Merge pull request #288622 from meganbradley/meganbradley/docutune-autopr-20241017-141414-2380127-ignore-build

[BULK] - DocuTune remediation - Sensitive terms with GUIDs (part 11)

Author: v-dirichards

articles/communication-services/quickstarts/manage-teams-identity.md

@@ -107,7 +107,7 @@ The service principal of the Contoso application in the Fabrikam tenant is creat
 You can see that the status of the Communication Services Teams.ManageCalls and Teams.ManageChats permissions are *Granted for {Directory_name}*.
 
 
-If you run into the issue "The app is trying to access a service '1fd5118e-2576-4263-8130-9503064c837a'(Azure Communication Services) that your organization '{GUID}' lacks a service principal for. Contact your IT Admin to review the configuration of your service subscriptions or consent to the application to create the required service principal." your Microsoft Entra tenant lacks a service principal for the Azure Communication Services application. To fix this issue, use PowerShell as a Microsoft Entra administrator to connect to your tenant. Replace `Tenant_ID` with an ID of your Microsoft Entra tenancy. 
+If you run into the issue "The app is trying to access a service '00001111-aaaa-2222-bbbb-3333cccc4444'(Azure Communication Services) that your organization '{GUID}' lacks a service principal for. Contact your IT Admin to review the configuration of your service subscriptions or consent to the application to create the required service principal." your Microsoft Entra tenant lacks a service principal for the Azure Communication Services application. To fix this issue, use PowerShell as a Microsoft Entra administrator to connect to your tenant. Replace `Tenant_ID` with an ID of your Microsoft Entra tenancy. 
 
 You will require **Application.ReadWrite.All** as shown below.
 
@@ -125,7 +125,7 @@ Install-Module Microsoft.Graph
 Then execute the following command to add a service principal to your tenant. Do not modify the GUID of the App ID.
 
 ```script
-New-MgServicePrincipal -AppId "1fd5118e-2576-4263-8130-9503064c837a"
+New-MgServicePrincipal -AppId "00001111-aaaa-2222-bbbb-3333cccc4444"
 ```
 
 

articles/communication-services/quickstarts/sms/receive-sms.md

@@ -27,7 +27,7 @@ The `SMSReceived` event generated when an SMS is sent to an Azure Communication
 ```json
 [{
   "id": "Incoming_20200918002745d29ebbea-3341-4466-9690-0a03af35228e",
-  "topic": "/subscriptions/50ad1522-5c2c-4d9a-a6c8-67c11ecb75b8/resourcegroups/acse2e/providers/microsoft.communication/communicationservices/{communication-services-resource-name}",
+  "topic": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourcegroups/acse2e/providers/microsoft.communication/communicationservices/{communication-services-resource-name}",
   "subject": "/phonenumber/15555555555",
   "data": {
     "MessageId": "Incoming_20200918002745d29ebbea-3341-4466-9690-0a03af35228e",

articles/communications-gateway/connect-operator-connect.md

@@ -90,7 +90,7 @@ To add the Project Synergy application:
 1. Run the following cmdlet, replacing *`<TenantID>`* with the tenant ID you noted down in step 5.
     ```powershell
     Connect-AzureAD -TenantId "<TenantID>"
-    New-AzureADServicePrincipal -AppId eb63d611-525e-4a31-abd7-0cb33f679599 -DisplayName "Operator Connect"
+    New-AzureADServicePrincipal -AppId 00001111-aaaa-2222-bbbb-3333cccc4444 -DisplayName "Operator Connect"
     ```
 
 ## Assign an Admin user to the Project Synergy application
@@ -161,7 +161,7 @@ Do the following steps in the tenant that contains your Project Synergy applicat
 1. Run the following PowerShell commands. These commands add the following roles for Azure Communications Gateway: `TrunkManagement.Read`, `TrunkManagement.Write`, `partnerSettings.Read`, `NumberManagement.Read`, `NumberManagement.Write`, `Data.Read`, `Data.Write`.
     ```powershell
     # Get the Service Principal ID for Project Synergy (Operator Connect)
-    $projectSynergyApplicationId = "eb63d611-525e-4a31-abd7-0cb33f679599"
+    $projectSynergyApplicationId = "00001111-aaaa-2222-bbbb-3333cccc4444"
     $projectSynergyEnterpriseApplication = Get-MgServicePrincipal -Filter "AppId eq '$projectSynergyApplicationId'" # "Application.Read.All"
     
     # Required Operator Connect - Project Synergy Roles
@@ -170,7 +170,7 @@ Do the following steps in the tenant that contains your Project Synergy applicat
     $partnerSettingsRead = "d6b0de4a-aab5-4261-be1b-0e1800746fb2"
     $numberManagementRead = "130ecbe2-d1e6-4bbd-9a8d-9a7a909b876e"
     $numberManagementWrite = "752b4e79-4b85-4e33-a6ef-5949f0d7d553"
-    $dataRead = "eb63d611-525e-4a31-abd7-0cb33f679599"
+    $dataRead = "00001111-aaaa-2222-bbbb-3333cccc4444"
     $dataWrite = "98d32f93-eaa7-4657-b443-090c23e69f27"
     $requiredRoles = $trunkManagementRead, $trunkManagementWrite, $partnerSettingsRead, $numberManagementRead, $numberManagementWrite, $dataRead, $dataWrite
 
@@ -223,13 +223,13 @@ Go to the [Operator Connect homepage](https://operatorconnect.microsoft.com/) an
 
 You must enable Azure Communications Gateway within the Operator Connect or Teams Phone Mobile environment. This process requires configuring your environment with two Application IDs:
 -  The Application ID of the system-assigned managed identity that you found in  [Find the Application ID for your Azure Communication Gateway resource](#find-the-application-id-for-your-azure-communication-gateway-resource). This Application ID allows Azure Communications Gateway to use the roles that you set up in [Set up application roles for Azure Communications Gateway](#set-up-application-roles-for-azure-communications-gateway).
-- A standard Application ID for an automatically created AzureCommunicationsGateway enterprise application. This ID is always `8502a0ec-c76d-412f-836c-398018e2312b`.
+- A standard Application ID for an automatically created AzureCommunicationsGateway enterprise application. This ID is always `11112222-bbbb-3333-cccc-4444dddd5555`.
 
 To add the Application IDs:
 
 1. Log into the [Operator Connect portal](https://operatorconnect.microsoft.com/operator/configuration).
 1. Add a new **Application Id** for the Application ID that you found for the managed identity.
-1. Add a second **Application Id** for the value `8502a0ec-c76d-412f-836c-398018e2312b`.
+1. Add a second **Application Id** for the value `11112222-bbbb-3333-cccc-4444dddd5555`.
 
 ## Register your deployment's domain name in Microsoft Entra
 

articles/confidential-computing/quick-create-confidential-vm-arm.md

@@ -170,7 +170,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
 
     ```Powershell
     Connect-Graph -Tenant "your tenant ID" Application.ReadWrite.All
-    New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"
+    New-MgServicePrincipal -AppId 00001111-aaaa-2222-bbbb-3333cccc4444 -DisplayName "Confidential VM Orchestrator"
     ```
 
 1. Set up your Azure key vault. For how to use an Azure Key Vault Managed HSM instead, see the next step.
@@ -194,7 +194,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
     1. Give `Confidential VM Orchestrator` permissions to `get` and `release` the key vault.
 
         ```azurecli-interactive
-        $cvmAgent = az ad sp show --id "bf7b6499-ff71-4aa2-97a4-f372087be7f0" | Out-String | ConvertFrom-Json
+        $cvmAgent = az ad sp show --id "00001111-aaaa-2222-bbbb-3333cccc4444" | Out-String | ConvertFrom-Json
         az keyvault set-policy --name $KeyVault --object-id $cvmAgent.Id --key-permissions get release
         ```
 
@@ -210,7 +210,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
     1. Give `Confidential VM Orchestrator` permissions to managed HSM.
 
         ```azurecli-interactive
-        $cvmAgent = az ad sp show --id "bf7b6499-ff71-4aa2-97a4-f372087be7f0" | Out-String | ConvertFrom-Json
+        $cvmAgent = az ad sp show --id "00001111-aaaa-2222-bbbb-3333cccc4444" | Out-String | ConvertFrom-Json
         az keyvault role assignment create --hsm-name $hsm --assignee $cvmAgent.Id --role "Managed HSM Crypto Service Release User" --scope /keys/$KeyName
         ```
 

articles/confidential-computing/quick-create-confidential-vm-azure-cli.md

@@ -86,15 +86,15 @@ To create a confidential [disk encryption set](/azure/virtual-machines/linux/dis
 For this step you need to be a Global Admin or you need to have the User Access Administrator RBAC role. [Install Microsoft Graph SDK](/powershell/microsoftgraph/installation) to execute the commands below.
   ```Powershell
   Connect-Graph -Tenant "your tenant ID" Application.ReadWrite.All
-  New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"
+  New-MgServicePrincipal -AppId 00001111-aaaa-2222-bbbb-3333cccc4444 -DisplayName "Confidential VM Orchestrator"
   ```
 2.  Create an Azure Key Vault using the [az keyvault create](/cli/azure/keyvault) command. For the pricing tier, select Premium (includes support for HSM backed keys). Make sure that you have an owner role in this key vault.
   ```azurecli-interactive
   az keyvault create -n keyVaultName -g myResourceGroup --enabled-for-disk-encryption true --sku premium --enable-purge-protection true --enable-rbac-authorization false
   ```
 3. Give `Confidential VM Orchestrator` permissions to `get` and `release` the key vault.
   ```Powershell
-  $cvmAgent = az ad sp show --id "bf7b6499-ff71-4aa2-97a4-f372087be7f0" | Out-String | ConvertFrom-Json
+  $cvmAgent = az ad sp show --id "00001111-aaaa-2222-bbbb-3333cccc4444" | Out-String | ConvertFrom-Json
   az keyvault set-policy --name keyVaultName --object-id $cvmAgent.Id --key-permissions get release
   ```
 4. Create a key in the key vault using [az keyvault key create](/cli/azure/keyvault). For the key type, use RSA-HSM.

articles/confidential-computing/quick-create-confidential-vm-portal.md

@@ -22,7 +22,7 @@ You can use the Azure portal to create a [confidential VM](confidential-vm-overv
 
     ```Powershell
     Connect-Graph -Tenant "your tenant ID" Application.ReadWrite.All
-    New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"
+    New-MgServicePrincipal -AppId 00001111-aaaa-2222-bbbb-3333cccc4444 -DisplayName "Confidential VM Orchestrator"
     ```
 
 ## Create confidential VM

articles/connectors/connectors-integrate-security-operations-create-api-microsoft-graph-security.md

@@ -37,7 +37,7 @@ To learn more about Microsoft Graph Security, see the [Microsoft Graph Security
   | Property | Value |
   |----------|-------|
   | **Application Name** | `MicrosoftGraphSecurityConnector` |
-  | **Application ID** | `c4829704-0edc-4c3d-a347-7c4a67586f3c` |
+  | **Application ID** | `00001111-aaaa-2222-bbbb-3333cccc4444` |
   |||
 
   To grant consent for the connector, your Microsoft Entra tenant administrator can follow either these steps:

articles/container-apps/manage-secrets.md

@@ -179,7 +179,7 @@ When you create a container app, secrets are defined using the `--secrets` param
 
 - The parameter accepts a space-delimited set of name/value pairs.
 - Each pair is delimited by an equals sign (`=`).
-- To specify a Key Vault reference, use the format `<SECRET_NAME>=keyvaultref:<KEY_VAULT_SECRET_URI>,identityref:<MANAGED_IDENTITY_ID>`. For example, `queue-connection-string=keyvaultref:https://mykeyvault.vault.azure.net/secrets/queuereader,identityref:/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-identity`.
+- To specify a Key Vault reference, use the format `<SECRET_NAME>=keyvaultref:<KEY_VAULT_SECRET_URI>,identityref:<MANAGED_IDENTITY_ID>`. For example, `queue-connection-string=keyvaultref:https://mykeyvault.vault.azure.net/secrets/queuereader,identityref:/subscriptions/ffffffff-eeee-dddd-cccc-bbbbbbbbbbb0/resourcegroups/my-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-identity`.
 
 ```azurecli-interactive
 az containerapp create \

articles/cost-management-billing/manage/assign-roles-azure-service-principals.md

@@ -72,10 +72,10 @@ Later in this article, you give permission to the Microsoft Entra app to act by
 
 | Role | Actions allowed | Role definition ID |
 | --- | --- | --- |
-| EnrollmentReader | Enrollment readers can view data at the enrollment, department, and account scopes. The data contains charges for all of the subscriptions under the scopes, including across tenants. Can view the Azure Prepayment (previously called monetary commitment) balance associated with the enrollment. | 24f8edb6-1668-4659-b5e2-40bb5f3a7d7e |
-| EA purchaser | Purchase reservation orders and view reservation transactions. It has all the permissions of EnrollmentReader, which have all the permissions of DepartmentReader. It can view usage and charges across all accounts and subscriptions. Can view the Azure Prepayment (previously called monetary commitment) balance associated with the enrollment. | da6647fb-7651-49ee-be91-c43c4877f0c4  |
+| EnrollmentReader | Enrollment readers can view data at the enrollment, department, and account scopes. The data contains charges for all of the subscriptions under the scopes, including across tenants. Can view the Azure Prepayment (previously called monetary commitment) balance associated with the enrollment. | aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e |
+| EA purchaser | Purchase reservation orders and view reservation transactions. It has all the permissions of EnrollmentReader, which have all the permissions of DepartmentReader. It can view usage and charges across all accounts and subscriptions. Can view the Azure Prepayment (previously called monetary commitment) balance associated with the enrollment. | bbbb1b1b-cc2c-dd3d-ee4e-ffffff5f5f5f  |
 | DepartmentReader | Download the usage details for the department they administer. Can view the usage and charges associated with their department. | db609904-a47f-4794-9be8-9bd86fbffd8a |
-| SubscriptionCreator | Create new subscriptions in the given scope of Account. | a0bcee42-bf30-4d1b-926a-48d21664ef71 |
+| SubscriptionCreator | Create new subscriptions in the given scope of Account. | cccc2c2c-dd3d-ee4e-ff5f-aaaaaa6a6a6a |
 
 - An EnrollmentReader role can be assigned to a service principal only by a user who has an enrollment writer role. The EnrollmentReader role assigned to a service principal isn't shown in the Azure portal. It gets created by programmatic means and is only for programmatic use.
 - A DepartmentReader role can be assigned to a service principal only by a user who has an enrollment writer or department writer role.
@@ -110,11 +110,11 @@ A service principal can have only one role.
       | --- | --- |
       | `properties.principalId` | It's the value of Object ID. See [Find your service principal and tenant IDs](#find-your-service-principal-and-tenant-ids). |
       | `properties.principalTenantId` | See [Find your service principal and tenant IDs](#find-your-service-principal-and-tenant-ids). |
-      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountName}/billingRoleDefinitions/24f8edb6-1668-4659-b5e2-40bb5f3a7d7e` |
+      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountName}/billingRoleDefinitions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e` |
 
       The billing account name is the same parameter that you used in the API parameters. It's the enrollment ID that you see in the Azure portal.
 
-      Notice that `24f8edb6-1668-4659-b5e2-40bb5f3a7d7e` is a billing role definition ID for an EnrollmentReader.
+      Notice that `aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e` is a billing role definition ID for an EnrollmentReader.
 
 1. Select **Run** to start the command.
 
@@ -128,7 +128,7 @@ Now you can use the service principal to automatically access EA APIs. The servi
 
 For the EA purchaser role, use the same steps for the enrollment reader. Specify the `roleDefinitionId`, using the following example:
 
-`"/providers/Microsoft.Billing/billingAccounts/1111111/billingRoleDefinitions/ da6647fb-7651-49ee-be91-c43c4877f0c4"`
+`"/providers/Microsoft.Billing/billingAccounts/1111111/billingRoleDefinitions/ bbbb1b1b-cc2c-dd3d-ee4e-ffffff5f5f5f"`
 
 ## Assign the department reader role to the service principal
 
@@ -204,11 +204,11 @@ Now you can use the service principal to automatically access EA APIs. The servi
       | --- | --- |
       | `properties.principalId` | It's the value of Object ID. See [Find your service principal and tenant IDs](#find-your-service-principal-and-tenant-ids). |
       | `properties.principalTenantId` | See [Find your service principal and tenant IDs](#find-your-service-principal-and-tenant-ids). |
-      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountID}/enrollmentAccounts/{enrollmentAccountID}/billingRoleDefinitions/a0bcee42-bf30-4d1b-926a-48d21664ef71` |
+      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountID}/enrollmentAccounts/{enrollmentAccountID}/billingRoleDefinitions/cccc2c2c-dd3d-ee4e-ff5f-aaaaaa6a6a6a` |
 
       The billing account name is the same parameter that you used in the API parameters. It's the enrollment ID that you see in the Azure portal.
 
-      The billing role definition ID of `a0bcee42-bf30-4d1b-926a-48d21664ef71` is for the subscription creator role.
+      The billing role definition ID of `cccc2c2c-dd3d-ee4e-ff5f-aaaaaa6a6a6a` is for the subscription creator role.
 
 1. Select **Run** to start the command.