MicrosoftDocs
diff --git a/‎exchange/docs-conceptual/exchange-online-powershell-v2.md‎
Lines changed: 9 additions & 3 deletions b/‎exchange/docs-conceptual/exchange-online-powershell-v2.md‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎exchange/docs-conceptual/whats-new-in-the-exo-module.md‎
Lines changed: 7 additions & 1 deletion b/‎exchange/docs-conceptual/whats-new-in-the-exo-module.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎exchange/exchange-ps/exchange/Add-VivaModuleFeaturePolicy.md‎
Lines changed: 2 additions & 0 deletions b/‎exchange/exchange-ps/exchange/Add-VivaModuleFeaturePolicy.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/New-Label.md‎
Lines changed: 47 additions & 0 deletions b/‎exchange/exchange-ps/exchange/New-Label.md‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/New-TransportRule.md‎
Lines changed: 2 additions & 0 deletions b/‎exchange/exchange-ps/exchange/New-TransportRule.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/Set-Label.md‎
Lines changed: 47 additions & 0 deletions b/‎exchange/exchange-ps/exchange/Set-Label.md‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/Set-OrganizationConfig.md‎
Lines changed: 8 additions & 6 deletions b/‎exchange/exchange-ps/exchange/Set-OrganizationConfig.md‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎exchange/exchange-ps/exchange/Set-TransportRule.md‎
Lines changed: 2 additions & 0 deletions b/‎exchange/exchange-ps/exchange/Set-TransportRule.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎exchange/exchange-ps/exchange/Update-VivaModuleFeaturePolicy.md‎
Lines changed: 6 additions & 4 deletions b/‎exchange/exchange-ps/exchange/Update-VivaModuleFeaturePolicy.md‎
Lines changed: 6 additions & 4 deletions
@@ -3,7 +3,7 @@ title: About the Exchange Online PowerShell V3 module
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 06/26/2024
+ms.date: 07/16/2024
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -610,14 +610,20 @@ Unless otherwise noted, the current release of the Exchange Online PowerShell mo
 
 ### Current release
 
+#### Version 3.5.1
+
+- Bug fixes in **Get-EXOMailboxPermission** and **Get-EXOMailbox**.
+- The module has been upgraded to run on .NET 8, replacing the previous version based on .NET 6.
+- Enhancements in **Add-VivaModuleFeaturePolicy**.
+
+### Previous releases
+
 #### Version 3.5.0
 
 - New **Get-VivaFeatureCategory** cmdlet.
 - Added support for policy operations at the category level in Viva Feature Access Management (VFAM).
 - New IsFeatureEnabledByDefault property in the output of **Get-VivaModuleFeaturePolicy**. The value of this property shows the default enablement state for users in the tenant when no tenant or user/group policies were created.
 
-### Previous releases
-
 #### Version 3.4.0
 
 - Bug fixes in **Connect-ExchangeOnline**, **Get-EXORecipientPermission**, and **Get-EXOMailboxFolderPermission**.
 
@@ -3,7 +3,7 @@ title: What's new in the Exchange Online PowerShell module
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 05/17/2024
+ms.date: 07/16/2024
 ms.audience: Admin
 audience: Admin
 ms.topic: article
@@ -22,6 +22,12 @@ description: "Learn about the new features and functionality available in the la
 
 This article lists new features in the Exchange Online PowerShell module that's used for connecting to Exchange Online PowerShell, Security & Compliance PowerShell, and standalone Exchange Online Protection (EOP) PowerShell. Features that are currently in preview are denoted with **(preview)**.
 
+## July 2024
+
+- [Version 3.5.1](https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.5.1) has been released.
+
+  For information about what's in this release, see [Version 3.5.1](exchange-online-powershell-v2.md#version-351)
+
 ## May 2024
 
 - [Version 3.5.0](https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.5.0) has been released.
 
@@ -300,6 +300,8 @@ You can specify a maximum of 20 total users or groups (20 users and no groups, 1
 
 To have the policy apply to all users in the organization, use the Everyone switch.
 
+**Note**: In v3.5.1-Preview2 or later of the module, this parameter supports security group object IDs (GUIDs). Previous versions of the module accept only email addresses for this parameter.
+
 ```yaml
 Type: String[]
 Parameter Sets: (All)
 
@@ -37,6 +37,7 @@ New-Label [-Name] <String> -DisplayName <String> -Tooltip <String>
  [-ApplyContentMarkingHeaderFontSize <System.Int32>]
  [-ApplyContentMarkingHeaderMargin <System.Int32>]
  [-ApplyContentMarkingHeaderText <String>]
+ [-ApplyDynamicWatermarkingEnabled <System.Boolean>]
  [-ApplyWaterMarkingEnabled <System.Boolean>]
  [-ApplyWaterMarkingFontColor <String>]
  [-ApplyWaterMarkingFontName <String>]
@@ -49,6 +50,7 @@ New-Label [-Name] <String> -DisplayName <String> -Tooltip <String>
  [-Confirm]
  [-ContentType <MipLabelContentType>]
  [-DefaultContentLabel <String>]
+ [-DynamicWatermarkDisplay <String>]
  [-EncryptionAipTemplateScopes <String>]
  [-EncryptionContentExpiredOnDateInDaysOrNever <String>]
  [-EncryptionDoNotForward <System.Boolean>]
@@ -470,6 +472,29 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ApplyDynamicWatermarkingEnabled
+**Note**: This parameter is currently in Public Preview, isn't available in all organizations, and is subject to change.
+
+The ApplyDynamicWatermarkingEnabled parameter enables dynamic watermarking for a specific label that applies encryption. Valid values are:
+
+- $true: Enables dynamic watermarking for a specific label.
+- $false: Disables dynamic watermarking for a specific label.
+
+You set the watermark text with the DynamicWatermarkDisplay parameter. For more information about using dynamic watermarks for supported apps, see [Dynamic watermarks](https://learn.microsoft.com/purview/encryption-sensitivity-labels#dynamic-watermarks).
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ApplyWaterMarkingEnabled
 The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label. Valid values are:
 
@@ -691,6 +716,28 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DynamicWatermarkDisplay
+**Note**: This parameter is currently in Public Preview, isn't available in all organizations, and is subject to change.
+
+The DynamicWatermarkDisplay parameter specifies the watermark text to display for a given label. This parameter supports text and the following special tokens:
+
+- `${Consumer.PrincipalName}`: Required. The value is the user principal name (UPN) of the user.
+
+This parameter is meaningful only when the ApplyDynamicWatermarkingEnabled parameter value is $true.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EncryptionAipTemplateScopes
 The EncryptionAipTemplateScopes parameter specifies that the label is still published and usable in the AIP classic client. An example value is `"['[email protected]','[email protected]']"`.
 
 
@@ -676,6 +676,8 @@ The ApplyHtmlDisclaimerFallbackAction parameter specifies what to do if the HTML
 
   If the process of inserting the original message as an attachment in the new message fails, the original message isn't delivered. The original message is returned to the sender in an NDR.
 
+  In Microsoft 365, don't use this value in rules that affect incoming messages from external senders. Use the value Reject instead. The effects of the value Wrap interfere with Safe Attachments scanning of messages from external senders.
+
 - Ignore: The rule is ignored and the original message is delivered without the disclaimer.
 - Reject: The original message is returned to the sender in an NDR.
 
 
@@ -37,6 +37,7 @@ Set-Label [-Identity] <ComplianceRuleIdParameter>
  [-ApplyContentMarkingHeaderFontSize <System.Int32>]
  [-ApplyContentMarkingHeaderMargin <System.Int32>]
  [-ApplyContentMarkingHeaderText <String>]
+ [-ApplyDynamicWatermarkingEnabled <System.Boolean>]
  [-ApplyWaterMarkingEnabled <System.Boolean>]
  [-ApplyWaterMarkingFontColor <String>]
  [-ApplyWaterMarkingFontName <String>]
@@ -50,6 +51,7 @@ Set-Label [-Identity] <ComplianceRuleIdParameter>
  [-ContentType <MipLabelContentType>]
  [-DefaultContentLabel <String>]
  [-DisplayName <String>]
+ [-DynamicWatermarkDisplay <String>]
  [-EncryptionContentExpiredOnDateInDaysOrNever <String>]
  [-EncryptionDoNotForward <System.Boolean>]
  [-EncryptionDoubleKeyEncryptionUrl <String>]
@@ -452,6 +454,29 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ApplyDynamicWatermarkingEnabled
+**Note**: This parameter is currently in Public Preview, isn't available in all organizations, and is subject to change.
+
+The ApplyDynamicWatermarkingEnabled parameter enables dynamic watermarking for a specific label that applies encryption. Valid values are:
+
+- $true: Enables dynamic watermarking for a specific label.
+- $false: Disables dynamic watermarking for a specific label.
+
+You set the watermark text with the DynamicWatermarkDisplay parameter. For more information about using dynamic watermarks for supported apps, see [Dynamic watermarks](https://learn.microsoft.com/purview/encryption-sensitivity-labels#dynamic-watermarks).
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ApplyWaterMarkingEnabled
 The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label. Valid values are:
 
@@ -689,6 +714,28 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DynamicWatermarkDisplay
+**Note**: This parameter is currently in Public Preview, isn't available in all organizations, and is subject to change.
+
+The DynamicWatermarkDisplay parameter specifies the watermark text to display for a given label. This parameter supports text and the following special tokens:
+
+- `${Consumer.PrincipalName}`: Required. The value is the user principal name (UPN) of the user.
+
+This parameter is meaningful only when the ApplyDynamicWatermarkingEnabled parameter value is $true.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EncryptionContentExpiredOnDateInDaysOrNever
 The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are:
 
 
@@ -3109,16 +3109,18 @@ Accept wildcard characters: False
 ### -PostponeRoamingSignaturesUntilLater
 This parameter is available only in the cloud-based service.
 
-**Note**: This parameter is in the process of being rolled out. The rollout is expected to be completed by mid-November 2023.
-
 The PostponeRoamingSignaturesUntilLater parameter controls whether roaming signatures are enabled or disabled in Outlook on the web (formerly known as Outlook Web App or OWA) and the new Outlook for Windows. Valid values are:
 
-- $true: Roaming signatures are temporarily disabled for Outlook on the web and the new Outlook for Windows. For Windows, the registry setting to disable roaming signatures still works. For more information, see [Outlook roaming signatures](https://support.microsoft.com/office/420c2995-1f57-4291-9004-8f6f97c54d15). When roaming signatures are disabled, admins can use the signature-related parameters on the Set-MailboxMessageConfiguration cmdlet (for example, AutoAddSignature, AutoAddSignatureOnReply, and SignatureHtml) to configure email signatures.
-- $false: This is the default value.
+- $true: Roaming signatures are disabled for Outlook on the web and the new Outlook for Windows. For Windows clients, the registry setting to disable roaming signatures still works. For more information, see [Outlook roaming signatures](https://support.microsoft.com/office/420c2995-1f57-4291-9004-8f6f97c54d15). When roaming signatures are disabled, admins can use the signature-related parameters on the Set-MailboxMessageConfiguration cmdlet (for example, AutoAddSignature, AutoAddSignatureOnReply, and SignatureHtml) to configure email signatures.
+
+  Previously, the only way to disable roaming signatures in Outlook on the web was to open a support ticket. With the introduction of this parameter and value, admins can disable roaming signatures themselves.
+
+- $false: Roaming signatures are enabled for Outlook on the web and the new Outlook for Windows. This is the default value.
 
-We're working on API support so admins and ISVs can configure roaming signatures directly. When the new API is available (and after plenty of warning), this parameter will be deprecated. Admins will no longer need to disable roaming signatures or use the parameters on Set-MailboxMessageConfiguration to configure email signatures in Outlook on the web.
+We recommend that independent software vendors (ISVs) onboard to the [signature API](https:///javascript/api/outlook/office.body?view=outlook-js-preview#outlook-office-body-setsignatureasync-member(1) based on [event-based hooks
+](/office/dev/add-ins/outlook/autolaunch).
 
-Previously, the only way to disable roaming signatures in Outlook on the web was to open a support ticket. With the introduction of this parameter, that process is discontinued as admins can now use this parameter to disable roaming signatures themselves.
+We have no plans to support roaming signature management in the Microsoft Graph API.
 
 ```yaml
 Type: Boolean
 
@@ -674,6 +674,8 @@ The ApplyHtmlDisclaimerFallbackAction parameter specifies what to do if the HTML
 
   If the process of inserting the original message as an attachment in the new message fails, the original message isn't delivered. The original message is returned to the sender in an NDR.
 
+  In Microsoft 365, don't use this value in rules that affect incoming messages from external senders. Use the value Reject instead. The effects of the value Wrap interfere with Safe Attachments scanning of messages from external senders.
+
 - Ignore: The rule is ignored and the original message is delivered without the disclaimer.
 - Reject: The original message is returned to the sender in an NDR.
 
 
@@ -112,7 +112,7 @@ This example updates who the specified policy applies to. The policy now applies
 
 ### Example 4
 ```powershell
-Update-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -Name NewPolicyName -IsFeatureEnabled $true -GroupIds [email protected] -UserIds [email protected]
+Update-VivaModuleFeaturePolicy -ModuleId VivaInsights -FeatureId Reflection -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -Name NewPolicyName -IsFeatureEnabled $true -GroupIds [email protected],57680382-61a5-4378-85ad-f72095d4e9c3 -UserIds [email protected]
 ```
 
 This example updates the name of the specified policy, makes it so the policy enables the feature, and updates who the policy applies to. The policy now applies **only** to the specified users and groups, overwriting the users and groups the policy used to apply to.
@@ -126,7 +126,7 @@ This example updates the name of the specified policy and makes it so the policy
 
 ### Example 6
 ```powershell
-Update-VivaModuleFeaturePolicy -CategoryId <category_id> -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -GroupIds [email protected],[email protected]
+Update-VivaModuleFeaturePolicy -CategoryId <category_id> -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -GroupIds [email protected],[email protected],57680382-61a5-4378-85ad-f72095d4e9c3
 ```
 
 This example updates who the specified policy applies to. The policy now applies **only** to the specified groups, overwriting the users and groups the policy used to apply to.
@@ -140,7 +140,7 @@ This example updates who the specified policy applies to. The policy now applies
 
 ### Example 8
 ```powershell
-Update-VivaModuleFeaturePolicy -CategoryId <category_id> -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -Name NewPolicyName -IsCategoryEnabled $true -GroupIds [email protected] -UserIds [email protected]
+Update-VivaModuleFeaturePolicy -CategoryId <category_id> -PolicyId 3db38dfa-02a3-4039-b33a-42b0b3da029b -Name NewPolicyName -IsCategoryEnabled $true -GroupIds [email protected],57680382-61a5-4378-85ad-f72095d4e9c3 -UserIds [email protected]
 ```
 
 This example updates the name of the specified policy, makes it so the policy enables the category (effectively all features under the category), and updates who the policy applies to. The policy now applies **only** to the specified users and groups, overwriting the users and groups the policy used to apply to.
@@ -264,7 +264,7 @@ Accept wildcard characters: False
 ```
 
 ### -GroupIds
-The GroupIds parameter specifies the email addresses of groups that the updated policy applies to. [Mail-enabled Microsoft Entra groups](https://docs.microsoft.com/graph/api/resources/groups-overview#group-types-in-azure-ad-and-microsoft-graph) are supported. You can enter multiple values separated by commas.
+The GroupIds parameter specifies the email addresses or security group object IDs (GUIDs) of groups that the updated policy applies to. Both [Mail-enabled and non-mail-enabled Microsoft Entra groups](https://docs.microsoft.com/graph/api/resources/groups-overview#group-types-in-azure-ad-and-microsoft-graph) are supported. You can enter multiple values separated by commas.
 
 If you don't want to update who the policy applies to, don't use this parameter.
 
@@ -274,6 +274,8 @@ You can specify a maximum of 20 total users or groups (20 users and no groups, 1
 
 To have the updated policy apply to all users in the organization, use the Everyone parameter with the value $true.
 
+**Note**: In v3.5.1-Preview2 or later of the module, this parameter supports security group object IDs (GUIDs). Previous versions of the module accept only email addresses for this parameter.
+
 ```yaml
 Type: String[]
 Parameter Sets: (All)