updates as per review

Author: cljung

articles/active-directory/verifiable-credentials/admin-api.md

@@ -829,7 +829,7 @@ The response contains the following properties
 
 | Property | Type | Description |
 | -------- | -------- | -------- |
-|`attestations`| [attestions](#attestations-type)| describing supported inputs for the rules |
+|`attestations`| [attestations](#attestations-type)| describing supported inputs for the rules |
 |`validityInterval` | number | this value shows the lifespan of the credential |
 |`vc`| vcType array | types for this contract |
 |`customStatusEndpoint`| [customStatusEndpoint] (#customstatusendpoint-type) (optional) | status endpoint to include in the verifiable credential for this contract |
@@ -840,8 +840,8 @@ If the property `customStatusEndpoint` property isn't specified then the `anonym
 
 | Property | Type | Description |
 | -------- | -------- | -------- |
-|`idTokens`| [idTokenAttestation](#idtokenattestation-type) (array) (optional) | describes id token inputs|
-|`idTokenHints`| [idTokenHintAttestation](#idtokenhintattestation-type) (array) (optional) | describes id token hint inputs |
+|`idTokens`| [idTokenAttestation](#idtokenattestation-type) (array) (optional) | describes ID token inputs|
+|`idTokenHints`| [idTokenHintAttestation](#idtokenhintattestation-type) (array) (optional) | describes ID token hint inputs |
 |`presentations`| [verifiablePresentationAttestation](#verifiablepresentationattestation-type) (array) (optional) | describes verifiable presentations inputs |
 |`selfIssued`| [selfIssuedAttestation](#selfissuedattestation-type) (array) (optional) | describes self issued inputs |
 |`accessTokens`| [accessTokenAttestation](#accesstokenattestation-type) (array) (optional) | describes access token inputs |

articles/active-directory/verifiable-credentials/how-to-dnsbind.md

@@ -34,14 +34,14 @@ The domain you will verify ownership of to your DID is defined in the organizati
 
 1. Copy or download the `did-configuration.json` file shown in the image below.
 
-   ![Download well known config](media/how-to-dnsbind/verify-download.png) 
+   ![Screenshot of download well-known config.](media/how-to-dnsbind/verify-download.png) 
 
 1. Host the `did-configuration.json` file at the location specified. Example: `https://www.example.com/.well-known/did-configuration.json`
 There can be no additional path in the URL other than the .well-known path name.
 
 1. When the `did-configuration.json` is publicly available at the .well-known/did-configuration.json URL, verify it by pressing the **Refresh verification status** button.
 
-   ![Verified well known config](media/how-to-dnsbind/verify-download-verified.png) 
+   ![Screenshot of verified well-known config.](media/how-to-dnsbind/verify-download-verified.png) 
 
 1. Test out issuing or presenting with Microsoft Authenticator to validate. Make sure the setting in Authenticator 'Warn about unsafe apps' is toggled on.
 
@@ -108,7 +108,7 @@ Before Microsoft Authenticator displays a **Verified** icon, a few things need t
 
 If all of the previously mentioned are true, then Microsoft Authenticator displays a verified page and includes the domain that was validated.
 
-![new permission request](media/how-to-dnsbind/new-permission-request.png) 
+![Screenshot of new permission request.](media/how-to-dnsbind/new-permission-request.png) 
 
 ## Unverified domain
 
@@ -120,7 +120,7 @@ If any of the above aren't true, Microsoft Authenticator displays a full page wa
 
 It is of high importance that you link your DID to a domain recognizable to the user.
 
-![unverified domain warning in the add credential screen](media/how-to-dnsbind/add-credential-not-verified-authenticated.png)
+![Screenshot of unverified domain warning in the add credential screen.](media/how-to-dnsbind/add-credential-not-verified-authenticated.png)
 
 ## How do you update the linked domain on your DID?
 

articles/active-directory/verifiable-credentials/media/services-partners/avanade.png

@@ -109,8 +109,8 @@ The payload contains the following properties.
 
 |Parameter |Type  | Description |
 |---------|---------|---------|
-| `includeQRCode` |  Boolean | Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link.  |
-| `includeReceipt` |  Boolean | Determines whether a receipt should be included in the response of this request. Possible values are `true` or `false` (default). The receipt contains the original payload sent from the authenticator to the Verifiable Credentials service. The receipt is useful for troubleshooting or if you have the need to ge the full details of the payload. There's otherwise no need be set this value to `true `by default. In the `OpenId Connect SIOP` request, the receipt contains the ID token from the original request. |
+| `includeQRCode` |  Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link.  |
+| `includeReceipt` |  Boolean | Optional. Determines whether a receipt should be included in the response of this request. Possible values are `true` or `false` (default). The receipt contains the original payload sent from the authenticator to the Verifiable Credentials service. The receipt is useful for troubleshooting or if you have the need to ge the full details of the payload. There's otherwise no need be set this value to `true `by default. In the `OpenId Connect SIOP` request, the receipt contains the ID token from the original request. |
 | `authority` | string|  Your decentralized identifier (DID) of your verifier Azure AD tenant. For more information, see [Gather tenant details to set up your sample application](verifiable-credentials-configure-verifier.md#gather-tenant-details-to-set-up-your-sample-application).|
 | `registration` | [RequestRegistration](#requestregistration-type)|  Provides information about the verifier. |
 |`callback`|  [Callback](#callback-type)| Mandatory. Allows the developer to update the UI during the verifiable credential presentation process. When the user completes the process, continue the process after the results are returned to the application.|
@@ -123,7 +123,10 @@ The `RequestRegistration` type provides information registration for the issuer.
 
 |Property |Type |Description |
 |---------|---------|---------|
-| `clientName` | string|  A display name of the issuer of the verifiable credential. This name will be presented to the user in the authenticator app. |
+| `clientName` | string|  A display name of the verifier of the verifiable credential. This name will be presented to the user in the authenticator app. |
+| `purpose` | string|  Optional. A string that is displayed to inform the user why the verifiable credentials are being requested. |
+| `logoUrl` | URL|  Optional. A URL for a logotype of the verifier. This is not used by the Authenticator app. |
+| `termsOfServiceUrl` | URL|  Optional. A URL to the terms of service for the verifier. This is not used by the Authenticator app. |
 
 The following screenshot shows the `clientName` property and the display name of the `authority` (the verifier) in the presentation request.
 
@@ -146,8 +149,8 @@ The `RequestCredential` provides information about the requested credentials the
 |Property |Type |Description |
 |---------|---------|---------|
 | `type`| string| The verifiable credential type. The `type` must match the type as defined in the `issuer` verifiable credential manifest (for example, `VerifiedCredentialExpert`). To get the issuer manifest, see [Gather credentials and environment details to set up your sample application](verifiable-credentials-configure-issuer.md). Copy the **Issue credential URL**, open it in a web browser, and check the **id** property. |
-| `purpose`| string | Provide information about the purpose of requesting this verifiable credential. |
-| `acceptedIssuers`| string collection | A collection of issuers' DIDs that could issue the type of verifiable credential that subjects can present. To get your issuer DID, see [Gather credentials and environment details to set up your sample application](verifiable-credentials-configure-issuer.md), and copy the value of the **Decentralized identifier (DID)**. If the `acceptedIssuers` collection is empty, then the presentation request will accept a credential type issued by any issuer. |
+| `purpose`| string | Optional. Provide information about the purpose of requesting this verifiable credential. This is not used by the Authenticator app. |
+| `acceptedIssuers`| string collection | Optional. A collection of issuers' DIDs that could issue the type of verifiable credential that subjects can present. To get your issuer DID, see [Gather credentials and environment details to set up your sample application](verifiable-credentials-configure-issuer.md), and copy the value of the **Decentralized identifier (DID)**. If the `acceptedIssuers` collection is empty or not present, then the presentation request will accept a credential type issued by any issuer. |
 | `configuration.validation` | [Configuration.Validation](#configurationvalidation-type) | Optional settings for presentation validation.|
 
 ### Configuration.Validation type
@@ -156,8 +159,8 @@ The `Configuration.Validation` provides information about how the presented cred
 
 |Property |Type |Description |
 |---------|---------|---------|
-| `allowRevoked` |  Boolean | Determines if a revoked credential should be accepted. Default is `false` (it shouldn't be accepted). |
-| `validateLinkedDomain` |  Boolean | Determines if the linked domain should be validated. Default is `false`. Setting this flag to `false` means you as a Relying Party application accept credentials from an unverified linked domain. Setting this flag to `true` means the linked domain will be validated and only verified domains will be accepted. |
+| `allowRevoked` |  Boolean | Optional. Determines if a revoked credential should be accepted. Default is `false` (it shouldn't be accepted). |
+| `validateLinkedDomain` |  Boolean | Optional. Determines if the linked domain should be validated. Default is `false`. Setting this flag to `false` means you as a Relying Party application accept credentials from an unverified linked domain. Setting this flag to `true` means the linked domain will be validated and only verified domains will be accepted. |
 
 ## Successful response
 

articles/active-directory/verifiable-credentials/media/services-partners/ctc.png

@@ -23,13 +23,12 @@ If you are a Services Partner and would like to be considered into Entra Verifie
 | Services partner | Website |
 |:-------------------------|:--------------|
 | ![Affinitiquest logo](media/services-partners/affinitiquest.png) | [Secure Personally Identifiable Information | AffinitiQuest](https://affinitiquest.io/) |
-| ![Avanade logo](media/services-partners/avanade.png) | [Avanade Entra Verified ID Consulting Services](https://appsource.microsoft.com/en-us/marketplace/consulting-services/avanadeinc.ava_entra_verified_id_fy23?exp=ubp8) |
+| ![Avanade logo](media/services-partners/avanade.png) | [Avanade Entra Verified ID Consulting Services](https://appsource.microsoft.com/marketplace/consulting-services/avanadeinc.ava_entra_verified_id_fy23?exp=ubp8) |
 | ![Credivera logo](media/services-partners/credivera.png) | [Credivera: Digital Identity Solutions | Verifiable Credentials](https://www.credivera.com/) |
 | ![Condatis logo](media/services-partners/condatis.png) | [Decentralized Identity | Condatis](https://condatis.com/technology/decentralized-identity/) |
 | ![DXC logo](media/services-partners/dxc.png) | [Digital Identity - Connect with DXC](https://dxc.com/us/en/services/security/digital-identity) |
 | ![CTC logo](media/services-partners/ctc.png) | [CTC's  SELMID offering](https://ctc-insight.com/selmid) |
-| ![Kocho logo](media/services-partners/kocho.png) | [Connect with Kocho. See Verified Identity in Action](https://kocho.co.uk/contact-us/)
-[See Verified Identity in Action](https://kocho.co.uk/verified-id-in-action/) |
+| ![Kocho logo](media/services-partners/kocho.png) | [Connect with Kocho. See Verified Identity in Action](https://kocho.co.uk/contact-us/)<br/>[See Verified Identity in Action](https://kocho.co.uk/verified-id-in-action/) |
 | ![Predica logo](media/services-partners/predica.png) | [Verified ID - Predica Group](https://www.predicagroup.com/en/verified-id/) |
 | ![Sphereon logo](media/services-partners/sphereon.png) | [Sphereon supports customers on Microsoft's Entra Verified ID](https://sphereon.com/sphereon-supports-microsofts-entra-verified-id/) |
 | ![Unify logo](media/services-partners/unify.png) | [Microsoft Entra Verified ID - UNIFY Solutions](https://unifysolutions.net/entra/verified-id/) |

articles/active-directory/verifiable-credentials/media/services-partners/kocho.png

@@ -61,7 +61,7 @@ After you create your key vault, Verifiable Credentials generates a set of keys
 
 1. For **Key permissions**, verify that the following permissions are selected: **Create**, **Delete**, and **Sign**. By default, **Create** and **Delete** are already enabled. **Sign** should be the only key permission you need to update.
 
-:::image type="content" source="media/verifiable-credentials-configure-tenant/set-key-vault-admin-access-policy.png" alt-text="Screenshot that shows how to configure the admin access policy." border="false":::
+    :::image type="content" source="media/verifiable-credentials-configure-tenant/set-key-vault-admin-access-policy.png" alt-text="Screenshot that shows how to configure the admin access policy." border="false":::
 
 1. To save the changes, select **Save**.
 
@@ -165,8 +165,8 @@ After Azure Key Vault is setup, and the service have a signing key, you must com
 
 1. Navigate to the Verified ID service in the Azure portal.  
 1. From the left menu, select **Setup**.
-1. From the middle menu, select **Register decentralized ID** to register your DID document, as per instructions in articel [How to register your website ID for did:web](how-to-register-didwebsite.md). You must complete this step before you can continue to verify your domain. If you selected did:ion as your trust system, you should skip this step.
-1. From the middle menu, select **Verify domain ownership** to verify your domain, as per instructions in articel [Link your domain to your Decentralized Identifier (DID)](how-to-dnsbind.md)
+1. From the middle menu, select **Register decentralized ID** to register your DID document, as per instructions in article [How to register your decentralized ID for did:web](how-to-register-didwebsite.md). You must complete this step before you can continue to verify your domain. If you selected did:ion as your trust system, you should skip this step.
+1. From the middle menu, select **Verify domain ownership** to verify your domain, as per instructions in article [Verify domain ownership to your Decentralized Identifier (DID)](how-to-dnsbind.md)
 
 Once that you have successfully completed the verification steps, and have green checkmarks on all three steps, you are ready to continue to the next tutorial.