add required permissions

Author: omondiatieno

articles/active-directory/manage-apps/configure-permission-classifications.md

@@ -30,7 +30,7 @@ The minimum permissions needed to do basic sign-in are `openid`, `profile`, `ema
 To configure permission classifications, you need:
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-- One of the following roles: An administrator, or owner of the service principal.
+- One of the following roles: A global administrator, or owner of the service principal.
 
 ## Manage permission classifications
 
@@ -57,7 +57,7 @@ You can use the latest [Azure AD PowerShell](/powershell/module/azuread/?preserv
 Run the following command to connect to Azure AD PowerShell. To consent to the required scopes, sign in with one of the roles listed in the prerequisite section of this article.
 
 ```powershell
-Connect-AzureAD -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All".
+Connect-AzureAD -Scopes "Policy.ReadWrite.PermissionGrant".
 ```
 
 ### List the current permission classifications
@@ -134,7 +134,7 @@ You can use [Microsoft Graph PowerShell](/powershell/microsoftgraph/get-started?
 Run the following command to connect to Microsoft Graph PowerShell. To consent to the required scopes, sign in with one of the roles listed in the prerequisite section of this article.
 
 ```powershell
-Connect-MgGraph -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All".
+Connect-MgGraph -Scopes "Policy.ReadWrite.PermissionGrant".
 ```
 
 ### List current permission classifications for an API
@@ -208,9 +208,7 @@ Remove-MgServicePrincipalDelegatedPermissionClassification -DelegatedPermissionC
 
 To configure permissions classifications for an enterprise application, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section.
 
-You need to consent to the following permissions: 
-
-`Application.ReadWrite.All`, `Directory.ReadWrite.All`, `DelegatedPermissionGrant.ReadWrite.All`.
+You need to consent to the `Policy.ReadWrite.PermissionGrant` permission.
 
 Run the following queries on Microsoft Graph explorer to add a delegated permissions classification for an application.
 

articles/active-directory/manage-apps/custom-security-attributes-apps.md

@@ -192,10 +192,10 @@ Use the [Set-AzureADMSServicePrincipal](/powershell/module/azuread/set-azureadms
 
 Given the values
 
-	• Attribute set: Engineering
-	• Attribute: Project
-	• Attribute data type: String
-	• Attribute value: "Baker"
+- Attribute set: Engineering
+- Attribute: Project
+- Attribute data type: String
+- Attribute value: "Baker"
 
 ```powershell
 #Retrieve the servicePrincipal
@@ -273,10 +273,10 @@ Use the [Update servicePrincipal](/graph/api/serviceprincipal-update?view=graph-
 
 Given the values
 
-	• Attribute set: Engineering
-	• Attribute: Project
-	• Attribute data type: Collection of Strings
-	• Attribute value: Baker"
+- Attribute set: Engineering
+- Attribute: Project
+- Attribute data type: String
+- Attribute value: "Baker"
 
 ```http
 PATCH https://graph.microsoft.com/beta/servicePrincipals/{id}

articles/active-directory/manage-apps/manage-app-consent-policies.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/26/2023
+ms.date: 02/28/2023
 ms.author: jomondi
 ms.reviewer: phsignor, yuhko
 ms.custom: contperf-fy21q2
@@ -122,6 +122,7 @@ Once the app consent policy has been created, you can [allow user consent](confi
 
 To manage app consent policies, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section.
 
+You need to consent to the `Policy.ReadWrite.PermissionGrant` permission.
 ## List existing app consent policies
 
 It's a good idea to start by getting familiar with the existing app consent policies in your organization: