removing top hits #1

Author: cilwerner

docs/id-governance/privileged-identity-management/pim-how-to-activate-role.yml

@@ -117,7 +117,7 @@ procedureSection:
                         "device": null,
                         "user": {
                             "displayName": null,
-                            "id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
+                            "id": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
                         }
                     },
                     "scheduleInfo": {

docs/id-governance/privileged-identity-management/pim-how-to-add-role-to-user.md

@@ -151,7 +151,7 @@ Content-Type: application/json
         "device": null,
         "user": {
             "displayName": null,
-            "id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
+            "id": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
         }
     },
     "scheduleInfo": {
@@ -221,7 +221,7 @@ The following is an example of the response. The response object shown here migh
         "device": null,
         "user": {
             "displayName": null,
-            "id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
+            "id": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
         }
     },
     "scheduleInfo": {

docs/id-governance/privileged-identity-management/pim-how-to-renew-extend.md

@@ -134,7 +134,7 @@ POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentSch
         "device": null,
         "user": {
             "displayName": null,
-            "id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
+            "id": "aaaaaaaa-bbbb-cccc-1111-222222222222"
         }
     },
     "scheduleInfo": {

docs/identity/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -988,7 +988,7 @@ Requests from Microsoft Entra provisioning service include an OAuth 2.0 bearer t
 - Microsoft Entra bearer token. If **Secret Token** field is left blank, Microsoft Entra ID includes an OAuth bearer token issued from Microsoft Entra ID with each request. Apps that use Microsoft Entra ID as an identity provider can validate this Microsoft Entra ID-issued token.
 
   - The application that receives requests should validate the token issuer as being Microsoft Entra ID for an expected Microsoft Entra tenant.
-  - An `iss` claim identifies the issuer of the token. For example, `"iss":"https://sts.windows.net/12345678-0000-0000-0000-000000000000/"`. In this example, the base address of the claim value, `https://sts.windows.net` identifies Microsoft Entra ID as the issuer, while the relative address segment, _12345678-0000-0000-0000-000000000000_, is a unique identifier of the Microsoft Entra tenant for which the token was issued.
+  - An `iss` claim identifies the issuer of the token. For example, `"iss":"https://sts.windows.net/aaaabbbb-0000-cccc-1111-dddd2222eeee/"`. In this example, the base address of the claim value, `https://sts.windows.net` identifies Microsoft Entra ID as the issuer, while the relative address segment, _aaaabbbb-0000-cccc-1111-dddd2222eeee_, is a unique identifier of the Microsoft Entra tenant for which the token was issued.
   - The audience for a token is the **Application ID** for the application in the gallery. Applications registered in a single tenant receive the same `iss` claim with SCIM requests. The application ID for all custom apps is _8adf8e6e-67b2-4cf2-a259-e3dc5476c621_. The token generated by the Microsoft Entra ID should only be used for testing. It shouldn't be used in production environments.
 
 
@@ -1011,7 +1011,7 @@ public void ConfigureServices(IServiceCollection services)
         })
             .AddJwtBearer(options =>
             {
-                options.Authority = " https://sts.windows.net/12345678-0000-0000-0000-000000000000/";
+                options.Authority = " https://sts.windows.net/aaaabbbb-0000-cccc-1111-dddd2222eeee/";
                 options.Audience = "8adf8e6e-67b2-4cf2-a259-e3dc5476c621";
                 ...
             });
@@ -1181,7 +1181,7 @@ In a request for user provisioning, the value of the resource argument is an ins
 Microsoft Entra ID requests the current state of the specified user from the service with a request such as: 
 
 ```
-GET ~/scim/Users/54D382A4-2050-4C03-94D1-E769F1D15682 HTTP/1.1
+GET ~/scim/Users/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 HTTP/1.1
 Authorization: Bearer ...
 ```
 
@@ -1200,7 +1200,7 @@ Task<Resource> RetrieveAsync(IRequest<IResourceRetrievalParameters> request);
 
 In the example of a request, to retrieve the current state of a user, the values of the properties of the object provided as the value of the parameters argument are as follows: 
 
-* Identifier: "54D382A4-2050-4C03-94D1-E769F1D15682"
+* Identifier: "a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1"
 * SchemaIdentifier: `urn:ietf:params:scim:schemas:extension:enterprise:2.0:User`
 
 ***Example 4. Query the value of a reference attribute to be updated*** 
@@ -1211,7 +1211,7 @@ In the sample code, the request is translated into a call to the QueryAsync meth
 * parameters.AlternateFilters.Count: 2
 * parameters.AlternateFilters.ElementAt(x).AttributePath: "ID"
 * parameters.AlternateFilters.ElementAt(x).ComparisonOperator: ComparisonOperator.Equals
-* parameters.AlternateFilter.ElementAt(x).ComparisonValue: "54D382A4-2050-4C03-94D1-E769F1D15682"
+* parameters.AlternateFilter.ElementAt(x).ComparisonValue: "a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1"
 * parameters.AlternateFilters.ElementAt(y).AttributePath: "manager"
 * parameters.AlternateFilters.ElementAt(y).ComparisonOperator: ComparisonOperator.Equals
 * parameters.AlternateFilter.ElementAt(y).ComparisonValue: "2819c223-7f76-453a-919d-413861904646"
@@ -1225,7 +1225,7 @@ The value of the index x can be `0` and the value of the index y can be `1`. Or
 Here's an example of a request from Microsoft Entra ID to an SCIM endpoint to update a user: 
 
 ```http
-PATCH ~/scim/Users/54D382A4-2050-4C03-94D1-E769F1D15682 HTTP/1.1
+PATCH ~/scim/Users/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 HTTP/1.1
 Authorization: Bearer ...
 Content-type: application/scim+json
 {
@@ -1261,7 +1261,7 @@ In the example of a request, to update a user, the object provided as the value
 
 |Argument|Value|
 |-|-|
-|`ResourceIdentifier.Identifier`|"54D382A4-2050-4C03-94D1-E769F1D15682"|
+|`ResourceIdentifier.Identifier`|"a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1"|
 |`ResourceIdentifier.SchemaIdentifier`| `urn:ietf:params:scim:schemas:extension:enterprise:2.0:User`|
 |`(PatchRequest as PatchRequest2).Operations.Count`|1|
 |`(PatchRequest as PatchRequest2).Operations.ElementAt(0).OperationName`| `OperationName.Add`|
@@ -1275,7 +1275,7 @@ In the example of a request, to update a user, the object provided as the value
 To deprovision a user from an identity store fronted by an SCIM endpoint, Microsoft Entra ID sends a request such as:
 
 ```http
-DELETE ~/scim/Users/54D382A4-2050-4C03-94D1-E769F1D15682 HTTP/1.1
+DELETE ~/scim/Users/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 HTTP/1.1
 Authorization: Bearer ...
 ```
 
@@ -1293,7 +1293,7 @@ Task DeleteAsync(IRequest<IResourceIdentifier> request);
 
 The object provided as the value of the resourceIdentifier argument has these property values in the example of a request to deprovision a user: 
 
-* ResourceIdentifier.Identifier: "54D382A4-2050-4C03-94D1-E769F1D15682"
+* ResourceIdentifier.Identifier: "a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1"
 * ResourceIdentifier.SchemaIdentifier: `urn:ietf:params:scim:schemas:extension:enterprise:2.0:User`
 
 <a name='integrate-your-scim-endpoint-with-the-azure-ad-provisioning-service'></a>

docs/identity/enterprise-apps/assign-app-owners.md

@@ -49,18 +49,18 @@ To assign an owner to an enterprise application:
 
 To add an owner to an enterprise application using Microsoft Graph PowerShell, you need to sign in as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator) and consent to the `Application.ReadWrite.All` permission.
 
-In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the applicationId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
+In the following example, the user's object ID is aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb and the applicationId is 00001111-aaaa-2222-bbbb-3333cccc4444.
 
 ```powershell
 1. Connect-MgGraph -Scopes 'Application.ReadWrite.All'
 
 1. Import-Module Microsoft.Graph.Applications
 
 $params = @{
-    "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/8afc02cb-4d62-4dba-b536-9f6d73e9be26"
+    "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
 }
 
-New-MgServicePrincipalOwnerByRef -ServicePrincipalId '46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b' -BodyParameter $params
+New-MgServicePrincipalOwnerByRef -ServicePrincipalId '00001111-aaaa-2222-bbbb-3333cccc4444' -BodyParameter $params
 ```
 
 :::zone-end
@@ -71,14 +71,14 @@ To assign an owner to an application using Microsoft Graph API, sign in to [Grap
 
 You need to consent to the `Application.ReadWrite.All` permission.
 
-Run the following Microsoft Graph query to assign an owner to an application. You need the object ID of the user you want to assign the application to. In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the appId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
+Run the following Microsoft Graph query to assign an owner to an application. You need the object ID of the user you want to assign the application to. In the following example, the user's object ID is aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb and the appId is 00001111-aaaa-2222-bbbb-3333cccc4444.
 
 ```http
-POST https://graph.microsoft.com/v1.0/servicePrincipals(appId='46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b')/owners/$ref
+POST https://graph.microsoft.com/v1.0/servicePrincipals(appId='00001111-aaaa-2222-bbbb-3333cccc4444')/owners/$ref
 Content-Type: application/json
 
 {
-    "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/8afc02cb-4d62-4dba-b536-9f6d73e9be26"
+    "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
 }
 ```
 

docs/identity/enterprise-apps/grant-admin-consent.md

@@ -96,7 +96,7 @@ For more information on constructing the tenant-wide admin consent URL, see [Adm
 
 In this section, you grant delegated permissions to your application. Delegated permissions are permissions your application needs to access an API on behalf of a signed-in user. The permissions are defined by a resource API and granted to your enterprise application, which is the client application. This consent is granted on behalf of all users.
 
-In the following example, the resource API is Microsoft Graph of object ID `7ea9e944-71ce-443d-811c-71e8047b557a`. The Microsoft Graph API defines the delegated permissions, `User.Read.All` and `Group.Read.All`. The consentType is `AllPrincipals`, indicating that you're consenting on behalf of all users in the tenant. The object ID of the client enterprise application is `b0d9b9e3-0ecf-4bfd-8dab-9273dd055a941`.
+In the following example, the resource API is Microsoft Graph of object ID `7ea9e944-71ce-443d-811c-71e8047b557a`. The Microsoft Graph API defines the delegated permissions, `User.Read.All` and `Group.Read.All`. The consentType is `AllPrincipals`, indicating that you're consenting on behalf of all users in the tenant. The object ID of the client enterprise application is `00001111-aaaa-2222-bbbb-3333cccc4444`.
 
 > [!CAUTION]
 > Be careful! Permissions granted programmatically aren't subject to review or confirmation. They take effect immediately.
@@ -118,7 +118,7 @@ In the following example, the resource API is Microsoft Graph of object ID `7ea9
    ```powershell
    $params = @{
    
-   "ClientId" = "b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94"
+   "ClientId" = "00001111-aaaa-2222-bbbb-3333cccc4444"
    "ConsentType" = "AllPrincipals"
    "ResourceId" = "7ea9e944-71ce-443d-811c-71e8047b557a"
    "Scope" = "User.Read.All Group.Read.All"
@@ -131,14 +131,14 @@ In the following example, the resource API is Microsoft Graph of object ID `7ea9
 1. Confirm that you've granted tenant wide admin consent by running the following request.
 
   ```powershell
-   Get-MgOauth2PermissionGrant -Filter "clientId eq 'b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94' and consentType eq 'AllPrincipals'" 
+   Get-MgOauth2PermissionGrant -Filter "clientId eq '00001111-aaaa-2222-bbbb-3333cccc4444' and consentType eq 'AllPrincipals'" 
   ```
 
 ## Grant admin consent for application permissions using Microsoft Graph PowerShell
 
 In this section, you grant application permissions to your enterprise application. Application permissions are permissions your application needs to access a resource API. The permissions are defined by the resource API and granted to your enterprise application, which is the principal application. After you've granted your application access to the resource API, it runs as a background service or daemon without a signed-in user. Application permissions are also known as app roles.
 
-In the following example, you grant the Microsoft Graph application (the principal of ID `b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94`) an app role (application permission) of ID `df021288-bdef-4463-88db-98f22de89214` that's exposed by a resource API of ID `7ea9e944-71ce-443d-811c-71e8047b557a`.
+In the following example, you grant the Microsoft Graph application (the principal of ID `aaaaaaaa-bbbb-cccc-1111-222222222222`) an app role (application permission) of ID `df021288-bdef-4463-88db-98f22de89214` that's exposed by a resource API of ID `7ea9e944-71ce-443d-811c-71e8047b557a`.
 
 1. Connect to Microsoft Graph PowerShell and sign in as at least a [Privileged Role Administrator](~/identity/role-based-access-control/permissions-reference.md#privileged-role-administrator).
 
@@ -156,12 +156,12 @@ In the following example, you grant the Microsoft Graph application (the princip
 
 ```powershell
  $params = @{
-  "PrincipalId" ="b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94"
+  "PrincipalId" ="aaaaaaaa-bbbb-cccc-1111-222222222222"
   "ResourceId" = "7ea9e944-71ce-443d-811c-71e8047b557a"
   "AppRoleId" = "df021288-bdef-4463-88db-98f22de89214"
 }
 
-New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId 'b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94' -BodyParameter $params | 
+New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId 'aaaaaaaa-bbbb-cccc-1111-222222222222' -BodyParameter $params | 
   Format-List Id, AppRoleId, CreatedDateTime, PrincipalDisplayName, PrincipalId, PrincipalType, ResourceDisplayName
 ```
 
@@ -177,7 +177,7 @@ In this section, you grant delegated permissions to your application. Delegated
 
 You need to sign in as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
 
-In the following example, the resource API is Microsoft Graph of object ID `7ea9e944-71ce-443d-811c-71e8047b557a`. The Microsoft Graph API defines the delegated permissions, `User.Read.All` and `Group.Read.All`. The consentType is `AllPrincipals`, indicating that you're consenting on behalf of all users in the tenant. The object ID of the client enterprise application is `b0d9b9e3-0ecf-4bfd-8dab-9273dd055a941`.
+In the following example, the resource API is Microsoft Graph of object ID `7ea9e944-71ce-443d-811c-71e8047b557a`. The Microsoft Graph API defines the delegated permissions, `User.Read.All` and `Group.Read.All`. The consentType is `AllPrincipals`, indicating that you're consenting on behalf of all users in the tenant. The object ID of the client enterprise application is `00001111-aaaa-2222-bbbb-3333cccc4444`.
 
 > [!CAUTION]
 > Be careful! Permissions granted programmatically are not subject to review or confirmation. They take effect immediately.
@@ -195,7 +195,7 @@ In the following example, the resource API is Microsoft Graph of object ID `7ea9
    
    Request body
    {
-      "clientId": "b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94",
+      "clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
       "consentType": "AllPrincipals",
       "resourceId": "7ea9e944-71ce-443d-811c-71e8047b557a",
       "scope": "User.Read.All Group.Read.All"
@@ -205,14 +205,14 @@ In the following example, the resource API is Microsoft Graph of object ID `7ea9
 1. Confirm that you've granted tenant wide admin consent by running the following request.
 
    ```http
-   GET https://graph.microsoft.com/v1.0/oauth2PermissionGrants?$filter=clientId eq 'b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94' and consentType eq 'AllPrincipals'
+   GET https://graph.microsoft.com/v1.0/oauth2PermissionGrants?$filter=clientId eq '00001111-aaaa-2222-bbbb-3333cccc4444' and consentType eq 'AllPrincipals'
    ```
 
 ## Grant admin consent for application permissions using Microsoft Graph API
 
 In this section, you grant application permissions to your enterprise application. Application permissions are permissions your application needs to access a resource API. The permissions are defined by the resource API and granted to your enterprise application, which is the principal application. After you've granted your application access to the resource API, it runs as a background service or daemon without a signed-in user. Application permissions are also known as app roles.
 
-In the following example, you grant the application, Microsoft Graph (the principal of ID `b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94`) an app role (application permission) of ID `df021288-bdef-4463-88db-98f22de89214` that's exposed by a resource enterprise application of ID `7ea9e944-71ce-443d-811c-71e8047b557a`.
+In the following example, you grant the application, Microsoft Graph (the principal of ID `00001111-aaaa-2222-bbbb-3333cccc4444`) an app role (application permission) of ID `df021288-bdef-4463-88db-98f22de89214` that's exposed by a resource enterprise application of ID `7ea9e944-71ce-443d-811c-71e8047b557a`.
 
 You need to sign as at least a [Privileged Role Administrator](~/identity/role-based-access-control/permissions-reference.md#privileged-role-administrator).
 
@@ -230,7 +230,7 @@ You need to sign as at least a [Privileged Role Administrator](~/identity/role-b
    Request body
 
    {
-      "principalId": "b0d9b9e3-0ecf-4bfd-8dab-9273dd055a94",
+      "principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
       "resourceId": "7ea9e944-71ce-443d-811c-71e8047b557a",
       "appRoleId": "df021288-bdef-4463-88db-98f22de89214"
    }