MicrosoftDocs
diff --git a/‎articles/logic-apps/logic-apps-securing-a-logic-app.md
Lines changed: 8 additions & 8 deletions b/‎articles/logic-apps/logic-apps-securing-a-logic-app.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/logic-apps/media/logic-apps-securing-a-logic-app/add-azure-active-directory-authorization-policies.png
-15.3 KB b/‎articles/logic-apps/media/logic-apps-securing-a-logic-app/add-azure-active-directory-authorization-policies.png
-15.3 KB
diff --git a/‎articles/logic-apps/media/logic-apps-securing-a-logic-app/set-up-authorization-policy.png
-11.8 KB b/‎articles/logic-apps/media/logic-apps-securing-a-logic-app/set-up-authorization-policy.png
-11.8 KB
@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewer: klam, logicappspm
 ms.topic: conceptual
-ms.date: 02/04/2020
+ms.date: 02/20/2020
 ---
 
 # Secure access and data in Azure Logic Apps
@@ -734,39 +734,39 @@ When you use [secured parameters](#secure-action-parameters) to handle and prote
 
 ### Enable Azure AD OAuth authentication on Request triggers
 
-If your logic app uses the Request trigger, you can use [Azure Active Directory OAuth](../active-directory/develop/about-microsoft-identity-platform.md) authentication for authorizing inbound calls to your logic app. Before you enable this authentication, review these considerations:
+When your logic app starts with the Request trigger, you can use [Azure Active Directory (AD) OAuth](../active-directory/develop/about-microsoft-identity-platform.md) authentication for authorizing inbound calls to your logic app. Before you enable this authentication, review these considerations:
 
-* Your logic app can have up to five authorization policies. Each authorization policy can have up to 10 claims.
+* Your logic app can have up to five authorization policies. Each authorization policy can have up to 10 [claims](../active-directory/develop/developer-glossary.md#claim).
 
-* An authorization policy must include at least the **Issuer** [claim](../active-directory/develop/developer-glossary.md#claim) whose value starts with the Azure Active Directory issuer ID, `https://sts.windows.net/`.
+* An authorization policy must include at least the **Issuer** claim, which has a value that starts with `https://sts.windows.net/` as the Azure Active Directory issuer ID.
 
 * Your logic app can't use both Azure AD OAuth [Shared Access Signatures (SAS)](#sas) for authorization.
 
 * Currently, open authentication tokens are supported only for workflow trigger requests.
 
 * Only Bearer-type authorization schemes are supported for OAuth tokens.
 
-Now, to set up this authentication, follow these steps to add one or more authorization policies to your logic app.
+To set up this authentication, follow these steps to add one or more authorization policies to your logic app.
 
 1. In the [Azure portal](https://portal.microsoft.com), find and open your logic app in the Logic App Designer.
 
 1. On the logic app menu, under **Settings**, select **Authorization**. After the Authorization pane opens, select **Add policy**.
 
    ![Select "Authorization" > "Add policy"](./media/logic-apps-securing-a-logic-app/add-azure-active-directory-authorization-policies.png)
 
-1. Provide information about the authorization policy by specifying the claim types and values that your logic app requires from inbound requests:
+1. Provide information about the authorization policy by specifying the [claim types](../active-directory/develop/developer-glossary.md#claim) and values that your logic app expects in the authentication tokens presented by inbound calls to the Request trigger:
 
    ![Provide information for authorization policy](./media/logic-apps-securing-a-logic-app/set-up-authorization-policy.png)
 
    | Property | Required | Description |
    |----------|----------|-------------|
    | **Policy name** | Yes | The name that you want to use for the authorization policy |
-   | **Claims** | Yes | The list of [claim](../active-directory/develop/developer-glossary.md#claim) types and values that incoming calls must use in the authentication tokens that they present to your logic app. This list requires at least one **Issuer**-type claim, which has a value that starts with the Azure AD issuer ID, `https://sts.windows.net/`. <p><p>Standard claims have these types: <p><p>- **Issuer** <br>- **Audience** <br>- **Subject** <br>- **JWT ID** <p><p>For more information about these claim types, see [Claims in Azure AD security tokens](../active-directory/azuread-dev/v1-authentication-scenarios.md#claims-in-azure-ad-security-tokens). You can also specify your own claim type and value.  |
+   | **Claims** | Yes | The claim types and values that your logic app accepts from inbound calls. Here are the available standard claim types: <p><p>- **Issuer** <br>- **Audience** <br>- **Subject** <br>- **JWT ID** <p><p>At the minimum, the **Claims** list must include the **Issuer** claim, which has a value that starts with the `https://sts.windows.net/` Azure AD issuer ID. For more information about these claim types, see [Claims in Azure AD security tokens](../active-directory/azuread-dev/v1-authentication-scenarios.md#claims-in-azure-ad-security-tokens). You can also specify your own claim type and value. |
    |||
 
 1. To add another claim, select from these options:
 
-   * To add another standard claim type, select the claim type, and specify the claim value.
+   * To add another standard claim type, select **Add standard claim**, select the claim type, and specify the claim value.
 
    * To add your own claim, select **Add custom claim**, and specify the custom claim value.