From 447deb3fce8ab3bab1a4f0ac59d67a69c8ed2726 Mon Sep 17 00:00:00 2001
From: Frank Boylan <80324891+FrankBoylan92@users.noreply.github.com>
Date: Tue, 2 Aug 2022 12:03:14 +0100
Subject: [PATCH] Adding note about change in behaviour for az cli

As per discussion with sureshja@microsoft.com, since the change of az cli from version 2.37, the az ad sp commands no longer operate on the App Registration, they operate on the Enterprise Application/Service Principal:
https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration#az-ad-sp-credential

This change in behaviour has prompted a request to change the docs to clarify the behaviour
---
 src/azure-cli/azure/cli/command_modules/role/_help.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/azure-cli/azure/cli/command_modules/role/_help.py b/src/azure-cli/azure/cli/command_modules/role/_help.py
index e15c1994a70..090966b7c35 100644
--- a/src/azure-cli/azure/cli/command_modules/role/_help.py
+++ b/src/azure-cli/azure/cli/command_modules/role/_help.py
@@ -115,6 +115,11 @@
     The output includes credentials that you must protect. Be sure that you do not include these credentials
     in your code or check the credentials into your source control. As an alternative, consider using
     [managed identities](https://aka.ms/azadsp-managed-identities) if available to avoid the need to use credentials.
+    
+    **Note:** This command resets the credentials of the Service Principal, not the App Registration.
+    As such, the credential shown in the output will be different from the credential shown in the portal under the App Registration pane.
+    Credentials of a Service Principal are not visable in the portal, only via the az cli or Microsoft Graph API.
+    To act on the credentials of the App Registration, please use the az ad app family of commands.
 examples:
   - name: Append a certificate to the application with the certificate string.
     text: az ad app credential reset --id 00000000-0000-0000-0000-000000000000 --cert "MIICoT..." --append