[Bulk update] Update RBAC boilerplate text in includes (#28677)

* Update RBAC boilerplate text in beta includes to new pattern

- Replace 'In delegated scenarios with work or school accounts' with
  'For delegated access using work or school accounts'
- Replace 'or a custom role with a supported role permission' with
  'or a custom role that grants the minimum permissions required for
  this operation'
- Replace list intro sentence with new two-paragraph format using a
  blank blockquote separator and 'This operation supports the following
  built-in roles, which provide only the least privilege necessary:'
- Add blockquote paragraph separator before inline italic role names

Applies to 187 files in api-reference/beta/includes/rbac-for-apis/.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update RBAC boilerplate text in v1.0 includes (sync from beta)

Sync 122 v1.0 RBAC include files from their updated beta counterparts.
Updates delegated access intro text and role list intro to use the new
[!IMPORTANT] callout pattern, matching the beta changes in 4fdbc82.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Nit undo paragraph

* Update /authorAPIDocs, /reviewAPIDocs prompt as well

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: FaithOmbongi

api-reference/beta/includes/rbac-for-apis/onpremauthenticationpolicy-entra-roles-read.md

@@ -4,7 +4,7 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - Directory Reviewer
 > - Global Administrator
 > - Global Reader

api-reference/beta/includes/rbac-for-apis/onpremauthenticationpolicy-entra-roles-write.md

@@ -4,5 +4,6 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-> - Global Administrator
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation.
+>
+> *Global Administrator* is the only built-in role supported for this operation.

api-reference/beta/includes/rbac-for-apis/rbac-access-review-policy-apis-read.md

@@ -4,7 +4,7 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - Global Reader
 > - Security Reader
 > - Identity Governance Administrator

api-reference/beta/includes/rbac-for-apis/rbac-access-review-policy-apis-update.md

@@ -4,6 +4,6 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - Identity Governance Administrator
 > - Privileged Role Administrator

api-reference/beta/includes/rbac-for-apis/rbac-access-reviews-apis-read.md

@@ -4,7 +4,7 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - To read access reviews of a group or app: the creator of the access review; *Global Reader*, *Security Reader*, *User Administrator*, *Identity Governance Administrator*, *Security Administrator*
 >
 > - To read access reviews of a Microsoft Entra role: *Security Reader*, *Identity Governance Administrator*, *Privileged Role Administrator*, *Security Administrator*

api-reference/beta/includes/rbac-for-apis/rbac-access-reviews-apis-write.md

@@ -4,6 +4,6 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - To write access reviews of a group or app: *User Administrator*, *Identity Governance Administrator*
 > - To write access reviews of a Microsoft Entra role: *Identity Governance Administrator*, *Privileged Role Administrator*

api-reference/beta/includes/rbac-for-apis/rbac-admin-units-apis-read.md

@@ -5,7 +5,7 @@ ms.topic: include
 
 > [!IMPORTANT]
 > 
-> In delegated scenarios with work or school accounts, the signed-in user must be a member user or be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be a member user or be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > - Directory Readers - Read *basic* properties and members of administrative units
 > - Global Reader - Read *all* properties of administrative units, including members 
 > - Privileged Role Administrator - Fully manage administrative units, including members, but excluding restricted administrative units. For more information, see [Restricted management administrative units in Microsoft Entra ID](/entra/identity/role-based-access-control/admin-units-restricted-management)

api-reference/beta/includes/rbac-for-apis/rbac-admin-units-apis-write.md

@@ -5,4 +5,4 @@ ms.topic: include
 
 > [!IMPORTANT]
 > 
-> In delegated scenarios with work or school accounts, the signed-in user must be a member user or be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Privileged Role Administrator* is the least privileged role supported for this operation.
+> For delegated access using work or school accounts, the signed-in user must be a member user or be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. s*Privileged Role Administrator* is the least privileged role supported for this operation.

api-reference/beta/includes/rbac-for-apis/rbac-adminconsentrequestpolicy-apis-read.md

@@ -5,7 +5,7 @@ ms.topic: include
 
 > [!IMPORTANT]
 > 
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > 
 > - Global Reader
 > - Cloud Application Administrator

api-reference/beta/includes/rbac-for-apis/rbac-adminconsentrequestpolicy-apis-update.md

@@ -5,7 +5,7 @@ ms.topic: include
 
 > [!IMPORTANT]
 > 
-> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> For delegated access using work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
 > 
 > - Cloud Application Administrator
 > - Application Administrator