Entra admin roles - invalidate refresh tokens

Author: FaithOmbongi

api-reference/beta/api/user-invalidateallrefreshtokens.md

@@ -27,6 +27,15 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "user_invalidateallrefreshtokens" } -->
 [!INCLUDE [permissions-table](../includes/permissions/user-invalidateallrefreshtokens-permissions.md)]
 
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Directory Writers
+> - Helpdesk Administrator
+> - Authentication Administrator
+> - Privileged Authentication Administrator
+> - User Administrator
+
 ## HTTP request
 <!-- { "blockType": "ignored" } -->
 ```http