Nbensalmon/xsup 59280 update description ews pwsh (demisto#42063)

Update 'EWS Extension Online Powershell v3' integration description.

Author: nbensalm-palo

Packs/MicrosoftExchangeOnline/Integrations/EwsExtensionEXOPowershellV3/EwsExtensionEXOPowershellV3_description.md

@@ -4,16 +4,18 @@
 To use this integration, you need to connect an application with a certificate.
 1. Create the application:
    1. Access **portal.azure.com**.
-   2. Navigate to **Home** > **App registrations** > **EWS**
-   3. In the left menu, click **API permissions**.
-   4. Click **Add a permission**.
-   5. In the Request API permissions page, click **APIs my organization uses**.
-   6. Search for **Office 365 Exchange Online**.
-   7. Click **Application permissions**.
-   8. Under Exchange, click the **ExchangeManageAsApp** checkbox.
-   9. Click **Add permissions**.
-   10. Click **Grant admin consent for XSOAR**.
-2. Create the certificate in Cortex XSOAR.
+   2. Navigate to **Home** > **App registrations**.
+   3. Click **New Registration**, give the application a name (for example: **EWS**) and click **Register**.
+   4. In the left menu of the newly created application, click **API permissions**.
+   5. Click **Add a permission**.
+   6. In the Request API permissions page, click **APIs my organization uses**.
+   7. Search for **Office 365 Exchange Online**.
+   8. Click **Application permissions**.
+   9. Under Exchange, click the **ExchangeManageAsApp** checkbox.
+   10. Click **Add permissions**.
+   11. Click **Grant admin consent**.
+   
+2. Create the certificate in Cortex XSOAR/XSIAM.
    1. Run the **CreateCertificate** command in the Playground to acquire the certificate. 
 
       ***!CreateCertificate days=<# of days> password=\<password>***
@@ -26,31 +28,43 @@ To use this integration, you need to connect an application with a certificate.
 
 
 3. Attach the .cer file to your Azure app.
-    1. In the Cortex XSOAR Playground, download the publickey.cer file
+    1. In the Cortex XSOAR/XSIAM Playground, download the publickey.cer file
     2. In the Azure application, in the left menu, click **Certificates & secrets**.
     3. In the Certificates tab, upload the publickey.cer file.
 
 
 4. Assign Azure AD roles to the application.
-    1. You have two options:
-        - Assign Azure AD roles to the application.
-        - Assign custom role groups to the application using service principals.
-    2. In the Azure AD portal at https://portal.azure.com/, start typing roles and administrators in the Search box at the
-       top of the page, and then select Azure AD roles and administrators from the results in the Services section.
-    3. On the Roles and administrators page that opens, find and select one of the supported roles by clicking on the
-       name of the role (not the checkbox) in the results.
-    4. On the Assignments page that opens, select **Add assignments**.
-    5. In the Add assignments flyout that opens, find and select the app that you created in Step 1.
-
+   1. You have two options:
+      - Assign Azure AD roles to the application.
+      - Assign custom role groups to the application using service principals.
+   2. In the [Azure AD portal](https://portal.azure.com/), search for **Microsoft Entra roles and administrators** in the Search box.
+   3. On the Roles and administrators page that opens, find and select one of the supported roles by clicking on the
+      name of the role (not the checkbox) in the results.
+      - The role **Security Administrator** is eligible for this integration.
+   4. On the Assignments page that opens, select **Add assignments**.
+   5. In the Add assignments flyout that opens, find and select the app that you created in Step 1.
 
 Note: The information in the Playground is sensitive information. You should delete the information by running the following command:
 
    ***!DeleteContext all=yes***
 
-5. In Cortex XSOAR, in the integration instance configuration, enter your saved password in the **Password** field.
+5. In Cortex XSOAR/XSIAM, in the integration instance configuration, enter your saved password in the **Password** field.
 6. In Azure, go to Entra ID (Overview blade) and copy the **Primary domain** field.
-7. In Cortex XSOAR, in the integration instance configuration, paste the Domain name in **The organization used in app-only authentication** field.
+7. In Cortex XSOAR/XSIAM, in the integration instance configuration, paste the Domain name in **The organization used in app-only authentication** field.
 8. In the Azure app, navigate to **Home** > **App registration** > **\<application name>** and copy the Application (client) ID.
-9. In Cortex XSOAR, in the integration instance configuration, paste the application ID in **The application ID from the Azure portal** field.
+9. In Cortex XSOAR/XSIAM, in the integration instance configuration, paste the application ID in **The application ID from the Azure portal** field.
+
 
+### Verify that the admin account has sufficient Exchange Online permissions
+For the integration to work, the Azure AD application's service principal must have the correct permissions assigned in the Exchange Online role groups.
+1. Open the Microsoft Purview Portal: https://purview.microsoft.com/
+2. Log in using an admin account that can manage role assignments for the Azure AD application (for example, a Global Administrator or Privileged Role Administrator).
+3. In the top bar, select: **Settings → Roles and scopes**
+4. In the left sidebar, select: **Role Groups**
+5. Search for the following role groups:
+   - **Organization Management** – the most privileged role and fully supported for this integration.
+   - **Security Administrator** – a highly privileged security role that also provides full access.
+6. Open the role and verify that the **service principal of the Azure AD application used by the integration** is listed.
+7. If not listed, click **Edit → Add Users** and assign the required roles.
 
+* Note - for more information go to the official [Microsoft Documentation.](https://learn.microsoft.com/en-us/defender-office-365)

Packs/MicrosoftExchangeOnline/Integrations/EwsExtensionEXOPowershellV3/README.md

@@ -9,11 +9,107 @@ which utilizes the [EXO v3 module](https://learn.microsoft.com/en-us/powershell/
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
 | Name | The name of the integration | True |
-| Exchange Online URL | https://outlook.office365.com | True |
+| Exchange Online URL | <https://outlook.office365.com> | True |
 | Certificate | A txt certificate encoded in Base64. | True |
 | The organization used in app-only authentication. |  | True |
 | The application ID from the Azure portal |  | True |
 
+### App authentication
+
+To use this integration, you need to connect an application with a certificate.
+
+1. Create the application:
+   1. Access [Azure AD portal](https://portal.azure.com/).
+   2. Navigate to **Home** > **App registrations**.
+   3. Click **New Registration**, give the application a name (for example: **EWS**) and click **Register**.
+   4. In the left menu of the newly created application, click **API permissions**.
+   5. Click **Add a permission**.
+   6. In the Request API permissions page, click **APIs my organization uses**.
+   7. Search for **Office 365 Exchange Online**.
+   8. Click **Application permissions**.
+   9. Under Exchange, click the **ExchangeManageAsApp** checkbox.
+   10. Click **Add permissions**.
+   11. Click **Grant admin consent**.
+
+2. Create the certificate in Cortex XSOAR/XSIAM.
+   1. Run the **CreateCertificate** command in the Playground to acquire the certificate.
+
+      ***!CreateCertificate days=<# of days> password=`password`***
+
+     *Note: Remember your password since you will need it to create your integration instance.*
+
+   2. Download the certificateBase34.txt file.
+   3. Open the downloaded txt file and copy the text.
+   4. In the integration instance configuration, paste the text in the **Certificate** field.
+
+3. Attach the .cer file to your Azure app.
+    1. In the Cortex XSOAR/XSIAM Playground, download the publickey.cer file
+    2. In the Azure application, in the left menu, click **Certificates & secrets**.
+    3. In the Certificates tab, upload the publickey.cer file.
+
+4. Assign Azure AD roles to the application.
+   1. You have two options:
+      - Assign Azure AD roles to the application.
+      - Assign custom role groups to the application using service principals.
+   2. In the [Azure AD portal](https://portal.azure.com/), search for **Microsoft Entra roles and administrators** in the Search box.
+   3. On the Roles and administrators page that opens, find and select one of the supported roles by clicking on the
+      name of the role (not the checkbox) in the results.
+      - The role **Security Administrator** is eligible for this integration.
+   4. On the Assignments page that opens, select **Add assignments**.
+   5. In the Add assignments flyout that opens, find and select the app that you created in Step 1.
+
+Note: The information in the Playground is sensitive information. You should delete the information by running the following command:
+
+   ***!DeleteContext all=yes***
+
+5. In Cortex XSOAR/XSIAM, in the integration instance configuration, enter your saved password in the **Password** field.
+6. In Azure, go to Entra ID (Overview blade) and copy the **Primary domain** field.
+7. In Cortex XSOAR/XSIAM, in the integration instance configuration, paste the Domain name in **The organization used in app-only authentication** field.
+8. In the Azure app, navigate to **Home** > **App registration** > **application name** and copy the Application (client) ID.
+9. In Cortex XSOAR/XSIAM, in the integration instance configuration, paste the application ID in **The application ID from the Azure portal** field.
+
+### Verify that the admin account has sufficient Exchange Online permissions
+
+For the integration to work, the Azure AD application's service principal must have the correct permissions assigned in the Exchange Online role groups.
+
+1. Open the Microsoft Purview Portal: <https://purview.microsoft.com/>
+2. Log in using an admin account that can manage role assignments for the Azure AD application (for example, a Global Administrator or Privileged Role Administrator).
+3. In the top bar, select: **Settings → Roles and scopes**
+4. In the left sidebar, select: **Role Groups**
+5. Search for the following role groups:
+   - **Organization Management** – the most privileged role and fully supported for this integration.
+   - **Security Administrator** – a highly privileged security role that also provides full access.
+6. Open the role and verify that the **service principal of the Azure AD application used by the integration** is listed.
+7. If not listed, click **Edit → Add Users** and assign the required roles.
+
+- Note - for more information go to the official [Microsoft Documentation.](https://learn.microsoft.com/en-us/defender-office-365)
+
+## Troubleshooting and Testing
+
+### Common Issues and Solutions
+
+#### **`The role assigned to application 'app-id' isn't supported in this scenario.`**
+
+**Scenario:**  
+When running 'Test', you receive the error:  
+*“The role assigned to application `app-id` isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication.”*
+
+**Solution:**  
+Verify that the application has the correct directory role assigned in the **Entra ID portal**.  
+See the **“App authentication”** section above for detailed guidance.
+
+---
+
+#### **`The term 'cmdlet' is not recognized as a name of a cmdlet…`**
+
+**Scenario:**  
+When running a command, you receive an error similar to:  
+*“The term `cmdlet` is not recognized as a name of a cmdlet, function, script file, or executable program…”*
+
+**Solution:**  
+Make sure the **service principal of the Azure AD application used by the integration** has sufficient **Exchange Online permissions**.  
+Refer to the **“Exchange Online permissions”** section above to confirm the correct roles are assigned and detailed guidance.
+
 ## Commands
 
 You can execute these commands from the CLI, as part of an automation, or in a playbook.
@@ -483,11 +579,11 @@ Official PowerShell cmdlet documentation [here](https://docs.microsoft.com/en-us
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 | list_type | List type to retrieve items from. | Required |
-| list_subtype | List subtype to retrieve items from.  | Optional |
+| list_subtype | List subtype to retrieve items from. | Optional |
 | action | Action to filter entries by. | Required |
 | expiration_date | Enter a specific date and time to filter entries by using format "YYYY-MM-DD HH:MM:SSz" for UTC time.  Alternately, a PowerShell **GetDate** statement can be used. | Optional |
 | no_expiration | Filter list items that are set to never expire. | Optional |
-| entry | Specif8ic entry value to retrieve. | Optional |
+| entry | Specific entry value to retrieve. | Optional |
 
 #### Context Output
 

Packs/MicrosoftExchangeOnline/ReleaseNotes/1_8_3.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### EWS Extension Online Powershell v3
+
+- Updated the documentation with the steps to verify required Exchange Online permissions in Microsoft Purview.
+

Packs/MicrosoftExchangeOnline/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Microsoft Exchange Online",
     "description": "Exchange Online and Office 365 (mail)",
     "support": "xsoar",
-    "currentVersion": "1.8.2",
+    "currentVersion": "1.8.3",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",