Merge pull request #103191 from KingdomOfEnds/tsi-aad

updated aad

Author: TedA-M

articles/time-series-insights/time-series-insights-authentication-and-authorization.md

@@ -10,7 +10,7 @@ ms.reviewer: v-mamcge, jasonh, kfile
 ms.devlang: csharp
 ms.workload: big-data
 ms.topic: conceptual
-ms.date: 12/09/2019
+ms.date: 02/03/2020
 ms.custom: seodec18
 ---
 
@@ -88,7 +88,7 @@ Per **step 3**, separating your application's and your user credentials allows y
 
    1. The token can then be passed in the `Authorization` header when the application calls the Time Series Insights API.
 
-* Alternatively, developers may choose to authenticate using MSAL. Read about [migrating to MSAL](https://docs.microsoft.com/azure/active-directory/develop/msal-net-migration) to learn more. 
+* Alternatively, developers may choose to authenticate using MSAL. Read about [migrating to MSAL](https://docs.microsoft.com/azure/active-directory/develop/msal-net-migration) and see our [Manage GA reference data for an Azure Time Series Insights environment using C#](time-series-insights-manage-reference-data-csharp.md) article to learn more. 
 
 ## Common headers and parameters
 

includes/media/time-series-insights-aad-registration/active-directory-app-api-permission.png

@@ -8,7 +8,7 @@ ms.service: time-series-insights
 author: deepakpalled
 ms.author: dpalled
 manager: cshankar
-ms.date: 12/06/2019
+ms.date: 02/03/2020
 ---
 
 1. In the [Azure portal](https://ms.portal.azure.com/), select **Azure Active Directory** > **App registrations** > **New registration**.
@@ -29,18 +29,30 @@ ms.date: 12/06/2019
 
 1. The **Authentication** blade specifies important authentication configuration settings. 
 
+    1. Add **Redirect URIs** and configure **Access Tokens** by selecting **+ Add a platform**.
+
+    1. Determine whether the app is a **public client** or not by selecting **Yes** or **No**.
+
+    1. Verify which accounts and tenants are supported.
+
+    [![Configure Implicit grant](media/time-series-insights-aad-registration/active-directory-auth-blade.png)](media/time-series-insights-aad-registration/active-directory-auth-blade.png#lightbox)
+
+1. After selecting the appropriate platform, configure your **Redirect URIs** and **Access Tokens** in the side panel to the right of the user interface.
+
     1. **Redirect URIs** must match the address supplied by the authentication request:
 
-        * For apps hosted in a local development environment, select **Public client (mobile & desktop)**. Make sure to set the **Default client type** to yes.
-        * For Single-Page apps hosted on Azure App Service, select **Web**.
+        * For apps hosted in a local development environment, select **Public client (mobile & desktop)**. Make sure to set **public client** to **Yes**.
+        * For Single-Page Apps hosted on Azure App Service, select **Web**.
+
+    1. Determine whether a **Logout URL** is appropriate.
 
     1. Enable the implicit grant flow by checking **Access tokens** or **ID tokens**.
 
-   [![Create Redirect URIs and configure Implicit grant](media/time-series-insights-aad-registration/active-directory-auth-blade.png)](media/time-series-insights-aad-registration/active-directory-auth-blade.png#lightbox)
+    [![Create Redirect URIs](media/time-series-insights-aad-registration/active-directory-auth-redirect-uri.png)](media/time-series-insights-aad-registration/active-directory-auth-redirect-uri.png#lightbox)
 
-   Click **Save**.
+    Click **Configure**, then **Save**.
 
-1. Select **Certificates & secrets** then **New client secret** to create an application password that client can use to prove its identity.
+1. Select **Certificates & secrets** then **New client secret** to create an application password that your client app can use to prove its identity.
 
    [![Create a new client secret](media/time-series-insights-aad-registration/active-directory-application-keys-save.png)](media/time-series-insights-aad-registration/active-directory-application-keys-save.png#lightbox)
 
@@ -57,4 +69,4 @@ ms.date: 12/06/2019
 
 1. Next, specify the kind API permission your app requires. By default, **Delegated permissions** will be highlighted. Choose a permission type then, select **Add permissions**.
 
-    [![Specify the kind of API permission your app requires](media/time-series-insights-aad-registration/active-directory-app-permission-grant.png)](media/time-series-insights-aad-registration/active-directory-app-permission-grant.png#lightbox)
+    [![Specify the kind of API permission your app requires](media/time-series-insights-aad-registration/active-directory-app-permission-grant.png)](media/time-series-insights-aad-registration/active-directory-app-permission-grant.png#lightbox)