MicrosoftDocs
diff --git a/‎articles/openshift/howto-aad-app-configuration.md
Lines changed: 3 additions & 4 deletions b/‎articles/openshift/howto-aad-app-configuration.md
Lines changed: 3 additions & 4 deletions
diff --git a/‎articles/openshift/media/howto-aad-app-configuration/permissions-empty.png
-69.6 KB b/‎articles/openshift/media/howto-aad-app-configuration/permissions-empty.png
-69.6 KB
diff --git a/‎articles/openshift/media/howto-aad-app-configuration/permissions-required.png
-8.68 KB b/‎articles/openshift/media/howto-aad-app-configuration/permissions-required.png
-8.68 KB
@@ -89,15 +89,14 @@ For details on creating a new Azure AD application, see [Register an app with th
 ## Add API permissions
 
 1. In the **Manage** section click **API permissions**.
-![Screenshot of the API permissions panel](./media/howto-aad-app-configuration/permissions-empty.png)
-2. Click **Add permission** and select **Microsoft Graph** then **Delegated permissions**
+2. Click **Add permission** and select **Azure Active Directory Graph** then **Delegated permissions**
 3. Expand **User** on the list below and make sure **User.Read** is enabled.
 4. Scroll up and select **Application permissions**.
 5. Expand **Directory** on the list below and enable **Directory.ReadAll**
 6. Click **Add permissions** to accept the changes.
-7. The API permissions panel should now show both *User.Read* and *Directory.ReadAll* as shown on the screenshot below. Please note the warning in **Admin consent required** column next to *Directory.ReadAll*.
-![Screenshot of the API permissions panel. User.Read and Directory.ReadAll permissions added, admin consent required for Directory.ReadAll](./media/howto-aad-app-configuration/permissions-required.png)
+7. The API permissions panel should now show both *User.Read* and *Directory.ReadAll*. Please note the warning in **Admin consent required** column next to *Directory.ReadAll*.
 8. If you are the *Azure Subscription Administrator*, click **Grant admin consent for *Subscription Name*** below. If you are not the *Azure Subscription Administrator*, request the consent from your administrator.
+![Screenshot of the API permissions panel. User.Read and Directory.ReadAll permissions added, admin consent required for Directory.ReadAll](./media/howto-aad-app-configuration/permissions-required.png)
 
 > [!IMPORTANT]
 > Synchronization of the cluster administrators group will work only after consent has been granted. You will see a green circle with a checkmark and a message "Granted for *Subscription Name*" in the *Admin consent required* column.