Added verified domain info when creating service principal (MicrosoftDocs#1934)

mikefrobbins · web-flow · commit 4e4cc6b237e9 · 2021-10-18T12:59:18.000-05:00
diff --git a/azps-5.9.0/Az.Resources/New-AzADApplication.md b/azps-5.9.0/Az.Resources/New-AzADApplication.md
@@ -13,6 +13,11 @@ original_content_git_url: https://github.com/Azure/azure-powershell/blob/master/
 ## SYNOPSIS
 Creates a new azure active directory application.
 
+> [!IMPORTANT]
+> The value of the 'IdentifierUri' parameter for `New-AzAdApplication` must use a verified domain of
+> the organization or its subdomain. For more information, see
+> [Troubleshooting the Azure Az PowerShell module](/powershell/azure/troubleshooting#service-principal-identifieruri-verified-domain-error).
+
 ## SYNTAX
 
 ### ApplicationWithoutCredentialParameterSet (Default)
@@ -144,7 +149,7 @@ Accept wildcard characters: False
 
 ### -EndDate
 The effective end date of the credential usage.
-The default end date value is one year from today. 
+The default end date value is one year from today.
 For an "asymmetric" type credential, this must be set to on or before the date that the X509 certificate is valid.
 
 ```yaml
@@ -251,7 +256,7 @@ Accept wildcard characters: False
 
 ### -StartDate
 The effective start date of the credential usage.
-The default start date value is today. 
+The default start date value is today.
 For an "asymmetric" type credential, this must be set to on or after the date that the X509 certificate is valid from.
 
 ```yaml
diff --git a/azps-5.9.0/Az.Resources/New-AzADServicePrincipal.md b/azps-5.9.0/Az.Resources/New-AzADServicePrincipal.md
@@ -13,6 +13,11 @@ original_content_git_url: https://github.com/Azure/azure-powershell/blob/master/
 ## SYNOPSIS
 Creates a new Azure active directory service principal.
 
+> [!IMPORTANT]
+> The value of the 'IdentifierUri' parameter for `New-AzAdApplication` must use a verified domain of
+> the organization or its subdomain. For more information, see
+> [Troubleshooting the Azure Az PowerShell module](/powershell/azure/troubleshooting#service-principal-identifieruri-verified-domain-error).
+
 ## SYNTAX
 
 ### SimpleParameterSet (Default)
diff --git a/docs-conceptual/azps-5.9.0/create-azure-service-principal-azureps.md b/docs-conceptual/azps-5.9.0/create-azure-service-principal-azureps.md
@@ -12,6 +12,11 @@ ms.custom: devx-track-azurepowershell
 Automated tools that use Azure services should always have restricted permissions. Instead of having
 applications sign in as a fully privileged user, Azure offers service principals.
 
+> [!IMPORTANT]
+> The value of the 'IdentifierUri' parameter for `New-AzAdApplication` must use a verified domain of
+> the organization or its subdomain. For more information, see
+> [Troubleshooting the Azure Az PowerShell module](/powershell/azure/troubleshooting#service-principal-identifieruri-verified-domain-error).
+
 An Azure service principal is an identity created for use with applications, hosted services, and
 automated tools to access Azure resources. This access is restricted by the roles assigned to the
 service principal, giving you control over which resources can be accessed and at which level. For
diff --git a/docs-conceptual/azps-5.9.0/troubleshooting.md b/docs-conceptual/azps-5.9.0/troubleshooting.md
@@ -66,3 +66,39 @@ each time you start a new PowerShell session.
 ```powershell
 Disable-AzContextAutosave
 ```
+
+## Service Principal IdentifierUri verified domain error
+
+Error: _Values of identifierUris property must use a verified domain of the organization or its
+subdomain_ is displayed when running `New-AzADServicePrincipal` or `New-AzADApplication`.
+
+Due to the Azure Active Directory breaking change requiring [AppId Uri in single tenant applications
+to require use of default scheme or verified
+domains](/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains)
+you must upgrade the [Az.Resources](https://www.powershellgallery.com/packages/Az.Resources) module
+to version 4.1.0 or later to continue using `New-AzADServicePrincipal` or `New-AzADApplication` cmdlets.
+
+You can also upgrade to Az PowerShell module version 6.0 or greater.
+
+### Timeline
+
+The requirement will be in effect starting 10/15/2021.
+
+### Impacted versions
+
+The following versions of Azure PowerShell are impacted by the AzureAD breaking change:
+
+- Az.Resources PowerShell module version 3.5.1-preview or lesser.
+- Az PowerShell module version 5.9.0 or lesser.
+
+If you are still encountering issues after upgrading, feel free to open an
+[issue](https://github.com/Azure/azure-powershell/issues/new?assignees=&labels=needs-triage&template=az-module-bug-report.md&title=).
+
+### Workaround
+
+If you cannot upgrade to the PowerShell modules described above, you may follow those steps when
+creating a service principal:
+
+- If needed, [add your custom domain name using Azure Active Directory portal](/active-directory/fundamentals/add-custom-domain)
+- Create an application with an accepted IdentifierUri
+- Create a service principal referring this application
diff --git a/docs-conceptual/azps-6.4.0/troubleshooting.md b/docs-conceptual/azps-6.4.0/troubleshooting.md
@@ -66,3 +66,39 @@ each time you start a new PowerShell session.
 ```powershell
 Disable-AzContextAutosave
 ```
+
+## Service Principal IdentifierUri verified domain error
+
+Error: _Values of identifierUris property must use a verified domain of the organization or its
+subdomain_ is displayed when running `New-AzADServicePrincipal` or `New-AzADApplication`.
+
+Due to the Azure Active Directory breaking change requiring [AppId Uri in single tenant applications
+to require use of default scheme or verified
+domains](/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains)
+you must upgrade the [Az.Resources](https://www.powershellgallery.com/packages/Az.Resources) module
+to version 4.1.0 or later to continue using `New-AzADServicePrincipal` or `New-AzADApplication` cmdlets.
+
+You can also upgrade to Az PowerShell module version 6.0 or greater.
+
+### Timeline
+
+The requirement will be in effect starting 10/15/2021.
+
+### Impacted versions
+
+The following versions of Azure PowerShell are impacted by the AzureAD breaking change:
+
+- Az.Resources PowerShell module version 3.5.1-preview or lesser.
+- Az PowerShell module version 5.9.0 or lesser.
+
+If you are still encountering issues after upgrading, feel free to open an
+[issue](https://github.com/Azure/azure-powershell/issues/new?assignees=&labels=needs-triage&template=az-module-bug-report.md&title=).
+
+### Workaround
+
+If you cannot upgrade to the PowerShell modules described above, you may follow those steps when
+creating a service principal:
+
+- If needed, [add your custom domain name using Azure Active Directory portal](/active-directory/fundamentals/add-custom-domain)
+- Create an application with an accepted IdentifierUri
+- Create a service principal referring this application
diff --git a/docs-conceptual/azps-6.5.0/troubleshooting.md b/docs-conceptual/azps-6.5.0/troubleshooting.md
@@ -66,3 +66,39 @@ each time you start a new PowerShell session.
 ```powershell
 Disable-AzContextAutosave
 ```
+
+## Service Principal IdentifierUri verified domain error
+
+Error: _Values of identifierUris property must use a verified domain of the organization or its
+subdomain_ is displayed when running `New-AzADServicePrincipal` or `New-AzADApplication`.
+
+Due to the Azure Active Directory breaking change requiring [AppId Uri in single tenant applications
+to require use of default scheme or verified
+domains](/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains)
+you must upgrade the [Az.Resources](https://www.powershellgallery.com/packages/Az.Resources) module
+to version 4.1.0 or later to continue using `New-AzADServicePrincipal` or `New-AzADApplication` cmdlets.
+
+You can also upgrade to Az PowerShell module version 6.0 or greater.
+
+### Timeline
+
+The requirement will be in effect starting 10/15/2021.
+
+### Impacted versions
+
+The following versions of Azure PowerShell are impacted by the AzureAD breaking change:
+
+- Az.Resources PowerShell module version 3.5.1-preview or lesser.
+- Az PowerShell module version 5.9.0 or lesser.
+
+If you are still encountering issues after upgrading, feel free to open an
+[issue](https://github.com/Azure/azure-powershell/issues/new?assignees=&labels=needs-triage&template=az-module-bug-report.md&title=).
+
+### Workaround
+
+If you cannot upgrade to the PowerShell modules described above, you may follow those steps when
+creating a service principal:
+
+- If needed, [add your custom domain name using Azure Active Directory portal](/active-directory/fundamentals/add-custom-domain)
+- Create an application with an accepted IdentifierUri
+- Create a service principal referring this application
