Merge pull request #229386 from FaithOmbongi/patch-7

prmerger-automator[bot] · web-flow · commit c900fd277a7f · 2023-03-03T18:00:24.000Z
Document correct filter syntax
diff --git a/articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md b/articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md
@@ -141,34 +141,28 @@ IIF(IsPresent([alternativeSecurityId]),
 
 ## Look up certificateUserIds using Microsoft Graph queries
 
-Tenant admins can run MS Graph queries to find all the users with a given certificateUserId value.
+Authorized callers can run Microsoft Graph queries to find all the users with a given certificateUserId value. On the Microsoft Graph [user](/graph/api/resources/user) object, the collection of certificateUserIds are stored in the **authorizationInfo** property.
           
-GET all user objects that have the value 'bob@contoso.com' value in certificateUserIds:
+To retrieve all user objects that have the value 'bob@contoso.com' in certificateUserIds:
 
-```http
-GET  https://graph.microsoft.com/v1.0/users?$filter=certificateUserIds/any(x:x eq 'bob@contoso.com')
-```
- 
-```http
-GET https://graph.microsoft.com/v1.0/users?$filter=startswith(certificateUserIds, 'bob@contoso.com')
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/users?$filter=authorizationInfo/certificateUserIds/any(x:x eq 'bob@contoso.com')&$count=true
+ConsistencyLevel: eventual
 ```
 
-```http
-GET https://graph.microsoft.com/v1.0/users?$filter=certificateUserIds eq 'bob@contoso.com'
-```
+You can also use the `not` and `startsWith` operators to match the filter condition. To filter against the certificateUserIds object, the request must include the `$count=true` query string and the **ConsistencyLevel** header set to `eventual`.
             
-## Update certificate user IDs using Microsoft Graph queries
-PATCH the user object certificateUserIds value for a given userId
+## Update certificateUserIds using Microsoft Graph queries
+
+Run a PATCH request to update the certificateUserIds for a given user.
 
 #### Request body:
 
 ```http
-PATCH https://graph.microsoft.us/v1.0/users/{id}
+PATCH https://graph.microsoft.com/v1.0/users/{id}
 Content-Type: application/json
-{
 
-    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(authorizationInfo,department)/$entity",
-    "department": "Accounting",
+{
     "authorizationInfo": {
         "certificateUserIds": [
             "X509:<PN>123456789098765@mil"
