Merge pull request #26644 from MicrosoftDocs/main

Publish main to live, 9/30/24, 3:30 pm

.github/workflows/Stale.yml

@@ -13,7 +13,7 @@ jobs:
   stale:
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod
     with:
-      RunDebug: true
+      RunDebug: false
       RepoVisibility: ${{ github.repository_visibility }}
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}

microsoft-365/enterprise/multi-geo-user-experience.md

@@ -1,7 +1,7 @@
 ---
 title: "User experience in a multi-geo environment"
 ms.reviewer:
-ms.date: 12/11/2023
+ms.date: 09/25/2024
 ms.author: kvice
 author: kelleyvice-msft
 manager: scotv
@@ -49,9 +49,9 @@ Users have their OneDrive provisioned in their preferred data location. If a use
 
 ## OneDrive iOS and Android 
 
-The OneDrive iOS and Android mobile apps show you your OneDrive files and files shared with you regardless of their _Geography_ location. Search from the OneDrive mobile apps show relevant results from all _Geography_ locations. Download the latest version of these apps.
+The OneDrive iOS and Android mobile apps show you your OneDrive files and files shared with you regardless of their _Geography_ location. Searches from the OneDrive mobile apps show relevant results from all _Geography_ locations. Download the latest version of these apps.
 
-For more information, see Use [OneDrive on iOS](https://support.office.com/article/08d5c5b2-ccc6-40eb-a244-fe3597a3c247) and [Use OneDrive for Android](https://support.office.com/article/eee1d31c-792d-41d4-8132-f9621b39eb36) for more information.
+For more information, see [Use OneDrive on iOS](https://support.office.com/article/08d5c5b2-ccc6-40eb-a244-fe3597a3c247) and [Use OneDrive for Android](https://support.office.com/article/eee1d31c-792d-41d4-8132-f9621b39eb36) for more information.
 
 ## OneDrive mobile client
 
@@ -81,24 +81,30 @@ In SharePoint Multi-Geo, your SharePoint home is hosted in the location where th
 
 All of these components show up for the user regardless of the _Geography_ location where the content is hosted, so long as the user has permissions to said content. 
 
-**Features Links**
+**Featured Links**
 
-Admins may configure Featured links in SharePoint home as appropriate to each _Geography_ location. This allows the admin to feature in the SP Home for each region the links that are appropriate for users in the region. 
+Admins can configure Featured links in SharePoint home as appropriate to each _Geography_ location. This allows the admin to feature in the SP Home for each region the links that are appropriate for users in the region. 
 
 ## SharePoint mobile client
 
 The SharePoint mobile client is multi-geo aware and will display pertinent content and results from all geo locations.
 
 ## Sharing
 
-The people picker experience shows all users regardless of their _Geography_ location. This allows a user to share with another user in their same geo or in any other of your _Tenant's_ _Geography_ locations. Content from different _Geography_ locations show up in the **Shared with Me** view in the user's OneDrive, Word, Excel, PowerPoint, and Office.com and can be accessed with single sign-On experience regardless of which _Geography_ location it's hosted in.
+The people picker experience shows all users regardless of their _Geography_ location. This allows a user to share with another user in their same geo or in any other of your _Tenant's_ _Geography_ locations. Content from different _Geography_ locations shows up in the **Shared with Me** view in the user's OneDrive, Word, Excel, PowerPoint, and Office.com and can be accessed with single sign-On experience regardless of which _Geography_ location it's hosted in.
 
 ## Microsoft Teams experience
 
 Microsoft Teams is a Multi-Geo service. OneDrive files and recently viewed files are shown regardless of the user's _Geography_ location. @ mentions work with users from all _Geography_ locations.
 
-## User profiles
+## Microsoft 365 Person experience
 
-User profile information is mastered in the user's _Geography_ location. When selecting a user, you'll be directed to the appropriate _Geography_ location for the user, where you'll see their full profile details.
+The **Microsoft 365 Person** encompasses the complete set of properties, attributes and associated people contacts that are representative of a user in the Microsoft 365 tenant. The Microsoft 365 Person dataset is mastered and stored in the Primary Data Location of the user.
 
-If Office Delve is turned off, you'll see the classic profile experience in SharePoint, which isn't Multi-Geo aware.
+There are two constituents of the Microsoft 365 Person data:
+
+- Microsoft 365 Profile ([profile resource type](/graph/api/resources/profile?view=graph-rest-beta&preserve-view=true)), which constitutes the information that can be viewed by other users within the tenant about the Microsoft 365 person. This includes the user's Microsoft Entra ID details along with other information like position and photo ([Get profilePhoto](https://aka.ms/profileimage)). The fields and attributes that are exposed can be controlled by the tenant admin ([Add or remove custom attributes on a profile card using the profile card API](/graph/add-properties-profilecard)).
+
+- My Microsoft 365 People dataset ([contact resource type](/graph/api/resources/contact?view=graph-rest-1.0&preserve-view=true)), which represents the list of the user's Microsoft 365 contacts along with the user’s version of their contacts' Microsoft 365 profile. This edited or unedited version of another user’s profile will always remain private in the current user’s mailbox and won't be replicated anywhere.
+
+To enable discovery, rich people search, and full fidelity collaboration experiences, the Microsoft 365 profile of users in the tenant is replicated across geos when a Multi-Geo tenant is first set up (for instance, to provide the Global Address List) and in response to user actions. Examples of user actions include direct and indirect interactions with one or more users in the tenant via activities like joining the Organization, creating and\or joining Teams meetings, sharing and\or co-editing files, profile card lookup, and adding of contacts as described in [Add, find, edit, or delete a contact in Outlook](https://support.microsoft.com/office/add-find-edit-or-delete-a-contact-in-outlook-e1dc4548-3bd6-4644-aecd-47b5728f7b0d#:~:text=information%20any%20time.-,Select%20the%20contact%20from%20the%20list%2C%20then%20select%20Edit%20contact,and%20begin%20adding%20more%20information.&text=someone's%20profile%20card-,In%20Mail%2C%20open%20an%20email%20message%20in%20the%20reading%20pane,card%2C%20select%20Add%20to%20contacts.). The replicated Microsoft 365 profiles of other users from an interaction\collaboration are stored in the Microsoft 365 People dataset of the target user shard.

microsoft-365/lighthouse/TOC.yml

@@ -22,10 +22,10 @@
       href: m365-lighthouse-review-audit-logs.md
     - name: Set up and manage GDAP
       items: 
-      - name: Set up GDAP for your customers
-        href: m365-lighthouse-setup-gdap.md
-      - name: Overview of Delegated Access
+      - name: Overview of the Delegated access page
         href: m365-lighthouse-delegated-access-overview.md
+      - name: Set up GDAP
+        href: m365-lighthouse-setup-gdap.md
 - name: Protect customers with baselines
   items: 
     - name: Overview of using baselines to deploy standard tenant configurations

microsoft-365/lighthouse/m365-lighthouse-delegated-access-overview.md

@@ -1,11 +1,11 @@
 ---
-title: "Overview of Delegated Access in Microsoft 365 Lighthouse"
+title: "Overview of the Delegated access page in Microsoft 365 Lighthouse"
 f1.keywords: NOCSH
 ms.author: sharik
 author: SKjerland
 manager: scotv
 ms.reviewer: taylorau
-ms.date: 04/20/2023
+ms.date: 09/26/2024
 audience: Admin
 ms.topic: conceptual
 ms.service: microsoft-365-lighthouse
@@ -22,33 +22,70 @@ search.appverid: MET150
 description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to manage your tenants' delegated access."
 ---
 
-# Overview of Delegated Access in Microsoft 365 Lighthouse
+# Overview of the Delegated access page in Microsoft 365 Lighthouse
 
-Microsoft 365 Lighthouse provides delegated relationship insights across all your customer tenants in a single view. You can track your transition away from Delegated Administrative Privileges (DAP) and ensure your Granular Delegated Administrative Privileges (GDAP) relationships are set up as intended. Data is available for any customer tenant in Lighthouse, regardless of the customers' licensing, user count, or geographic region. To access these insights, select **Permissions** > **Delegated access** in the left navigation pane in [Lighthouse](https://lighthouse.microsoft.com). You must hold the Admin agent role in Partner Center. 
+Microsoft 365 Lighthouse provides delegated relationship insights across all your customer tenants in a single view. You can create and manage Granular Delegated Administrative Privileges (GDAP) relationships from the Delegated access page. Data is available for any customer tenant in Lighthouse, regardless of the customers' licensing, user count, or geographic region. To access these insights, select **Permissions** > **Delegated access** in the left navigation pane in [Lighthouse](https://lighthouse.microsoft.com).
 
-## Delegated access page
+:::image type="content" source="../media/m365-lighthouse-delegated-access-overview/m365-lighthouse-delegated-access-page.png" alt-text="Screenshot of Delegated access page." lightbox="../media/m365-lighthouse-delegated-access-overview/m365-lighthouse-delegated-access-page.png":::
 
-From this page, you can see the status of all your customers' delegated relationships at a glance, including whether GDAP is set up, if a GDAP template has been assigned, and the next upcoming GDAP relationship expiration date for a customer tenant. In this sortable view by tenant, you can filter by the following information:
+## Role requirements
 
-- **Delegated access:** The type of delegated relationships established with a customer tenant. For example, GDAP, GDAP & DAP, DAP, or None. 
-- **GDAP template:** Created by your organization through Lighthouse, GDAP templates define the service tiers, Microsoft Entra roles used to deploy GDAP to your tenants. To learn more about GDAP templates, see [Set up GDAP for your customers](m365-lighthouse-setup-gdap.md).
-- **Security groups:** Assigned to GDAP relationships, security groups contain the users in your organization with delegated access to a customer tenant.
-- **Pending GDAP relationships:** Indicates that a GDAP relationship has been set up but has yet to be approved by the customer tenant.
+The following table outlines the role or roles that you must hold to manage GDAP relationships from the Delegated access page.
 
-Select a tenant from the list to see more specific information about the customer tenant. From the tenant details pane, you can view more relationship details, including how many relationships exist, the expiration dates, and the names of all relationships between your organization and that customer tenant. If no GDAP relationship has been established for a customer tenant, select **Set up GDAP for your organization** to assign a GDAP template to that organization. New relationships may take up to 10 minutes to refresh on this page. If the relationship status is still pending, you can resend a relationship request through the GDAP Setup tool.
+|  | Admin Agent<br>in Partner Center | Groups Administrator<br>in Microsoft Entra&nbsp;ID | User Administrator<br>in Microsoft Entra&nbsp;ID | Privileged Role Administrator<br>in Microsoft Entra&nbsp;ID |
+|--|:--:|:--:|:--:|:--:|
+| **View data on the Delegated access page** | &check; |  |  |  |
+| **Create and edit Lighthouse GDAP templates** |  | &check; | &check; |  |
+| **Assign Lighthouse GDAP templates to customer tenants** | &check; |  |  |  |
+| **Set up Just-in-Time (JIT) access** |  |  |  | &check; |
 
-The Delegated access page also includes the following options:
-- **Export:** Select to export tenant data to an Excel comma-separated values (.csv) file.
-- **Refresh:** Select to retrieve the most current tenant delegated access data.
-- **Search:** Enter keywords to quickly locate a specific tenant or tenant tag in the list.
+## GDAP templates tab
 
-:::image type="content" source="../media/m365-lighthouse-delegated-access-overview/m365-lighthouse-delegated-access-page.png" alt-text="Screenshot of Delegated Access page" lightbox="../media/m365-lighthouse-delegated-access-overview/m365-lighthouse-delegated-access-page.png":::
+From the GDAP templates tab, you can view, create, delete, and assign GDAP templates to customer tenants. The GDAP templates tab provides the following information:
+
+- **Name:** The name of the GDAP template. 
+- **Support roles:** The name of the Lighthouse support roles associated with each template.
+- **Assigned tenants:** The number of customer tenants that the GDAP template is assigned to.
+
+Select a GDAP template from the list to open the edit pane, where you can update the name, description, support roles, and security groups for the template.
+
+To assign tenants to a GDAP template or delete a GDAP template, select the three dots (more actions) next to the template name.
+
+The GDAP templates tab also includes the following options:
+- **Export:** Select to export GDAP template data to an Excel comma-separated values (.csv) file.
+- **Refresh:** Select to retrieve the most current GDAP template data.
+- **Search:** Enter keywords to quickly locate a specific GDAP template in the list. 
+
+## Relationships tab
+
+From the Relationships tab, you can view all GDAP relationships that you set up with your customers. The Relationships tab provides the following information:
+
+- **Tenant and relationship:** Customer tenant name and associated GDAP relationship.
+- **Status:**
+    - An **Active** status means you have at least one active GDAP relationship with the customer.
+    - A **Pending** status indicates a GDAP relationship was set up but the customer hasn't approved it yet.
+- **Template:** Name of the GDAP template assigned to the customer tenant.
+- **Security groups:** Number of security groups associated with the customer tenant.
+- **Start date:** Date of the oldest GDAP relationship with the customer.
+- **Expiration date:** Date of the next-expiring GDAP relationship.
+- **Tags:** Tags associated with the customer tenant.
+
+In the list of customer tenants, expand each tenant to show the active and pending GDAP relationship requests. After a customer approves a GDAP relationship request, you can select the relationship request from the list to open the relationship details pane and view the following information:
+
+- All security groups and GDAP Microsoft Entra roles associated with the tenant. 
+- A summary of all GDAP Microsoft Entra roles associated with the tenant.
+
+The Relationships tab also includes the following options: 
+
+- **Export:** Select to export GDAP relationship data to an Excel comma-separated values (.csv) file.
+- **Refresh:** Select to retrieve the most current GDAP relationship data.
+- **Search:** Enter keywords to quickly locate a specific tenant or tenant tag in the list. 
 
 ## Related content
 
-[Set up GDAP for your customers](m365-lighthouse-setup-gdap.md) (article)\
-[Overview of permissions](m365-lighthouse-overview-of-permissions.md) (article)\
-[Configure portal security](m365-lighthouse-configure-portal-security.md) (article)\
+[Set up GDAP in Microsoft 365 Lighthouse](m365-lighthouse-setup-gdap.md) (article)\
+[Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md) (article)\
+[Configure Microsoft 365 Lighthouse portal security](m365-lighthouse-configure-portal-security.md) (article)\
 [Introduction to granular delegated admin privileges (GDAP)](/partner-center/gdap-introduction) (article)\
 [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference) (article)\
 [Learn about groups and access rights in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-learn-about-groups) (article)