@kiazhi, Thanks for the question! We are investigating and will update you shortly.

Hi @kiazhi!
That is an example and you can have the command generate the app ID by default be omitting the -ApplicationID switch. Will update the doc with proper command and screenshot.
https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azadserviceprincipal?view=azps-4.3.0

assign:@asudbring

@asudbring actually, your answer is misleading. The hardcoded GUID must actually stay hardcoded. That seems to be a global ApplicationId of the whole Microsoft.Azure.Cdn.

Too bad it is not explained well enough in the documentation! Because I also thought it was only an example Id and I somehow needed to find my own. A few hours of work just wasted.

@asudbring can you confirm what @M0ns1gn0r had shared regarding it is a global ApplicationId of Microsoft.Azure.Cdn that needs to be hardcoded? Thank you.

@kiazhi @M0ns1gn0r

This one is a confusing one. Now that I go back and look at it after I've worked with CDN for a little bit and I see that indeed, that is the app ID for CDN. I'll confer with the PM and add a note that your are adding the CDN service as an application so that it can access the keyvault.