[APIM] Remove Directory.Read.All from required AAD permissions

Fixes https://dev.azure.com/mseng/TechnicalContent/_workitems/edit/1973079

Author: dlepow

articles/api-management/api-management-howto-aad.md

@@ -149,7 +149,6 @@ Now that you've enabled access for users in an Azure AD tenant, you can:
 * Control product visibility using Azure AD groups.
 
 Follow these steps to grant:
-* `Directory.Read.All` **application** permission for Microsoft Graph API.
 * `User.Read` **delegated** permission for Microsoft Graph API. 
 
 1. Update the first 3 lines of the following Azure CLI script to match your environment and run it.
@@ -161,8 +160,8 @@ Follow these steps to grant:
    #Login and Set the Subscription
    az login
    az account set --subscription $subId
-   #Assign the following permissions: Microsoft Graph Delegated Permission: User.Read, Microsoft Graph Application Permission: Directory.ReadAll
-   az rest --method PATCH --uri "https://graph.microsoft.com/v1.0/$($tenantId)/applications/$($appObjectID)" --body "{'requiredResourceAccess':[{'resourceAccess': [{'id': 'e1fe6dd8-ba31-4d61-89e7-88639da4683d','type': 'Scope'},{'id': '7ab1d382-f21e-4acd-a863-ba3e13f7da61','type': 'Role'}],'resourceAppId': '00000003-0000-0000-c000-000000000000'}]}"
+   #Assign the following permission: Microsoft Graph Delegated Permission: User.Read
+   az rest --method PATCH --uri "https://graph.microsoft.com/v1.0/$($tenantId)/applications/$($appObjectID)" --body "{'requiredResourceAccess':[{'resourceAccess': [{'id': 'e1fe6dd8-ba31-4d61-89e7-88639da4683d','type': 'Scope'}],'resourceAppId': '00000003-0000-0000-c000-000000000000'}]}"
    ```
 
 1. Sign out and sign back in to the Azure portal.