Merge pull request #220875 from FaithOmbongi/msgraphPermissionsLinks

Update links to Graph permissions reference

Author: prmerger-automator[bot]

articles/active-directory/fundamentals/active-directory-ops-guide-auth.md

@@ -315,6 +315,7 @@ To avoid this scenario, you should refer to [detect and remediate illicit consen
 
 #### Consent grants recommended reading
 
+- [Overview of Microsoft Graph permissions](/graph/permissions-overview)
 - [Microsoft Graph API permissions](/graph/permissions-reference)
 
 ### User and group settings

articles/active-directory/fundamentals/service-accounts-governing-azure.md

@@ -61,7 +61,7 @@ We recommend the following practices for service account privileges.
 * [Use OAuth 2.0 scopes](../develop/v2-permissions-and-consent.md) to limit the functionality a service account can access on a resource.
 * Service principals and managed identities can use OAuth 2.0 scopes in either a delegated context that is impersonating a signed-on user, or as service account in the application context. In the application context no is signed-on.
 
-* Check the scopes service accounts request for resources to ensure they're appropriate. For example, if an account is requesting Files.ReadWrite.All, evaluate if it actually needs only File.Read.All. For more information on permissions, see to [Microsoft Graph permission reference](/graph/permissions-reference).
+* Check the scopes service accounts request for resources to ensure they're appropriate. For example, if an account is requesting Files.ReadWrite.All, evaluate if it actually needs only File.Read.All. For more information on permissions, see the [Overview of Microsoft Graph permissions](/graph/permissions-overview).
 
 * Ensure you trust the developer of the application or API with the access requested to your resources.
 

articles/active-directory/governance/entitlement-management-catalog-create.md

@@ -138,7 +138,7 @@ To require attributes for access requests:
 1. If you chose **Built-in**, select an attribute from the dropdown list. If you chose **Directory schema extension**, enter the attribute name in the text box.
 
     > [!NOTE]
-    > The User.mobilePhone attribute can be updated only for non-administrator users. Learn more at [this website](/graph/permissions-reference#remarks-5).
+    > The User.mobilePhone attribute is a sensitive property that can be updated only by some administrators. Learn more at [Who can update sensitive user attributes?](/graph/api/resources/users#who-can-update-sensitive-attributes).
 
 1.	Select the answer format you want requestors to use for their answer. Answer formats include **short text**, **multiple choice**, and **long text**.
 

articles/databox-gateway/data-box-gateway-manage-access-power-connectivity-mode.md

@@ -65,7 +65,7 @@ When generating the activation key for the device, or performing any operations
 
 You should have `User` access on the Active Directory tenant so you can `Read all directory objects`. A Guest user doesn't have permissions to `Read all directory objects`. If you're a guest, operations like generating an activation key, creating a share on your device, and creating a user will fail.
 
-For more information on how to provide access to users to Microsoft Graph API, see [Microsoft Graph permissions reference](/graph/permissions-reference).
+For more information on how to provide access to users to Microsoft Graph API, see [Overview of Microsoft Graph permissions](/graph/permissions-overview).
 
 ### Register resource providers
 

articles/databox-online/azure-stack-edge-gpu-manage-access-power-connectivity-mode.md

@@ -145,14 +145,14 @@ To create your Azure Stack Edge / Data Box Gateway, IoT Hub, and Azure Storage r
 
 ### Manage Microsoft Graph API permissions
 
-When generating the activation key for the Azure Stack Edge Pro device, or performing any operations that require credentials, you need permissions to Azure Active Directory Graph API. The operations that need credentials could be:
+When generating the activation key for the Azure Stack Edge Pro device, or performing any operations that require credentials, you need permissions to the Microsoft Graph API. The operations that need credentials could be:
 
 -  Creating a share with an associated storage account.
 -  Creating a user who can access the shares on the device.
 
-You should have a `User` access on Active Directory tenant as you need to be able to `Read all directory objects`. You can't be a Guest user as they don't have permissions to `Read all directory objects`. If you're a guest, then the operations such as generation of an activation key, creation of a share on your Azure Stack Edge Pro device, creation of a user, configuration of Edge compute role, reset device password will all fail.
+You should have a `User` access on the Azure Active Directory tenant as you need to be able to `Read all directory objects`. You can't be a Guest user as they don't have permissions to `Read all directory objects`. If you're a guest, then the operations such as generation of an activation key, creation of a share on your Azure Stack Edge Pro device, creation of a user, configuration of Edge compute role, reset device password will all fail.
 
-For more information on how to provide access to users to Microsoft Graph API, see [Microsoft Graph permissions reference](/graph/permissions-reference).
+For more information on how to provide access to users to Microsoft Graph API, see [Overview of Microsoft Graph permissions](/graph/permissions-overview).
 
 ### Register resource providers
 

articles/databox-online/azure-stack-edge-manage-access-power-connectivity-mode.md

@@ -65,7 +65,7 @@ When generating the activation key for the Azure Stack Edge Pro FPGA device, or
 
 You should have a `User` access on Active Directory tenant as you need to be able to `Read all directory objects`. You can't be a Guest user as they don't have permissions to `Read all directory objects`. If you're a guest, then the operations such as generation of an activation key, creation of a share on your Azure Stack Edge Pro FPGA device, creation of a user, configuration of Edge compute role, reset device password will all fail.
 
-For more information on how to provide access to users to Microsoft Graph API, see [Microsoft Graph permissions reference](/graph/permissions-reference).
+For more information on how to provide access to users to Microsoft Graph API, see [Overview of Microsoft Graph permissions](/graph/permissions-overview).
 
 ### Register resource providers
 

articles/mysql/flexible-server/concepts-azure-ad-authentication.md

@@ -79,7 +79,7 @@ The following permissions are required to allow the UMI to read from the Microso
 - [GroupMember.Read.All](/graph/permissions-reference#group-permissions): Allows access to Azure AD group information.
 - [Application.Read.ALL](/graph/permissions-reference#application-resource-permissions): Allows access to Azure AD service principal (application) information.
 
-For guidance about how to grant and use the permissions, refer to [Microsoft Graph permissions](/graph/permissions-reference)
+For guidance about how to grant and use the permissions, refer to [Overview of Microsoft Graph permissions](/graph/permissions-overview)
 
 After you grant the permissions to the UMI, they're enabled for all servers or instances created with the UMI assigned as a server identity.
 

articles/mysql/flexible-server/how-to-azure-ad.md

@@ -55,7 +55,7 @@ To create an Azure AD Admin user, follow the following steps.
     - [GroupMember.Read.All](/graph/permissions-reference#group-permissions): Allows access to Azure AD group information.
     - [Application.Read.ALL](/graph/permissions-reference#application-resource-permissions): Allows access to Azure AD service principal (application) information.
 
-For guidance about how to grant and use the permissions, refer to [Microsoft Graph permissions](/graph/permissions-reference)
+For guidance about how to grant and use the permissions, refer to [Overview of Microsoft Graph permissions](/graph/permissions-overview)
 
 After you grant the permissions to the UMI, they're enabled for all servers or instances created with the UMI assigned as a server identity.