulatory/offering-ISO-27018), and our [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
+- **Your data is private:** We won’t use your data except as you instruct. Our commitments to [privacy](https://www.microsoft.com/trust-center/privacy) include support for [GDPR](/compliance/regulatory/gdpr), the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn)<sup>[3]</sup>, [ISO/IEC 27018](/compliance/regulatory/offering-ISO-27018), and our [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
 
 - **Your access controls and policies apply to Copilot:** Copilot respects your [identity model](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-protect-organizational-data) and [permissions](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-use-your-proprietary-organizational-data), inherits your [sensitivity labels](/purview/sensitivity-labels#sensitivity-labels-and-microsoft-365-copilot), applies your [retention](/purview/retention-policies-copilot) policies, supports [audit](/purview/audit-search?tabs=microsoft-purview-portal) of interactions, and follows your administrative settings. The specific controls and policies will vary depending on the underlying subscription plan.
 
@@ -57,7 +57,7 @@ In addition to prompts and responses, web search queries (different from Microso
 
 - The Bing search service operates separately from Microsoft 365 and has different data-handling practices covered by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) between each user and Microsoft, together with the [Microsoft Privacy Statement](https://www.microsoft.com/privacy/privacystatement). The means that Microsoft acts as an independent data controller responsible for complying with all applicable laws and controller obligations. This approach is consistent with other [optional connected experiences that rely on Bing](/microsoft-365-apps/privacy/optional-connected-experiences#experiences-that-rely-on-bing).  
 
-- [Learn more about data, privacy, and security of web queries in Microsoft 365 Copilot and Microsoft 365 Copilot Chat](manage-public-web-access.md)
+- The [Product Terms](https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all) provide additional commitments about the web queries sent to the Bing search service. For more information, see [Data, privacy, and security for web search in Microsoft 365 Copilot and Microsoft 365 Copilot Chat](manage-public-web-access.md#how-microsoft-handles-generated-search-queries).
 
 ## Agents in Microsoft 365 Copilot
 
@@ -67,4 +67,6 @@ When you’re using agents in Microsoft 365 Copilot, check the privacy statement
 
 <sup>[1]</sup> The specific controls will vary depending on a customer's Microsoft subscription plans.
 
-<sup>[2]</sup> Microsoft 365 Copilot and Microsoft 365 Copilot Chat support HIPAA compliance for properly configured implementations. HIPAA compliance doesn't apply to web search queries as they aren't covered by the DPA and BAA.
+<sup>[2]</sup> Microsoft 365 Copilot and Microsoft 365 Copilot Chat support HIPAA compliance for properly configured implementations. HIPAA compliance doesn't apply to web search queries as they aren't covered by the DPA and BAA.
+
+<sup>[3]</sup> The EU Data Boundary doesn’t apply to web search queries.

copilot/enterprise-data-protection.md

@@ -0,0 +1,24 @@
+---
+author: MandiOhlinger
+ms.author: mandia
+manager: laurawi
+ms.reviewer: cabailey
+ms.service: microsoft-365-copilot
+ms.topic: include
+description: Create default Microsoft Purview sensitivity labels for Microsoft 365 Copilot.
+ms.date: 03/06/2025
+---
+
+1. Sign into the [Microsoft Purview portal](https://purview.microsoft.com/) as an admin in one of the groups listed at [Sensitivity labels - permissions](/purview/get-started-with-sensitivity-labels#permissions-required-to-create-and-manage-sensitivity-labels).
+
+2. Select **Solutions** > **DSPM for AI** > **Overview**.
+3. In the **Recommendations** section, select **Information Protection Policy for Sensitivity Labels**. This step creates the default labels and their policies.
+4. To see or edit the default labels, or to create your own labels, select **Information protection** > **Sensitivity labels**. You might have to select **Refresh**.
+
+When you have the default sensitivity labels:
+
+- The labels help protect your data and can affect Copilot results.
+- Your users can start manually applying published labels to their files and emails.
+- Admins can start creating policies and configuring features that automatically apply labels to files and emails.
+
+At any time, you can create your own sensitivity labels. To learn more, see [Create and configure sensitivity labels and their policies](/purview/create-sensitivity-labels).

copilot/includes/copilot-e5-e3-create-default-sensitivity-labels.md

@@ -0,0 +1,28 @@
+---
+author: MandiOhlinger
+ms.author: mandia
+manager: laurawi
+ms.reviewer: cabailey
+ms.service: microsoft-365-copilot
+ms.topic: include
+description: Enable and configure sensitivity labels for containers that affect Microsoft 365 Copilot.
+ms.date: 03/06/2025
+---
+
+Instead, the label settings can restrict access to the container. This restriction provides an extra layer of security when you use Copilot. If a user can't access the site or workspace, Copilot can't access it on behalf of that user.
+
+For example, you can set the privacy setting to **Private**, which restricts site access to only approved members in your organization. When the label is applied to the site, it replaces any previous setting and locks the site for as long as the label is applied. This feature is a more secure setting than letting anybody access the site and allowing users to change the setting. When only approved members can access the data, it helps prevent oversharing of data that Copilot might access.
+
+To configure any label settings for groups and sites, you must enable this feature in your tenant and then synchronize your labels. This configuration is a one-time configuration and uses PowerShell. To learn more, see [How to enable sensitivity labels for containers and synchronize labels](/purview/sensitivity-labels-teams-groups-sites#how-to-enable-sensitivity-labels-for-containers-and-synchronize-labels).
+
+You can then edit your sensitivity labels, or create new sensitivity labels specifically for groups and sites:
+
+1. For the sensitivity label scope, select **Groups & sites**. Remember, you must have already run the PowerShell commands. If you didn't, you can't select this scope.
+
+    To learn more, see [How to enable sensitivity labels for containers and synchronize labels](/purview/sensitivity-labels-teams-groups-sites#how-to-enable-sensitivity-labels-for-containers-and-synchronize-labels).
+
+2. Select the groupings of settings to configure. Some of the settings have backend dependencies before they can be enforced, like Conditional Access that must be already configured. The privacy setting, which is included in **Privacy and external user access settings**, doesn't have any backend dependencies.
+
+3. Configure the settings you want to use and save your changes.
+
+For more information, including details of all the available label settings that you can configure for groups and sites, see [Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/purview/sensitivity-labels-teams-groups-sites).