Merge pull request #28858 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 34c80336fb90 · 2025-07-03T03:00:20.000Z
[AutoPublish] main to live - 07/02 19:58 PDT | 07/03 08:28 IST
diff --git a/microsoft-365/enterprise/TOC.yml b/microsoft-365/enterprise/TOC.yml
@@ -10,16 +10,16 @@ items:
       href: networking-roadmap-microsoft-365.md
     - name: Plan
       items: 
-        - name: Implications when using network intermediation to decrypt or manipulate
-            Microsoft 365 traffic
-          href: network-intermediation.md
-          displayName: TLS, SSL, inspection, break and inspect, decrypt, inspect, network inspection
         - name: Microsoft 365 networking connectivity overview
           href: microsoft-365-networking-overview.md
         - name: Microsoft 365 network connectivity principles
           href: microsoft-365-network-connectivity-principles.md
         - name: Assessing Microsoft 365 network connectivity
           href: assessing-network-connectivity.md
+        - name: Implications when using network intermediation to decrypt or manipulate
+            Microsoft 365 traffic
+          href: network-intermediation.md
+          displayName: TLS, SSL, inspection, break and inspect, decrypt, inspect, network inspection
         - name: Plan for network devices that connect to Microsoft 365 services
           href: plan-for-network-devices.md
         - name: Network and migration planning for Microsoft 365
diff --git a/microsoft-365/enterprise/network-intermediation.md b/microsoft-365/enterprise/network-intermediation.md
@@ -50,7 +50,7 @@ Manipulating Microsoft 365 traffic typically means using a proxy or firewall to
 
 1. __Don’t Undermine Performance & Innovation:__ __Microsoft engineers continually improve Microsoft 365’s protocols__ (e.g. moving from HTTP/2 to HTTP/3 (QUIC), enabling modern TLS features, using WebSockets for live services). If you intercept traffic, you often force the system to fall back to older, slower protocols. For instance, QUIC (HTTP/3) normally speeds up data transfer; an inspecting proxy that doesn’t understand QUIC will prevent its use, degrading performance to legacy HTTP/1.1 or 2. Similarly, WebSocket connections used by apps like Copilot may be blocked or broken by deep inspection, disabling key functionality. In short, inspecting Microsoft 365 traffic can negate years of performance innovation, leaving users with a slower, legacy experience.
 
-1. __New Unified Domains = Known Good Traffic__: Microsoft 365 is consolidating services under dedicated domains like *.cloud.microsoft (for core services), *.static.microsoft (for static content), and *.usercontent.microsoft. Everything on these domains is controlled by Microsoft and requires authentication. This means your network can reliably trust traffic to these domains – it’s not "unknown" internet traffic, but Microsoft’s own cloud. The unified domain effort (drastically reducing the number of endpoints) is specifically to help customers stop treating Microsoft 365 traffic like a risk. If the traffic is headed to *.cloud.microsoft, you can be confident it’s legitimate Microsoft 365 data and not a risky third-party site. Decrypting and inspecting such traffic provides virtually no security gain – it’s already Microsoft-managed, encrypted, and authenticated – but does add latency and potential breakage.
+1. __New Unified Domains = Known Good Traffic__: Microsoft 365 is consolidating services under dedicated domains like *.cloud.microsoft (for core services), *.static.microsoft (for static content), and *.usercontent.microsoft. The unified domain effort (drastically reducing the number of endpoints) is specifically to help customers stop treating Microsoft 365 traffic like a risk. If the traffic is headed to *.cloud.microsoft, you can be confident it’s legitimate Microsoft 365 data and not a risky third-party site. Decrypting and inspecting such traffic provides virtually no security gain – it’s already Microsoft-managed, encrypted, and authenticated – but does add latency and potential breakage.
 
 1. __No Lasting Value – Use Built-in Security:__ Microsoft 365 includes extensive, native security features (encryptions, threat detection, data loss prevention, etc.) engineered for its traffic. Inserting your own inspection layer usually duplicates these controls or, worse, interferes with them. There's little long-term benefit to these inspections. In fact, maintaining complex proxy rulesets for Microsoft 365’s ever-updating endpoints is a heavy burden (endpoints can change weekly). It’s far more effective to leverage trust in Microsoft’s cloud security and focus your inspection devices on truly unknown external traffic. As Microsoft bluntly states: there’s no durable value in decrypting Microsoft 365 traffic – it only adds cost and complexity for customers, without appreciable security improvement.
 
diff --git a/microsoft-365/loop/cpcn-compliance-summary.md b/microsoft-365/loop/cpcn-compliance-summary.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 06/10/2025
+ms.date: 07/02/2025
 title: "Summary of governance, lifecycle, and compliance capabilities for Copilot Pages and Copilot Notebooks"
 ms.reviewer: dancost, tonchan
 ms.author: jenz
@@ -90,7 +90,7 @@ As a Compliance Manager or IT administrator, it's crucial to stay up-to-date on
 ## Microsoft 365 retention and deletion
 
 - **[Retention policies](/purview/create-retention-policies?tabs=other-retention)** from Microsoft Purview Data Lifecycle Management configured for all SharePoint sites are enforced for all Copilot Pages and Copilot Notebooks.
-  - For more information on how to configure specific Copilot Notebooks, see [Purview and SharePoint Embedded](cpcn-loop-spe-management.md#purview-and-sharepoint-embedded)
+  - For more information on how to configure specific Copilot Notebooks, see [Purview and SharePoint Embedded](cpcn-loop-purview-management.md)
 
 - **[Retention labels](/purview/retention#retention-labels)** from Microsoft Purview Data Lifecycle Management and Microsoft Purview Records Management are supported for Copilot Pages (.loop files) and Copilot Pages in Copilot Notebooks by [applying published labels](/purview/create-apply-retention-labels?tabs=spo-onedrive) in OneDrive or SharePoint, or [automatically applying](/purview/apply-retention-labels-automatically) the labels. There's limited support for manually applying retention labels.
   - Retention labels cannot be viewed or applied directly from a Copilot Page. Instead, the user must [navigate to the Copilot Page within the Loop app](/purview/create-apply-retention-labels?tabs=loop%2Cdefault-label-for-sharepoint#manually-apply-retention-labels) to view or apply a retention label on a Copilot Page.
@@ -111,4 +111,5 @@ As a Compliance Manager or IT administrator, it's crucial to stay up-to-date on
 - [Permissions](cpcn-loop-permission.md)
 - [Admin toggles](cpcn-admin-configuration.md)
 - [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Overview of Loop components in Microsoft 365](loop-components-teams.md)
diff --git a/microsoft-365/loop/cpcn-loop-permission.md b/microsoft-365/loop/cpcn-loop-permission.md
@@ -7,7 +7,7 @@ audience: Admin
 ms.topic: article
 ms.service: loop
 ms.reviewer: michalbr, dancost
-ms.date: 06/03/2025
+ms.date: 07/02/2025
 ms.localizationpriority: medium
 search.appverid: MET150
 ms.collection: 
@@ -91,6 +91,7 @@ Microsoft 365 group-owned Loop workspaces, which are [created within a Teams cha
 - [Copilot Pages and Notebooks Storage](cpcn-storage.md)
 - [Copilot Pages and Notebooks Admin toggles](cpcn-admin-configuration.md)
 - [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Loop, Summary of Compliance, Lifecycle, Governance](cpcn-compliance-summary.md)
 - [Loop Storage](cpcn-storage.md)
 - [Loop Admin toggles](loop-admin-configuration.md)
diff --git a/microsoft-365/loop/cpcn-loop-purview-management.md b/microsoft-365/loop/cpcn-loop-purview-management.md
@@ -0,0 +1,92 @@
+---
+ms.date: 07/02/2025
+title: "Manage SharePoint Embedded containers in Purview for Copilot Notebooks, Copilot Pages, or Loop workspaces"
+ms.reviewer: dancost, tonchan, abisuresh
+ms.author: jenz
+author: jenzamora
+manager: jtremper
+recommendations: true
+audience: Admin
+f1.keywords:
+- NOCSH
+ms.service: loop
+ms.localizationpriority: medium
+ms.topic: concept-article
+ms.collection:
+- Strat_SP_admin
+- Microsoft 365-collaboration
+- Tier3
+- essentials-compliance
+- magic-ai-copilot
+search.appverid:
+- SPO160
+- MET150
+description: "Learn about Purview integration of SharePoint Embedded containers for Copilot Notebooks, Copilot Pages, or Loop workspaces."
+---
+
+# Purview integration of SharePoint Embedded containers for Copilot Notebooks, Copilot Pages, or Loop workspaces
+
+All SharePoint Embedded containers are targeted using the "All SharePoint Sites" scope in Microsoft Purview. For example, if configuring Retention Policies, the configuration you specify that targets All SharePoint Sites applies to every Copilot Pages and Copilot Notebooks container in SharePoint Embedded, and every Loop workspace in SharePoint Embedded. All SharePoint Sites includes all SharePoint Embedded container ownership types: user, group, and tenant-owned.
+
+## Retrieving the Container URL for Purview
+
+If you need to specify an the Copilot Pages and Copilot Notebooks container, or a specific Loop workspace container for a retention policy or another compliance feature, specify the workspace as you would a SharePoint site, by its URL. To locate this URL:
+
+1. Sign in to the SharePoint admin center with the [SharePoint Embedded administrator role](/sharepoint/dev/embedded/concepts/admin-exp/adminrole)
+1. Navigate to **Containers** > **Active containers** or **Deleted containers** where you can view the details of a selected Loop workspace or Copilot Pages and Copilot Notebooks container
+1. From the flyout pane, **General** tab
+1. Copy the container URL
+
+## Searching the Audit Logs
+
+These are the Loop application IDs:
+
+- Loop Web Application ID: `a187e399-0c36-4b98-8f04-1edc167a0996`
+- Loop Mobile Application ID: `0922ef46-e1b9-4f7e-9134-9ad00547eb41`
+- Copilot Pages and Copilot Notebooks containers are created using the Loop Application IDs.
+
+### Search and Export
+
+To search and export Microsoft 365 service events for all file related activity:
+
+1. In the [Purview audit logs search](https://purview.microsoft.com/auditlogsearch), search audit logs for "page" or "loop" or "loot" or "fluid" or for the Loop Application IDs in the **Keyword Search** filter
+1. Further filter exported results by "SourceFileExtension":"page" or "SourceFileExtension":"loop" or "SourceFileExtension":"loot" (templates) or "SourceFileExtension":"fluid" (deprecated)
+
+Loop workspaces create and update .pod files to manage content in the workspace.
+
+### Specific Loop workspace or Copilot Notebook
+
+To search for audit events related to a specific Loop workspace or a Copilot Pages and Copilot Notebooks container, follow these steps:
+
+1. [Retrieve the container URL](#retrieving-the-container-url-for-purview) for the Loop workspace or Copilot Notebook you want to audit.
+2. In the [Purview audit logs search](https://purview.microsoft.com/auditlogsearch), use the following filters:
+    - **File, folder, or site**: Enter the full container URL and append `/*` to include all file and container audit events.  
+      - Example: `https://<your-tenant>.sharepoint.com/contentstorage/CSP_c33f9fa3-9cbe-4fac-ba1f-b8eeb9c30e23/*`
+    - **Keyword Search**: To find all audit events related to the container, extract the GUID from the container URL and enter it in the Keyword Search filter.  
+      - In the example above, the GUID is `c33f9fa3-9cbe-4fac-ba1f-b8eeb9c30e23`.
+
+This approach ensures you capture all relevant audit events for the selected Loop workspace or the Copilot Pages and Copilot Notebooks container.
+
+<!--
+potential future examples
+- find all accessed or downloaded documents
+- find all edited items within a specific timeframe
+- find all keyword-based search queries
+-->
+
+<!--
+## eDiscovery export
+-->
+
+## Related articles
+
+- [Summary of Compliance, Lifecycle, Governance](cpcn-compliance-summary.md)
+- [Configuration Requirements](cpcn-loop-requirements.md)
+- [Copilot Pages and Notebooks Storage](cpcn-storage.md)
+- [Permissions](cpcn-loop-permission.md)
+- [Copilot Pages and Notebooks Admin toggles](cpcn-admin-configuration.md)
+- [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Loop Storage](cpcn-storage.md)
+- [Loop Admin toggles](loop-admin-configuration.md)
+- [UX examples for admin toggle states](loop-ux-examples.md)
+- [Overview of Loop components in Microsoft 365](loop-components-teams.md)
diff --git a/microsoft-365/loop/cpcn-loop-requirements.md b/microsoft-365/loop/cpcn-loop-requirements.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 06/10/2025
+ms.date: 07/02/2025
 title: "Manage Copilot Pages, Copilot Notebooks, and Loop components in your organization"
 ms.reviewer: dancost, tonchan
 ms.author: jenz
@@ -63,6 +63,7 @@ To utilize all features, including at mentions and Loop workspace sharing, it's
 - [Permissions](cpcn-loop-permission.md)
 - [Copilot Pages and Notebooks Admin toggles](cpcn-admin-configuration.md)
 - [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Loop Summary of Compliance, Lifecycle, Governance](cpcn-compliance-summary.md)
 - [Loop Storage](cpcn-storage.md)
 - [Loop Admin toggles](loop-admin-configuration.md)
diff --git a/microsoft-365/loop/cpcn-loop-spe-management.md b/microsoft-365/loop/cpcn-loop-spe-management.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 06/10/2025
+ms.date: 07/02/2025
 title: "Manage SharePoint Embedded containers for Copilot Notebooks, Copilot Pages, or Loop workspaces"
 ms.reviewer: dancost, tonchan
 ms.author: jenz
@@ -26,7 +26,7 @@ description: "Learn about managing SharePoint Embedded containers for Copilot No
 
 # Manage SharePoint Embedded containers for Copilot Notebooks, Copilot Pages, or Loop workspaces
 
-IT admins can manage SharePoint Embedded containers like they manage SharePoint sites using either [SharePoint Admin Center](/sharepoint/dev/embedded/concepts/admin-exp/consuming-tenant-admin/ctaux) or [PowerShell](/sharepoint/dev/embedded/concepts/admin-exp/consuming-tenant-admin/ctapowershell), with the appropriate [SharePoint Embedded administrator role](/sharepoint/dev/embedded/concepts/admin-exp/adminrole). Install the [latest version of SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). Storage and quota are combined with SharePoint in your organization. Use the Loop application IDs to filter to Loop in PowerShell and Audit Logs:
+IT admins can manage SharePoint Embedded containers like they manage SharePoint sites using either [SharePoint Admin Center](/sharepoint/dev/embedded/concepts/admin-exp/consuming-tenant-admin/ctaux) or [PowerShell](/sharepoint/dev/embedded/concepts/admin-exp/consuming-tenant-admin/ctapowershell), with the appropriate [SharePoint Embedded administrator role](/sharepoint/dev/embedded/concepts/admin-exp/adminrole). Install the [latest version of SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). Storage and quota are combined with SharePoint in your organization. Use the Loop application IDs to filter to Loop containers in PowerShell:
 
 - Loop Web Application ID: `a187e399-0c36-4b98-8f04-1edc167a0996`
 - Loop Mobile Application ID: `0922ef46-e1b9-4f7e-9134-9ad00547eb41`
@@ -44,27 +44,14 @@ To get a list of all of user-owned containers in your organization, regardless o
 Get-SPOContainer -OwningApplicationId 'a187e399-0c36-4b98-8f04-1edc167a0996' | WHERE OwnershipType -EQ 'UserOwned' | FT
 ```
 
-## Purview and SharePoint Embedded
-
-All SharePoint Embedded containers are targeted using the "All SharePoint Sites" scope in Microsoft Purview. For example, if configuring Retention Policies, the configuration you specify that targets All SharePoint Sites applies to every Copilot Pages and Copilot Notebooks container in SharePoint Embedded, and every Loop workspace in SharePoint Embedded. All SharePoint Sites includes all SharePoint Embedded container ownership types: user, group, and tenant-owned.
-
-### Retrieving the Container URL for Purview
-
-If you need to specify an individual Copilot Notebook, the Copilot Pages container, or a specific Loop workspace container for a retention policy or another compliance feature, specify the workspace as you would a SharePoint site, by its URL. To locate this URL:
-
-1. Sign in to the SharePoint admin center with the [SharePoint Embedded administrator role](/sharepoint/dev/embedded/concepts/admin-exp/adminrole)
-1. Navigate to **Containers** > **Active containers** or **Deleted containers** where you can view the details of a selected Loop workspace or Copilot Pages and Copilot Notebooks container
-1. From the flyout pane, **General** tab
-1. Copy the container URL
-
 ## Related articles
 
 - [Summary of Compliance, Lifecycle, Governance](cpcn-compliance-summary.md)
 - [Configuration Requirements](cpcn-loop-requirements.md)
 - [Copilot Pages and Notebooks Storage](cpcn-storage.md)
 - [Permissions](cpcn-loop-permission.md)
 - [Copilot Pages and Notebooks Admin toggles](cpcn-admin-configuration.md)
-- [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Loop Storage](cpcn-storage.md)
 - [Loop Admin toggles](loop-admin-configuration.md)
 - [UX examples for admin toggle states](loop-ux-examples.md)
diff --git a/microsoft-365/loop/cpcn-storage.md b/microsoft-365/loop/cpcn-storage.md
@@ -7,7 +7,7 @@ audience: Admin
 ms.topic: article
 ms.service: loop
 ms.reviewer: michalbr, dancost
-ms.date: 06/10/2025
+ms.date: 07/02/2025
 ms.localizationpriority: medium
 search.appverid: MET150
 ms.collection: 
@@ -77,4 +77,5 @@ Copilot Pages + Copilot Notebooks container has a maximum size of 25 TB. This li
 - [Permissions](cpcn-loop-permission.md)
 - [Admin toggles](cpcn-admin-configuration.md)
 - [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Overview of Loop components in Microsoft 365](loop-components-teams.md)
diff --git a/microsoft-365/loop/loop-admin-configuration.md b/microsoft-365/loop/loop-admin-configuration.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 06/10/2025
+ms.date: 07/02/2025
 title: "Manage Loop in your organization"
 ms.reviewer: dancost, tonchan
 ms.author: jenz
@@ -199,6 +199,7 @@ To disable Loop components in Teams, run `Set-SPOTenant -IsLoopEnabled $false`.
 - [Permissions](cpcn-loop-permission.md)
 - [UX examples for admin toggle states](loop-ux-examples.md)
 - [Managing SharePoint Embedded containers](cpcn-loop-spe-management.md)
+- [Purview and SharePoint Embedded containers](cpcn-loop-purview-management.md)
 - [Overview of Loop components in Microsoft 365](loop-components-teams.md)
 - [Use Loop components in Outlook](https://support.microsoft.com/office/9b47c279-011d-4042-bd7f-8bbfca0cb136)
 - [Use Loop components in OneNote](https://support.microsoft.com/office/use-loop-components-in-onenote-ed8a43d9-f6fd-4ad6-bc9d-8841db4da459)
diff --git a/microsoft-365/loop/loop-compliance-summary.md b/microsoft-365/loop/loop-compliance-summary.md
diff --git a/microsoft-365/loop/loop-storage.md b/microsoft-365/loop/loop-storage.md
diff --git a/microsoft-365/loop/loop-ux-examples.md b/microsoft-365/loop/loop-ux-examples.md
