Merge pull request #108349 from stevemunk/how-to-secure-device-code

"How to secure device code" Improved grammar and created end links.

Author: Jak-MS

articles/azure-maps/how-to-secure-device-code.md

@@ -1,7 +1,7 @@
 ---
-title: How to secure input constrained device with Azure AD and Azure Maps REST APIs
+title: How to secure an input constrained device using  Azure AD and Azure Maps REST API
 titleSuffix: Azure Maps
-description: How to configure a browser-less application which supports sign-in to Azure AD and calls Azure Maps REST APIs.
+description: How to configure a browser-less application that supports sign-in to Azure AD and calls Azure Maps REST API.
 author: eriklindeman
 ms.author: eriklind
 ms.date: 06/12/2020
@@ -10,52 +10,48 @@ ms.service: azure-maps
 services: azure-maps
 ---
 
-# Secure an input constrained device with Azure AD and Azure Maps REST APIs
+# Secure an input constrained device by using Azure Active Directory (Azure AD) and Azure Maps REST APIs
 
-This guide discusses how to secure public applications or devices that cannot securely store secrets or accept browser input. These types of applications fall under the category of IoT or internet of things. Some examples of these applications may include: Smart TV devices or sensor data emitting applications. 
+This guide discusses how to secure public applications or devices that can't securely store secrets or accept browser input. These types of applications fall under the internet of things (IoT) category. Examples include Smart TVs and sensor data emitting applications.
 
 [!INCLUDE [authentication details](./includes/view-authentication-details.md)]
 
 ## Create an application registration in Azure AD
 
 > [!NOTE]
-> * **Prerequisite Reading:** [Scenario: Desktop app that calls web APIs](../active-directory/develop/scenario-desktop-overview.md)
+>
+> * **Prerequisite Reading:** [Scenario: Desktop app that calls web APIs]
 > * The following scenario uses the device code flow, which does not involve a web browser to acquire a token.
 
-Create the device based application in Azure AD to enable Azure AD sign in. This application will be granted access to Azure Maps REST APIs.
+Create the device based application in Azure AD to enable Azure AD sign in, which is granted access to Azure Maps REST APIs.
 
 1. In the Azure portal, in the list of Azure services, select **Azure Active Directory** > **App registrations** > **New registration**.  
 
-    > [!div class="mx-imgBorder"]
-    > ![App registration](./media/how-to-manage-authentication/app-registration.png)
+    :::image type="content" source="./media/how-to-manage-authentication/app-registration.png" alt-text="A screenshot showing application registration in Azure AD":::
 
-2. Enter a **Name**, choose **Accounts in this organizational directory only** as the **Supported account type**. In **Redirect URIs**, specify **Public client / native (mobile & desktop)** then add `https://login.microsoftonline.com/common/oauth2/nativeclient` to the value. For more details please see Azure AD [Desktop app that calls web APIs: App registration](../active-directory/develop/scenario-desktop-app-registration.md). Then **Register** the application.
+2. Enter a **Name**, choose **Accounts in this organizational directory only** as the **Supported account type**. In **Redirect URIs**, specify **Public client / native (mobile & desktop)** then add `https://login.microsoftonline.com/common/oauth2/nativeclient` to the value. For more information, see Azure AD [Desktop app that calls web APIs: App registration]. Then **Register** the application.
 
-    > [!div class="mx-imgBorder"]
-    > ![Add app registration details for name and redirect uri](./media/azure-maps-authentication/devicecode-app-registration.png)
+    :::image type="content" source="./media/azure-maps-authentication/devicecode-app-registration.png" alt-text="A screenshot showing the settings used to register an application.":::
 
-3. Navigate to **Authentication** and enable **Treat application as a public client**. This will enable device code authentication with Azure AD.
+3. Navigate to **Authentication** and enable **Treat application as a public client** to enable device code authentication with Azure AD.
 
-    > [!div class="mx-imgBorder"]
-    > ![Enable app registration as public client](./media/azure-maps-authentication/devicecode-public-client.png)
+    :::image type="content" source="./media/azure-maps-authentication/devicecode-public-client.png" alt-text="A screenshot showing the advanced settings used to specify treating the application as a public client.":::
 
 4. To assign delegated API permissions to Azure Maps, go to the application. Then select **API permissions** > **Add a permission**. Under **APIs my organization uses**, search for and select **Azure Maps**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Add app API permissions](./media/how-to-manage-authentication/app-permissions.png)
+    :::image type="content" source="./media/how-to-manage-authentication/app-permissions.png" alt-text="A screenshot showing where you request API permissions.":::
 
 5. Select the check box next to **Access Azure Maps**, and then select **Add permissions**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Select app API permissions](./media/how-to-manage-authentication/select-app-permissions.png)
+    :::image type="content" source="./media/how-to-manage-authentication/select-app-permissions.png" alt-text="A screenshot showing where you specify the app permissions you require.":::
 
-6. Configure Azure role-based access control (Azure RBAC) for users or groups. See [Grant role-based access for users to Azure Maps](#grant-role-based-access-for-users-to-azure-maps).
+6. Configure Azure role-based access control (Azure RBAC) for users or groups. For more information, see [Grant role-based access for users to Azure Maps].
 
-7. Add code for acquiring token flow in the application, for implementation details see [Device code flow](../active-directory/develop/scenario-desktop-acquire-token-device-code-flow.md). When acquiring tokens, reference the scope: `user_impersonation` which was selected on earlier steps.
+7. Add code for acquiring token flow in the application, for implementation details see [Device code flow]. When acquiring tokens, reference the scope: `user_impersonation` that was selected on earlier steps.
 
     > [!Tip]
     > Use Microsoft Authentication Library (MSAL) to acquire access tokens.
-    > See recommendations on [Desktop app that calls web APIs: Code configuration](../active-directory/develop/scenario-desktop-app-configuration.md)
+    > For more information, see [Desktop app that calls web APIs: Code configuration] in the active directory documentation.
 
 8. Compose the HTTP request with the acquired token from Azure AD, and sent request with a valid HTTP client.
 
@@ -70,7 +66,7 @@ x-ms-client-id: 30d7cc….9f55
 Authorization: Bearer eyJ0e….HNIVN
 ```
 
- The sample request body below is in GeoJSON:
+ The following sample request body is in GeoJSON:
 
 ```json
 {
@@ -96,11 +92,18 @@ Operation-Location: https://us.atlas.microsoft.com/mapData/operations/{udid}?api
 Access-Control-Expose-Headers: Operation-Location
 ```
 
-
 [!INCLUDE [grant role-based access to users](./includes/grant-rbac-users.md)]
 
 ## Next steps
 
 Find the API usage metrics for your Azure Maps account:
+
 > [!div class="nextstepaction"]
-> [View usage metrics](how-to-view-api-usage.md)
+> [View usage metrics]
+
+[Desktop app that calls web APIs: App registration]: ../active-directory/develop/scenario-desktop-app-registration.md
+[Desktop app that calls web APIs: Code configuration]: ../active-directory/develop/scenario-desktop-app-configuration.md
+[Device code flow]: ../active-directory/develop/scenario-desktop-acquire-token-device-code-flow.md
+[Grant role-based access for users to Azure Maps]: #grant-role-based-access-for-users-to-azure-maps
+[Scenario: Desktop app that calls web APIs]: ../active-directory/develop/scenario-desktop-overview.md
+[View usage metrics]: how-to-view-api-usage.md