Improved content about app-only context (SharePoint#5546)

Author: PaoloPia

docs/solution-guidance/Bulk-user-profile-update-api-for-sharepoint-online.md

@@ -1,7 +1,7 @@
 ---
 title: Bulk update custom user profile properties for SharePoint Online
 description: To replicate custom attributes to the SharePoint user profile service, use the UserProfile.BatchUpdate.API.
-ms.date: 5/8/2018
+ms.date: 4/3/2020
 localization_priority: Priority
 ---
 
@@ -400,7 +400,18 @@ _DataFileNotJson - JsonToken EndObject is not valid for closing JsonType Array.
 
 ### Can I execute the code using app-only/add-in only permissions?
 
-Yes, you need to register the client ID and secret to be able to execute the APIs. Because the actual import of the file does not occur synchronously with the identity of the caller, this works without any issues.
+Yes, the actual import of the file does not occur synchronously with the identity of the caller, so this works with app-only context without any issues.
+
+In order to use an app-only context with the SharePoint add-in model, you need to register a client ID and secret to be able to execute the APIs following [this guidance](https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs). Moreover, while registering the SharePoint add-in you will have to grant the permissions using the following XML snippet:
+
+```xml
+<AppPermissionRequests AllowAppOnlyPolicy="true">
+  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
+  <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" /> 
+</AppPermissionRequests>
+```
+
+In order to use app-only with an application registered in Azure Active Directory, you need to [register the application](https://docs.microsoft.com/en-us/graph/auth-register-app-v2), [provide a X.509 certificate for authentication](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-microsoft-identity-platform), which is a requirement for SharePoint Online app-only authentication within Azure Active Directory, and grant the following SharePoint Online permissions scopes for Application: Sites.FullControl.All and User.ReadWrite.All .
 
 ### This API is updating properties in the user profile service, but how would I create those properties in the tenant?
 
@@ -420,7 +431,7 @@ No, this is not currently supported with this API.
 
 ### What permissions are required for executing this API?
 
-You must have Global Admin permissions currently. SharePoint Admin is not sufficient.
+You must have Global Admin permissions currently, unless you use an app-only authentication context. SharePoint Admin is not sufficient.
 
 ### Can I import taxonomy based properties?