Merge pull request #2791 from v-alje/scope-bulk-fix-2

Bulk fix adding --scopes parameter

Author: PRMerger5

articles/java/sdk/get-started.md

@@ -28,7 +28,7 @@ Your Java application needs *read* and *create* permissions in your Azure subscr
 [Create a service principal by using the Azure CLI 2.0](/cli/azure/create-an-azure-service-principal-azure-cli), and capture the output:
 
 ```azurecli
-az ad sp create-for-rbac --name AzureJavaTest --role Contributor
+az ad sp create-for-rbac --name AzureJavaTest --role Contributor --scopes /subscriptions/mySubscriptionID
 ```
 
 This command gives you a reply in the following format:

articles/java/sdk/identity-service-principal-auth.md

@@ -24,7 +24,7 @@ Use the [Azure CLI][azure_cli] examples below to create or get client secret cre
 Use the following command to create a service principal and configure its access to Azure resources:
 
 ```azurecli
-az ad sp create-for-rbac -n <your application name> --role Contributor
+az ad sp create-for-rbac -n <your application name> --role Contributor --scopes /subscriptions/mySubscriptionID
 ```
 
 This command returns a value similar to the following output:

articles/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-key-vault.md

@@ -100,7 +100,7 @@ Azure AD *service principals* provide access to Azure resources within your subs
 To create a service principal, use the following command.
 
 ```azurecli
-az ad sp create-for-rbac --name contososp --role Contributor
+az ad sp create-for-rbac --name contososp --role Contributor --scopes /subscriptions/mySubscriptionID
 ```
 
 > [!NOTE]

articles/java/spring-framework/configure-spring-cloud-stream-binder-java-app-kafka-azure-event-hub.md

@@ -177,7 +177,7 @@ Azure AD *service principals* provide access to Azure resources within your subs
 To create a service principal, use the following command.
 
 ```azurecli
-az ad sp create-for-rbac --name contososp --role Contributor
+az ad sp create-for-rbac --name contososp --role Contributor --scopes /subscriptions/mySubscriptionID
 ```
 
 > [!NOTE]

articles/javascript/core/nodejs-sdk-azure-authenticate.md

@@ -59,7 +59,7 @@ Create a service principal and configure its access to Azure resources. The serv
 1. Create the service principal with the Azure [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command with the Azure CLI or [Cloud Shell](https://shell.azure.com). 
 
     ```azurecli
-    az ad sp create-for-rbac --name YOUR-SERVICE-PRINCIPAL-NAME --role Contributor
+    az ad sp create-for-rbac --name YOUR-SERVICE-PRINCIPAL-NAME --role Contributor --scopes /subscriptions/mySubscriptionID
     ```
 
 2. The response from the command includes secrets you need to store securely such as in [Azure Key Vault](/azure/key-vault/):

articles/javascript/how-to/with-web-app/azure-function-resource-group-management/introduction.md

@@ -71,7 +71,7 @@ An Azure service principal provides access to Azure without having to use your p
 1. In a bash terminal, create your service principal with [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac): 
 
     ```azurecli
-    az ad sp create-for-rbac --name YOUR-SERVICE-PRINCIPAL-NAME --role Contributor
+    az ad sp create-for-rbac --name YOUR-SERVICE-PRINCIPAL-NAME --role Contributor --scopes /subscriptions/mySubscriptionID
     ```
 1. Copy the entire output results to a temporary file. You will need these settings later.
 

articles/javascript/how-to/with-web-app/use-secret-environment-variables.md

@@ -70,7 +70,8 @@ This sample uses the [DefaultAzureCredential](/javascript/api/overview/azure/ide
     ```azurecli
     az ad sp create-for-rbac \
     --name REPLACE-WITH-YOUR-NEW-SERVICE-PRINCIPAL-NAME \
-    --role Contributor
+    --role Contributor \
+    --scopes /subscriptions/REPLACE_WITH_YOUR_SUBSCRIPTION_NAME_OR_ID
     ```
 
     An example service principal name is `demo-keyvault-service-principal-YOUR-NAME`, where `YOUR-NAME` is postpended to the string. 

articles/python/configure-local-development-environment.md

@@ -86,7 +86,7 @@ Each developer in your organization should perform these steps individually.
 1. Create the service principal:
 
     ```azurecli
-    az ad sp create-for-rbac --name localtest-sp-rbac
+    az ad sp create-for-rbac --name localtest-sp-rbac --role Contributor --scopes /subscriptions/mySubscriptionID
     ```
 
     For more details on the command and its arguments, see [What the create-for-rbac command does](#what-the-create-for-rbac-command-does).

articles/terraform/create-vm-scaleset-network-disks-using-packer-hcl.md

@@ -44,7 +44,7 @@ In this article, you learn how to:
 1. Run [az ad sp create-for-rbac](/cli/azure/ad/sp?#az-ad-sp-create-for-rbac) to enable Packer to authenticate to Azure using a service principal. 
 
     ```azurecli
-    az ad sp create-for-rbac --role Contributor --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
+    az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<subscription_id> --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
     ```
 
     **Key points:**

articles/terraform/includes/authenticate-to-azure.md

@@ -87,7 +87,7 @@ The most common pattern is to interactively sign in to Azure, create a service p
 1. To create a service principal, run [az ad sp create-for-rbac](/cli/azure/ad/sp?#az-ad-sp-create-for-rbac).
 
     ```azurecli
-    az ad sp create-for-rbac --name <service_principal_name> --role Contributor
+    az ad sp create-for-rbac --name <service_principal_name> --role Contributor --scopes /subscriptions/<subscription_id>
     ```
 
     **Key points:**