Merge pull request #21250 from MicrosoftDocs/chrisda

Chrisda to Main

Author: chrisda

microsoft-365/enterprise/administering-exchange-online-multi-geo.md

@@ -1,7 +1,7 @@
 ---
 title: "Administering Exchange Online mailboxes in a multi-geo environment"
 ms.reviewer: adwood
-ms.date: 6/20/2023
+ms.date: 6/29/2023
 ms.author: chrisda
 author: chrisda
 manager: serdars
@@ -19,7 +19,7 @@ description: Learn how to administer Exchange Online multi-geo settings in your
 
 Exchange Online PowerShell is required to view and configure multi geo properties in your Microsoft 365 environment. To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
 
-You need the [Microsoft Azure Active Directory PowerShell Module](https://social.technet.microsoft.com/wiki/contents/articles/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx) v1.1.166.0 or later in v1.x to see the **PreferredDataLocation** property on user objects. User objects that are synchronized via Azure Active Direct Connect into Microsoft Azure Active Directory (Azure AD) have their **PreferredDataLocation** value directly modified via Azure AD PowerShell. Cloud-only user objects can be modified via Azure AD PowerShell. To connect to Azure AD PowerShell, see [Connect to PowerShell](connect-to-microsoft-365-powershell.md).
+You need the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation) to see the **PreferredDataLocation** property on user objects. User objects that are synchronized via Azure Active Direct Connect into Microsoft Azure Active Directory (Azure AD) have their **PreferredDataLocation** value directly. Admins can manually modify cloud-only user objects via Microsoft Graph PowerShell as described in this article. To connect to Microsoft Graph PowerShell, see [Sign in to Microsoft Graph PowerShell](/powershell/microsoftgraph/get-started#sign-in).
 
 In Exchange Online multi-geo environments, you don't need to do any manual steps to add geo locations to your tenant. After you receive the Message Center post that says multi-geo is ready for Exchange Online, all available geo locations are ready and configured for you to use.
 
@@ -74,9 +74,7 @@ Get-OrganizationConfig | Select DefaultMailboxRegion
 The **Get-Mailbox** cmdlet in Exchange Online PowerShell displays the following multi-geo related properties on mailboxes:
 
 - **Database**: The first three letters of the database name correspond to the geo code, which tells you where the mailbox is currently located. For Online Archive Mailboxes the **ArchiveDatabase** property should be used.
-
 - **MailboxRegion**: Specifies the geo location code that was set by the admin (synchronized from **PreferredDataLocation** in Azure AD).
-
 - **MailboxRegionLastUpdateTime**: Indicates when MailboxRegion was last updated (either automatically or manually).
 
 To see these properties for a mailbox, use the following syntax:
@@ -104,31 +102,27 @@ MailboxRegionLastUpdateTime : 2/6/2023 8:21:01 PM
 
 ## Move an existing cloud-only mailbox to a specific geo location
 
-A cloud-only user (a user created directly in Azure AD) is a user that's not synchronized to the tenant via Azure AD Connect. Use the **Get-MsolUser** and **Set-MsolUser** cmdlets in the Azure AD Module for Windows PowerShell to view or specify the geo location where a cloud-only user's mailbox is stored.
+A cloud-only user (a user created directly in Azure AD) is a user that's not synchronized to the tenant via Azure AD Connect. Use the **Get-MgUser** and **Set-MgUser** cmdlets in Microsoft Graph PowerShell to view or specify the geo location where a cloud-only user's mailbox is stored.
 
-To view the **PreferredDataLocation** value for a user, use this syntax in Azure AD PowerShell:
+To view the **PreferredDataLocation** value for users, run the following command in Microsoft Graph PowerShell:
 
 ```powershell
-Get-MsolUser -UserPrincipalName <UserPrincipalName> | Format-List UserPrincipalName,PreferredDataLocation
+Get-MgUser -All -Property PreferredDataLocation,ID,UserPrincipalName| Format-Table PreferredDataLocation,ID,UserPrincipalName -AutoSize
 ```
 
-For example, to see the **PreferredDataLocation** value for the user [email protected], run the following command:
+Use the ID value from the previous command to modify the **PreferredDataLocation** value for a cloud-only user object:
 
 ```powershell
-Get-MsolUser -UserPrincipalName [email protected] | Format-List
+Update-MgUser -UserId <ID> -PreferredDataLocation <GeoLocationCode>
 ```
 
-To modify the **PreferredDataLocation** value for a cloud-only user object, use the following syntax in Azure AD PowerShell:
+For example, to set the **PreferredDataLocation** value to the European Union (EUR) geo for the specified ID, run the following command:
 
 ```powershell
-Set-MsolUser -UserPrincipalName <UserPrincipalName> -PreferredDataLocation <GeoLocationCode>
+Update-MgUser -UserId dba12422-ac75-486a-a960-cd7cb3f6963f -PreferredDataLocation EUR
 ```
 
-For example, to set the **PreferredDataLocation** value to the European Union (EUR) geo for the user [email protected], run the following command:
-
-```powershell
-Set-MsolUser -UserPrincipalName [email protected] -PreferredDataLocation EUR
-```
+For detailed syntax and parameter information, see [Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) and [Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser).
 
 > [!NOTE]
 >
@@ -175,27 +169,31 @@ To create a new mailbox in a specific geo location, you need to do either of the
 - Configure the **PreferredDataLocation** value as described in the previous [Move an existing cloud-only mailbox to a specific geo location](#move-an-existing-cloud-only-mailbox-to-a-specific-geo-location) section *before* you create the mailbox in Exchange Online. For example, configure the **PreferredDataLocation** value on a user before you assign a license.
 - Assign a license at the same time you set the **PreferredDataLocation** value.
 
-To create a new cloud-only licensed user (not Azure AD Connect synchronized) in a specific geo location, use the following syntax in Azure AD PowerShell:
+To create a new cloud-only licensed user (not Azure AD Connect synchronized) in a specific geo location, use the following syntax in Microsoft Graph PowerShell:
 
 ```powershell
-New-MsolUser -UserPrincipalName <UserPrincipalName> -DisplayName "<Display Name>" [-FirstName <FirstName>] [-LastName <LastName>] [-Password <Password>] [-LicenseAssignment <AccountSkuId>] -PreferredDataLocation <GeoLocationCode>
+$PasswordProfile = @{Password = '<Password>'}
+
+New-MgUser -DisplayName "<Display Name>" -AccountEnabled -MailNickName <Alias> -UserPrincipalName <Alias>@<domain> -PasswordProfile $PasswordProfile [-GivenName <FirstName>] [-SurName <LastName>] -PreferredDataLocation <GeoLocationCode>
 ```
 
 This example creates a new user account for Elizabeth Brunner with the following values:
 
+- Display name: Elizabeth Brunner
+- Alias: ebrunner
 - User principal name: [email protected]
+- Password: xWwvJ]6NMw+bWH-d
 - First name: Elizabeth
 - Last name: Brunner
-- Display name: Elizabeth Brunner
-- Password: randomly generated and shown in the results of the command (because we're not using the *Password* parameter)
-- License: `contoso:ENTERPRISEPREMIUM` (E5)
 - Location: Australia (AUS)
 
 ```powershell
-New-MsolUser -UserPrincipalName [email protected] -DisplayName "Elizabeth Brunner" -FirstName Elizabeth -LastName Brunner -LicenseAssignment contoso:ENTERPRISEPREMIUM -PreferredDataLocation AUS
+$PasswordProfile = @{Password = 'xWwvJ]6NMw+bWH-d'}
+
+New-MgUser -DisplayName "Elizabeth Brunner" -AccountEnabled -MailNickName ebrunner -UserPrincipalName [email protected] -PasswordProfile $PasswordProfile -GivenName Elizabeth -SurName Brunner -PreferredDataLocation AUS
 ```
 
-For more information about creating new user accounts and finding LicenseAssignment values in Azure AD PowerShell, see [Create user accounts with PowerShell](create-user-accounts-with-microsoft-365-powershell.md) and [View licenses and services with PowerShell](view-licenses-and-services-with-microsoft-365-powershell.md).
+For detailed syntax and parameter information, see [New-MgUser](/powershell/module/microsoft.graph.users/new-mguser).
 
 > [!NOTE]
 > If you're enabling a mailbox in Exchange Online PowerShell and need the mailbox to be created directly in the geo location that's specified in **PreferredDataLocation**, you need to use an Exchange Online cmdlet such as **Enable-Mailbox** or **New-Mailbox** directly in the cloud service. If you use the **Enable-RemoteMailbox** cmdlet in on-premises Exchange PowerShell, the mailbox is created in the central geo location.

microsoft-365/security/office-365-security/mdo-support-teams-about.md

@@ -33,15 +33,15 @@ appliesto:
 
 With the increased use of collaboration tools like Microsoft Teams, the possibility of malicious attacks using URLs and messages has increased as well. Microsoft Defender for Office 365 already provides protection against malicious URLs in Teams through [Safe Links](safe-links-about.md), and now Microsoft is extending this protection with a new set of capabilities designed to disrupt the attack chain.
 
-- **Reporting suspicious messages and files to admins and Microsoft (optional)**: Users will have the ability to report potential malicious messages to their admins. The admins can review these messages and report them to Microsoft. For more information, see [User reported settings in Teams](submissions-teams.md).
+- **Reporting suspicious messages and files to admins and Microsoft (optional)**: Users have the ability to report potential malicious messages to their admins. The admins can review these messages and report them to Microsoft. For more information, see [User reported settings in Teams](submissions-teams.md).
 
-- **Zero-Hour Auto Purge (ZAP)**: ZAP is an existing email protection feature that proactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered. For read or unread messages that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. Note that for this preview, ZAP will be quarantining based on malicious or phishing messages, and not spam. For more information, see [Zero-hour auto purge in Microsoft Defender for Office 365](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams).
+- **Zero-Hour Auto Purge (ZAP)**: ZAP is an existing email protection feature that proactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered. For read or unread messages that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. Currently, ZAP for Teams takes action on malware or high confidence phishing messages, not spam. For more information, see [Zero-hour auto purge in Microsoft Defender for Office 365](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams).
 
-- **Quarantine**: Admins will be able to review quarantined messages that are identified as malicious by ZAP. Admins will also be able to release the message if the message is determined as safe. For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams).
+- **Quarantine**: Admins are able to review quarantined messages that are identified as malicious by ZAP. Admins can also release messages that are determined to be safe. For more information, see [Manage quarantined Teams messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams).
 
-The **Teams Message Entity Panel** is one single place to store all of Teams message metadata that will allow for immediate SecOps review. Any threat coming from chats, group or meeting chats, and other channels can be found in one place as soon as it is assessed. For more information, see [Teams Message Entity Panel for Microsoft Teams](teams-message-entity-panel.md).
+- The **Teams Message Entity Panel** is one single place to store all of Teams message metadata that allows for immediate SecOps review. Any threat coming from chats, group or meeting chats, and other channels can be found in one place as soon as it's assessed. For more information, see [Teams Message Entity Panel for Microsoft Teams](teams-message-entity-panel.md).
 
-- **Attack Simulation and Training**: In order to ensure your users are resilient to phishing attacks in Microsoft Teams, admins can configure phishing simulations in Teams similar to how they do so in email. For more information, see [Microsoft Teams in Attack simulation training](attack-simulation-training-teams.md).
+- **Attack simulation training**: In order to ensure your users are resilient to phishing attacks in Microsoft Teams, admins can configure phishing simulations in Teams similar to how they do so in email. For more information, see [Microsoft Teams in Attack simulation training](attack-simulation-training-teams.md).
 
 ## Enable Microsoft Defender for Teams
 

microsoft-365/security/office-365-security/zero-hour-auto-purge.md

@@ -119,6 +119,8 @@ ZAP doesn't quarantine messages that are in the process of [Dynamic Delivery](sa
 > [!NOTE]
 > ZAP for Microsoft Teams is currently in Preview, and is available only to customers with Microsoft Defender for Office 365 E5 and Defender for Office P2 subscriptions.
 >
+> When you [join the Preview](mdo-support-teams-about.md#enable-microsoft-defender-for-teams), ZAP for Microsoft Teams is turned on.
+>
 > Currently, ZAP is available only for messages that are identified as malware or high confidence phishing.
 
 When a chat message is identified as potentially phishing or malicious in Microsoft Teams, ZAP blocks the message and quarantines it. This message is blocked for both the recipient and the sender. This protection feature applies only to messages in a chat or in a meeting within the organization.