Update directory.read.all.md

FaithOmbongi · web-flow · commit 9a5000c4e765 · 2024-11-06T20:31:58.000+03:00
Change link to Entra admin roles
diff --git a/includes/permissions-notes/directory.read.all.md b/includes/permissions-notes/directory.read.all.md
@@ -4,11 +4,10 @@ ms.localizationpriority: high
 
 <!-- markdownlint-disable MD002 MD041 -->
 
-> [!CAUTION]
-> Directory permissions provide the highest level of privilege for accessing directory resources such as [user](/graph/api/resources/user), [group](/graph/api/resources/group), and [device](/graph/api/resources/device) in an organization.
->
-> They also exclusively control access to other directory resources like: [organizational contacts](/graph/api/resources/orgcontact?view=graph-rest-beta&preserve-view=true) and [schema extensions](/graph/api/resources/schemaextension?view=graph-rest-beta&preserve-view=true), as well as many directory resources including administrative units, directory roles, directory settings, and policies.
+> Directory permissions grant broad access to directory (Microsoft Entra ID) resources such as [user](/graph/api/resources/user), [group](/graph/api/resources/group), and [device](/graph/api/resources/device) in an organization. Whenever possible, choose permissions specific to these resources and avoid using directory permissions.
+> 
+> Directory permissions might be deprecated in the future.
 
-Before December 3rd, 2020, when the application permission *Directory.Read.All* was granted, the [Directory Readers](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#directory-readers-permissions) directory role was also assigned to the app's service principal. This directory role isn't removed automatically when the associated application permissions are revoked. To remove an application's access to read or write to the directory, customers must also remove any directory roles that were granted to the application.
+Before December 3rd, 2020, when the application permission *Directory.Read.All* was granted, the [Directory Readers](/entra/identity/role-based-access-control/permissions-reference#directory-writers) directory role was also assigned to the app's service principal. This directory role isn't removed automatically when the associated application permissions are revoked. To remove an application's access to read or write to the directory, customers must also remove any directory roles that were granted to the application.
 
 A service update disabling this behavior began rolling out on December 3rd, 2020. Deployment to all customers completed on January 11th, 2021. Directory roles are no longer automatically assigned when application permissions are granted.
