Merge pull request #10400 from msftnelder/patch-4

chrisda · web-flow · commit 4725bbe9def2 · 2023-02-01T10:31:41.000-08:00
Update Test-ServicePrincipalAuthorization.md
diff --git a/exchange/exchange-ps/exchange/Test-ServicePrincipalAuthorization.md b/exchange/exchange-ps/exchange/Test-ServicePrincipalAuthorization.md
@@ -36,10 +36,29 @@ You need to be assigned permissions before you can run this cmdlet. Although thi
 
 ### Example 1
 ```powershell
-Test-ServicePrincipalAuthorization -Identity "DemoB" -Resource "Test Mailbox" | Format-Table
+PS C:\> Test-ServicePrincipalAuthorization -Identity "DemoB" -Resource "Mailbox A" | Format-Table
+
+RoleName                      GrantedPermissions          AllowedResourceScope        ScopeType                 InScope 
+--------                      ------------------          --------------------        ---------                 ------
+Application Mail.Read         Mail.Read                   Canadian Employees           CustomRecipientScope     True 
+Application Calendars.Read    Calendars.Read              4d819ce9-9257-44..           AdministrativeUnit       False 
+Application Contacts.Read     Contacts.Read               Organization                 Organization             True 
+```
+
+This example tests if this service principal (the app named "DemoB") can exercise each of its assigned permissions against the target mailbox named "Mailbox A." The membership in the scope is indicated by the InScope column. 
+
+### Example 2
+```powershell
+PS C:\> Test-ServicePrincipalAuthorization -Identity "DemoB" | Format-Table
+
+RoleName                      GrantedPermissions          AllowedResourceScope        ScopeType                 InScope 
+--------                      ------------------          --------------------        ---------                 ------
+Application Mail.Read         Mail.Read                   Canadian Employees           CustomRecipientScope     Not Run 
+Application Calendars.Read    Calendars.Read              4d819ce9-9257-44..           AdministrativeUnit       Not Run  
+Application Contacts.Read     Contacts.Read               Organization                 Organization             Not Run  
 ```
 
-This example tests the RBAC for Applications permissions assigned to the app DemoB on the mailbox named "Test Mailbox"
+This example tests the entitlement of the app named "DemoB", including which permissions it has at which scopes. Because the command doesn't use the Resource parameter, the scope membership check is not run.
 
 ## PARAMETERS
 
