update the article with Acrolinx suggestions

genlin · genlin · commit 8ab4b74208f5 · 2025-04-08T15:09:31.000+08:00
diff --git a/support/entra/entra-id/users-groups-entra-apis/error-call-me-endpoint-microsoft-graph.md b/support/entra/entra-id/users-groups-entra-apis/error-call-me-endpoint-microsoft-graph.md
@@ -1,20 +1,20 @@
 ---
-title: The Identity of the Calling Application Could Not Be Established
-description: Provides solutions to the identity of the calling application could not be established error when using Microsoft Graph.
+title: NoPermissionsInAccessToken when calling me endpoint in Microsoft Graph
+description: Describes an issue in which the you receive `NoPermissionsInAccessToken` error when you call `/me` endpoint in Microsoft Graph.
 ms.date: 04/03/2025
 ms.service: entra-id
 ms.custom: sap:Getting access denied errors (Authorization)
 ms.reviewer: willfid, v-weizhu
 ---
-# resolve issues with calling the “me” endpoint in Microsoft Graph
+# NoPermissionsInAccessToken when calling me endpoint
 
-Microsoft Graph provides various methods to retrieve user information from Azure Active Directory (Azure AD). This includes user attributes, group memberships, email access, and more. However, specific endpoints in Microsoft Graph require particular permissions and contexts to function correctly. This article explains the functionality of the “me” endpoint, restrictions associated with it, common errors when using it improperly, and how to resolve these issues.
+This article describes an issue in which the you receive `NoPermissionsInAccessToken` error when you call `/me` endpoint in Microsoft Graph.
 
 ## Symptoms
 
 When you try to call the `/me` endpoint from your Microsoft Entra ID-based application that use [client credentials grant flow](/entra/identity-platform/v2-oauth2-client-creds-grant-flow), the following error may occur:
 
-json
+·```output
 {
 "error": {
 "code": "NoPermissionsInAccessToken",
@@ -28,10 +28,10 @@ json
 }
 }
 }
-
+·```
 ## Cause
 
-The `/me` endpoint is designed to allow signed-in users to retrieve their own information. To call the `/me` endpoint, it requires a user context because it uses delegated permissions. This means that a token generated by using the client credentials grant flow cannot use the `/me` endpoint due to the absence of user context information.
+The `/me` endpoint is designed to allow signed-in users to retrieve their own information. To call the `/me` endpoint, it requires a user context because it uses delegated permissions. This means that a token generated by using the client credentials grant flow can't use the `/me` endpoint due to the absence of user context information.
 
 Tokens obtained using the client credentials grant flow represent application identities, not user identities. These tokens contain a **roles** claim for application permissions instead of a scp (scopes) claim for delegated permissions. The absence of user context makes it impossible for the `/me` endpoint to determine the user associated with the request.
 
