Merge pull request #25500 from microsoftgraph/rbac-bitLocker

Entra admin roles - Bitlocker

Author: Lauragra

api-reference/beta/api/bitlocker-list-recoverykeys.md

@@ -24,14 +24,15 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "bitlocker_list_recoverykeys" } -->
 [!INCLUDE [permissions-table](../includes/permissions/bitlocker-list-recoverykeys-permissions.md)]
 
-For delegated permissions to allow apps to get **bitLockerRecoveryKey** resources on behalf of the signed-in user, the user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or the calling user must be in at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
-
-* Cloud Device Administrator
-* Helpdesk Administrator
-* Intune Service Administrator
-* Security Administrator
-* Security Reader
-* Global Reader
+> [!IMPORTANT]
+> For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be assigned a supported [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).The following least privileged roles are supported for this operation.
+>
+> - Cloud device administrator
+> - Helpdesk administrator
+> - Intune service administrator
+> - Security administrator
+> - Security reader
+> - Global reader
 
 ## HTTP request
 To get a list of BitLocker keys within the tenant:

api-reference/beta/api/bitlockerrecoverykey-get.md

@@ -24,14 +24,15 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "bitlockerrecoverykey_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/bitlockerrecoverykey-get-permissions.md)]
 
->**Note:** For delegated permissions to allow apps to get **bitLockerRecoveryKey** resources on behalf of the signed-in user, the tenant administrator must have assigned the user one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json), or the user must be the **registered owner** of the device that the BitLocker key was originally backed up from: 
-
-* Cloud Device Administrator
-* Helpdesk Administrator
-* Intune Service Administrator
-* Security Administrator
-* Security Reader
-* Global Reader
+> [!IMPORTANT]
+> For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be assigned a supported [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).The following least privileged roles are supported for this operation.
+>
+> - Cloud device administrator
+> - Helpdesk administrator
+> - Intune service administrator
+> - Security administrator
+> - Security reader
+> - Global reader
 
 ## HTTP request
 To get the specified BitLocker key without returning the **key** property:

api-reference/v1.0/api/bitlocker-list-recoverykeys.md

@@ -24,14 +24,15 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "bitlocker_list_recoverykeys" } -->
 [!INCLUDE [permissions-table](../includes/permissions/bitlocker-list-recoverykeys-permissions.md)]
 
-For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be in at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-
-* Cloud device administrator
-* Helpdesk administrator
-* Intune service administrator
-* Security administrator
-* Security reader
-* Global reader
+> [!IMPORTANT]
+> For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be assigned a supported [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).The following least privileged roles are supported for this operation.
+>
+> - Cloud device administrator
+> - Helpdesk administrator
+> - Intune service administrator
+> - Security administrator
+> - Security reader
+> - Global reader
 
 ## HTTP request
 

api-reference/v1.0/api/bitlockerrecoverykey-get.md

@@ -22,14 +22,15 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "bitlockerrecoverykey_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/bitlockerrecoverykey-get-permissions.md)]
 
-For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be in at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-
-* Cloud device administrator
-* Helpdesk administrator
-* Intune service administrator
-* Security administrator
-* Security reader
-* Global reader
+> [!IMPORTANT]
+> For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be assigned a supported [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).The following least privileged roles are supported for this operation.
+>
+> - Cloud device administrator
+> - Helpdesk administrator
+> - Intune service administrator
+> - Security administrator
+> - Security reader
+> - Global reader
 
 ## HTTP request
 To get the specified BitLocker key without returning the **key** property: