Merge branch 'main' into dle-working-m365-july25

davidedwards365 · davidedwards365 · commit eb97652f22b1 · 2025-07-09T09:00:21.000-07:00
diff --git a/copilot/employee-self-service/servicenow.md b/copilot/employee-self-service/servicenow.md
@@ -183,10 +183,25 @@ This task is required to define the custom script as a resource for the REST API
    |---------|---------|
    |Name     |GetAllUserCriteria          |
    |Relative path     |/user_criteria         |
-   |Script     |Copy and paste the following script AS IS:<br> (function execute (/*RESTAPIRequest*/ request,<br>/*RESTAPIResponse*/ response)<br>{<br>var queryParams = request.queryParams;<br>var user = new String(queryParams.user);<br>return (new<br>sn_uc.UserCriteriaLoader()).getAllUserCriteria(user);<br>}<br>)(request, response);         |
+   |Script     |Copy and paste the script (noted after this table) exactly as is. |
    |Requires authentication     |Checked         |
    |Requires ACL authorization     |Checked<br>Ensure that the ACL created in Task 2 is set correctly and remove any other default values.          |
 
+#### Script to copy
+
+```javascript
+(function execute (/*RESTAPIRequest*/ request,
+/*RESTAPIResponse*/ response )
+{
+    var queryParams = request.queryParams;
+    var user = new String(queryParams.user);
+    return (new
+    sn_uc.UserCriteriaLoader()).getAllUserCriteria(user);
+}
+) (request, response);
+```
+
+
 4. Select **Submit** to save changes.
 
 This wraps up all the configuration required on the ServiceNow side, now the next set of tasks are on Microsoft 365 side.
diff --git a/microsoft-365/admin/support-diagnostic-information-collection.md b/microsoft-365/admin/support-diagnostic-information-collection.md
@@ -1,9 +1,9 @@
 ---
 title: "Understanding Microsoft 365 case creation and diagnostic data access"
-ms.author: camillepack
-author: camillepack
-manager: scotv
-ms.date: 04/07/2025
+ms.author: deniseb
+author: denisebmsft
+manager: dansimp
+ms.date: 07/08/2025
 audience: Admin
 ms.topic: concept-article
 ms.service: microsoft-365-business
@@ -30,51 +30,14 @@ Access is removed automatically when your support request is closed. If your req
 
 Depending on the nature of your support request, the data that Microsoft can access would belong under one or more of the following categories:
 
-- **Support Data** – All data provided to Microsoft by the customer as part of a customer engagement to obtain support services.
-  - Examples
-    - Support requests from customers and phone conversations, online chat sessions, or remote assistance sessions between support professionals and customers
-    - Case notes and/or records related to support requests from customers
-    - Data provided to Microsoft by the customer as part of support activities
-
-- **Account Data** – Contact and billing/purchase/payment/license information.
-  - Examples
-    - Customer’s provisioning information
-    - Account configuration and billing data
-    - Tenant administrator contact information (for example, tenant administrator’s name, address, e-mail address, phone number)
-    - This also includes Licensing and Purchase Information.
-
-- **System Metadata** – Data generated in the course of running the service.
-  - Examples
-    - Event Logs
-    - Access Control Logs
-    - Account information belonging to Microsoft operations personnel
-    - Microsoft server names/server IPs
-    - Server patching and vulnerability data
-    - Service configuration data
-    - Telemetry (on-prem or cloud)
-
-- **Organization Identifiable Information (OII)** – Data that can be used to identify a particular tenant/deployment/organization (generally config or usage data)
-  - Examples
-    - Tenant ID (non-GUID)
-    - TenantID (GUID) – due to the existence of many out of boundary TenantID to name mapping tables
-    - Tenant usage data
-    - Tenant IP Addresses (IPv4) such as tenant’s firewall IP address
-    - Global Prefix and Subnet ID (first 64 bits of IPv6 address)
-    - Tenant Domain name in e-mail address (joe@**contoso.com**)
-    - Mapping of organizational GUID to organization
-
-- **End User Identifiable Information (EUII)** – Data that directly identifies or could be used to identify the authenticated user of a Microsoft service.
-  - Examples
-    - User-specific IP address (IPv4)
-    - User Principal Name (joe@company.com)
-    - Address Book Data
-    - User’s machine Name
-    - SIP URI
-
-- **End User Pseudonymous Identifiers (EUPI)** – An identifier created by Microsoft tied to the user of a Microsoft service.
-  - Examples
-    - User GUIDs or PUIDs
-    - Session IDs
+| Category | Examples |
+|--|--|
+| **Support data**: All data provided to Microsoft by the customer as part of a customer engagement to obtain support services | - Support requests from customers and phone conversations, online chat sessions, or remote assistance sessions between support professionals and customers<br/>- Case notes and/or records related to support requests from customers<br/>- Data provided to Microsoft by the customer as part of support activities |
+| **Account data**: Contact, billing, purchase, payment, and/or license information | - Customer's provisioning information<br/>- Account configuration and billing data<br/>- Tenant administrator contact information (such as tenant administrator's name, address, e-mail address, phone number)<br/>- Licensing and purchase information |
+| **System metadata**: Data generated in the course of running the service | - Event logs<br/>- Access control logs<br/>- Account information belonging to Microsoft operations personnel<br/>- Microsoft server names/server IPs<br/>- Server patching and vulnerability data<br/>- Service configuration data<br/>- Telemetry (on-premises or cloud) |
+| **Organization identifiable information (OII)**: Data that can be used to identify a particular tenant, deployment, or organization (generally config or usage data) | - Tenant ID (non-GUID)<br/>- TenantID (GUID) – due to the existence of many out of boundary `TenantID` to name mapping tables<br/>- Tenant usage data<br/>- Tenant IP addresses (IPv4), such as tenant's firewall IP address<br/>- Global prefix and subnet ID (first 64 bits of IPv6 address)<br/>- Tenant domain name in e-mail address (such as `joe@contoso.com`)<br/>- Mapping of organizational GUID to organization |
+| **End-user identifiable information (EUII)**: Data that directly identifies or could be used to identify the authenticated user of a Microsoft service | - User-specific IP address (IPv4)<br/>- User principal name (`joe@company.com`)<br/>- Address book data<br/>- User's machine name<br/>- SIP URI |
+| **End-user pseudonymous identifiers (EUPI)**: An identifier created by Microsoft tied to the user of a Microsoft service | - User GUIDs or PUIDs<br/>- Session IDs |
 
 ## How long is diagnostic data retained in Microsoft systems?
 
@@ -83,3 +46,9 @@ Microsoft retains diagnostic data for up to 28 days after it is collected. After
 ## Where is support activity on a customer tenant logged?
 
 Activity performed on a customer tenant is available under Microsoft Entra Audit logs.
+
+When you create a support request and you grant advanced diagnostic consent, you see a notification that cross-tenant access settings were updated due to a partner addition. The notification occurs because the Microsoft Support tenant (`Office365ConciergeSupport.onmicrosoft.com - b4c546a4-7dac-46a6-a7dd-ed822a11efd3`) is added as a service provider for the duration of active support requests in your tenant. Expect to see audit logs in these categories:
+
+- `Policy`
+- `CrossTenantAccessSettings`
+- `DelegatedAdminServiceProviderConstraints`
