From 002166e949aaa5498c308e03482e6c7edb56ae89 Mon Sep 17 00:00:00 2001
From: David Paulson <dpaul@microsoft.com>
Date: Thu, 15 Feb 2024 09:40:46 -0600
Subject: [PATCH 1/2] TlsDomain only need check with DomainValidation

---
 .../Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1    | 3 ++-
 docs/Diagnostics/HealthChecker/ExoConnectorCheck.md            | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
index c3c958cb04..772f22bb6c 100644
--- a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
+++ b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
@@ -318,7 +318,8 @@ function Invoke-AnalyzerFrequentConfigurationIssues {
             $showMoreInfo = $true
         }
 
-        if ($connector.TlsDomain -ne "mail.protection.outlook.com") {
+        if ($connector.TlsDomain -ne "mail.protection.outlook.com" -and
+            $connector.TlsAuthLevel -eq "DomainValidation") {
             $params = $baseParams + @{
                 Name                   = "Send Connector - $($connector.Identity.ToString())"
                 Details                = "TLSDomain  not set to mail.protection.outlook.com"
diff --git a/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md b/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md
index 0aab89e368..84ee82078a 100644
--- a/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md
+++ b/docs/Diagnostics/HealthChecker/ExoConnectorCheck.md
@@ -17,7 +17,7 @@ These are now being flagged as an issue due to some recent changes within Exchan
 Some additional configuration concerns are also warned about if one of the following is true:
 
 - TLSAuthLevel is not set to `CertificateValidation` or `DomainValidation`
-- TLSDomain is not set to `mail.protection.outlook.com`
+- TLSDomain is not set to `mail.protection.outlook.com` if TLSAuthLevel is set to `DomainValidation`
 
 ## Included in HTML Report?
 

From 5b22735b4f739685d5f7f5ca89100922d56c134b Mon Sep 17 00:00:00 2001
From: David Paulson <dpaul@microsoft.com>
Date: Thu, 15 Feb 2024 10:01:20 -0600
Subject: [PATCH 2/2] TlsAuthLevel set to NULL, TlsDomain warning no longer
 triggered

---
 .../HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
index 4497cba3b8..b926686dcf 100644
--- a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
+++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
@@ -121,7 +121,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
             TestObjectMatch "Open Relay Wild Card Domain" "Not Set"
             TestObjectMatch "EXO Connector Present" "True" # Custom EXO Connector with no TlsDomain TlsAuthLevel
 
-            $Script:ActiveGrouping.Count | Should -Be 14
+            $Script:ActiveGrouping.Count | Should -Be 13
         }
 
         It "Display Results - Security Settings" {