Fix grammar, clarity, and formatting in documentation.

Edit review per CI 4607

Author: przlplx

support/entra/entra-id/users-groups-entra-apis/error-call-me-endpoint-microsoft-graph.md

@@ -8,11 +8,11 @@ ms.reviewer: willfid, v-weizhu
 ---
 # NoPermissionsInAccessToken when calling /me endpoint
 
-This article describes an issue in which the you receive `NoPermissionsInAccessToken` error when you call `/me` endpoint in Microsoft Graph. It also explains why you cannot call the `/me` endpoint with a token acquired via the client credentials grant flow
+This article discusses an issue in which the you receive a `NoPermissionsInAccessToken` error message when you call the `/me` endpoint in Microsoft Graph. This article also explains why you can't call the `/me` endpoint by using a token that's acquired through the client credentials grant flow.
 
 ## Symptoms
 
-When you try to call the `/me` endpoint from your Microsoft Entra ID-based application that use [client credentials grant flow](/entra/identity-platform/v2-oauth2-client-creds-grant-flow), the following error may occur:
+When you try to call the `/me` endpoint from your Microsoft Entra ID-based application that uses [client credentials grant flow](/entra/identity-platform/v2-oauth2-client-creds-grant-flow), you receive the following error message:
 
 ·```output
 {
@@ -29,36 +29,38 @@ When you try to call the `/me` endpoint from your Microsoft Entra ID-based appli
 }
 }
 ·```
+
 ## Cause
 
-The `/me` endpoint is designed to allow signed-in users to retrieve their own information. To call the `/me` endpoint, it requires a user context because it uses delegated permissions. This means that a token generated by using the client credentials grant flow can't use the `/me` endpoint due to the absence of user context information.
+The `/me` endpoint is designed to enable signed-in users to retrieve their own information. To call the `/me` endpoint, you must provide some user context because the endpont uses delegated permissions. This means that a token that's generated by using the client credentials grant flow can't use the `/me` endpoint because the user context information is absent.
 
-Tokens obtained using the client credentials grant flow represent application identities, not user identities. These tokens contain a **roles** claim for application permissions instead of a scp (scopes) claim for delegated permissions. The absence of user context makes it impossible for the `/me` endpoint to determine the user associated with the request.
+Tokens that are obtained by using the client credentials grant flow represent application identities, not user identities. These tokens contain a **roles** claim for application permissions instead of a scp (scopes) claim for delegated permissions. The absence of user context makes it impossible for the `/me` endpoint to determine the user who's associated with the request.
 
-#### Example tokens
+### Example tokens
 
 **Token with user context (delegated flow with a user signed in)**
 
-This token is granted by using delegated flow with a user signed in. It contains user-specific information and a `scp` claim that contains current user's the permissions:
+This token is granted by using delegated flow to which a user signed in. It contains user-specific information and a `scp` claim that contains the current user's permissions.
 
-:::image type="content" source="media/error-call-me-endpoint-microsoft-graph/token-sign-in-user-context.png" alt-text="Delegated token example" lightbox="media/error-call-me-endpoint-microsoft-graph/token-sign-in-user-context.png":::
+:::image type="content" source="media/error-call-me-endpoint-microsoft-graph/token-sign-in-user-context.png" alt-text="Screenshot that shows a delegated token example." lightbox="media/error-call-me-endpoint-microsoft-graph/token-sign-in-user-context.png":::
 
 **Token with application identity (client_credentials grant flow)**
 
-This token is generated by using the client credentials grant flow. It doesn't contain user-specific information, but contains a `roles` claim for application permissions:
+This token is generated by using the client credentials grant flow. It doesn't contain user-specific information. Insead, it contains a `roles` claim for application permissions.
 
-:::image type="content" source="media/error-call-me-endpoint-microsoft-graph/token-application-context.png" alt-text="Application token example" lightbox="media/error-call-me-endpoint-microsoft-graph/token-application-context.png":::
+:::image type="content" source="media/error-call-me-endpoint-microsoft-graph/token-application-context.png" alt-text="Screenshot that shows an application token example." lightbox="media/error-call-me-endpoint-microsoft-graph/token-application-context.png":::
 
 ## Solution
 
-When you use the client credentials grant flow in your application, you must use the `/users` endpoint instead of the `/me` endpoint. This allows you to retrieve user-specific information using application tokens.
+When you use the client credentials grant flow in your application, you must use the `/users` endpoint instead of the `/me` endpoint. This enables you to retrieve user-specific information by using application tokens.
 
-For example, if you want to call `GET https://graph.microsoft.com/v1.0/me/memberOf` to get a list of groups a user is a member of, use the following method:
+For example, if you want to call `GET https://graph.microsoft.com/v1.0/me/memberOf` to generate a list of groups that a user is a member of, use the following method:
 
-1. Obtain an application token using the client credentials grant flow.
-2. Ensure that the application has the **User.Read.All** permission to query user information.
+1. Obtain an application token by using the client credentials grant flow.
+2. Make sure that the application has the **User.Read.All** permission to query user information.
 3. Use the **users** endpoint to query specific user details. Replace {upn} with the User Principal Name (UPN) or User Object ID of the user.
     ```
     GET https://graph.microsoft.com/v1.0/users/{upn or userID}/memberOf
     ```
+
 [!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]