added diagrams to the entra quickstart

Author: AikoBB

articles/communication-services/quickstarts/identity/entra-id-authentication-integration.md

@@ -1,5 +1,5 @@
 ---
-title: Set up and exchange access tokens for Microsoft Entra ID users
+title: Set up and obtain access tokens for Microsoft Entra ID users
 titleSuffix: An Azure Communication Services quickstart
 description: Building client application providing access tokens for Microsoft Entra ID users
 author: aigerimb
@@ -14,15 +14,15 @@ ms.reviewer: dominikme, dariac, sanchezjuan
 zone_pivot_groups: acs-js-csharp-java-python
 ms.custom: mode-other, devx-track-extended-java, devx-track-js, devx-track-python, has-azure-ad-ps-ref
 ---
-# Quickstart: Set up and exchange access tokens for Microsoft Entra ID users
+# Quickstart: Set up and obtain access tokens for Microsoft Entra ID users
 
 [!INCLUDE [Public Preview Disclaimer](../../includes/public-preview-include.md)]
 
-This quickstart demonstrates how to use the Communication Services Common SDK along with Azure Identity SDK in a console application to authenticate a Microsoft Entra ID user, obtain an Entra ID user token, and automatically exchange it for an Azure Communication Services access token for Microsoft Entra ID user. The resulting Azure Communication Services access token allows you to integrate calling and chat features using the Communication Services Calling and Chat SDKs.
+This quickstart demonstrates how to use the Communication Services Common SDK along with Azure Identity SDK in a console application to authenticate a Microsoft Entra ID user, obtain an Azure Communication Services access token for Microsoft Entra ID user. The resulting Azure Communication Services access token allows you to integrate calling and chat features using the Communication Services Calling and Chat SDKs.
 
 ## Prerequisites
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-- An active Azure Communication Services resource and connection string. For more information, see [Create an Azure Communication Services resource](./create-communication-resource.md).
+- An active Azure Communication Services resource and endpoint URI. For more information, see [Create an Azure Communication Services resource](./create-communication-resource.md).
 - A Microsoft Entra ID instance.  For more information, see [Microsoft Entra ID overview](./entra/fundamentals/whatis).
 
 ## Introduction
@@ -41,13 +41,13 @@ The Administrator role has extended permissions in Microsoft Entra ID. Members o
 1. The Contoso Administrator creates or selects an existing *application* in Microsoft Entra ID. The property *Supported account types* defines whether users from various tenants can authenticate to the application. The property *Redirect URI* redirects a successful authentication request to the Contoso *client application*.
 1. The Contoso Administrator adds required API permissions from Communication Services Clients application. For the all list of the permissions, see [Access tokens with Microsoft Entra ID](./identity-model.md#access-tokens-with-microsoft-entra-id).
 1. The Contoso Administrator allows public client flow for the application.
-1. The Contoso Administrator creates or selects existing communication services. The Contoso Administrator grants Fabrikam Entra ID users access to Contoso Azure Communication Services resource. Azure Communication Services Common SDK will be used for  Microsoft Entra ID user authentication and in the background seamlessly exchange Microsoft Entra user tokens for Communication Services access token of Microsoft Entra ID user. For more information, see [Create and manage Communication Services resources](./create-communication-resource.md).
+1. The Contoso Administrator creates or selects existing communication services. The Contoso Administrator grants Fabrikam Entra ID users access to Contoso Azure Communication Services resource. Azure Communication Services Common SDK will be used for  Microsoft Entra ID user authentication and in the background seamlessly obtain an Azure Communication Services access token for Microsoft Entra ID user. For more information, see [Create and manage Communication Services resources](./create-communication-resource.md).
 1. The Fabrikam Administrator grants required Communication Services Clients application API permissions to the Contoso application. This step is required if only Fabrikam Administrator can grant access to the application with the required permissions.
 
 <a name='step-1-create-a-service-principal-for-acs-clients-application'></a>
 
 ### Step 1: Create a service principal for Azure Communication Services Clients application
-To enable the Contoso application to access Communication Services Clients application API permissions, the Contoso Administrator must create a service principal for Azure Communication Services Clients application in the Contoso Microsoft Entra ID tenant.
+To enable the Contoso application to access Azure Communication Services Clients application API permissions, the Contoso Administrator must create a service principal for Azure Communication Services Clients application in the Contoso Microsoft Entra ID tenant.
 The Contoso Administrator can create a service principal in Contoso tenant by one of the following methods:
 
 - Use the [Microsoft Graph REST API](./graph/api/serviceprincipal-post-serviceprincipals?view=graph-rest-1.0&tabs=http#request) to run the following request:
@@ -86,9 +86,9 @@ For more detailed information, see [Register an application with the Microsoft i
 
 On the **Authentication** pane of your application, you can see a configured platform for *Public client/native(mobile & desktop)* with a redirect URI pointing to *http://localhost*. At the bottom of the pane, you'll see an *Allow public client flows* toggle control, which for this quickstart should be set to **Yes**.
 
-### Step 4: Add Communication Services Clients permissions in the application
+### Step 4: Add Azure Communication Services Clients permissions in the application
 
-The application must declare Communication Services Clients to have access to Azure Communication Services capabilities. Microsoft Entra ID user would be requesting a Microsoft Entra user token with these permissions. 
+The application must declare Azure Communication Services Clients to have access to Azure Communication Services capabilities. Microsoft Entra ID user would be requesting a Microsoft Entra user token with these permissions. 
 
 1. Navigate to your Microsoft Entra app in the Azure portal and select **API permissions**
 1. Select **Add Permissions**
@@ -114,7 +114,7 @@ In the Azure portal follow these steps:
 4. In the **Principal type** select the correct value. In this scenario Contoso Admin provides access for a group from Fabrikam tenant and chooses **Group**.
 5. In the **Object ID** field, enter the object ID of the group from Fabrikam Microsoft Entra tenant.
 6. In the **Tenant ID** field, enter the tenant ID of the Fabrikam Microsoft Entra tenant.
-7. In the **Clien ID** field, enter the client ID of the application from [step 2](entra-id-authentication-integration.md#step-2-create-a-microsoft-entra-application-registration-or-select-a-microsoft-entra-application).
+7. In the **Client ID** field, enter the client ID of Contoso application from [step 2](entra-id-authentication-integration.md#step-2-create-a-microsoft-entra-application-registration-or-select-a-microsoft-entra-application).
 8. Click **Save and exit** to apply the changes.
 
 
@@ -137,7 +137,7 @@ To construct an Administrator consent URL, the Fabrikam Microsoft Entra Administ
 The service principal of the Contoso application in the Fabrikam tenant is created if consent is granted. The Fabrikam Administrator can review the consent in Microsoft Entra ID by doing the following steps:
 
 1. Sign in to the Azure portal as an administrator.
-1. Go to Microsoft Entra ID.
+1. Go to **Microsoft Entra ID**.
 1. On the **Enterprise applications** pane, set the **Application type** filter to **All applications**.
 1. In the field for filtering the applications, enter the name of the Contoso application.
 1. Select **Apply**.
@@ -166,14 +166,14 @@ To provide access to the group, the Fabrikam Administrator does the following st
 
 ## Developer actions
 
-The Contoso developer needs to set up the *client application* to authenticate users. In the client application, the developer creates a credential using Communication Common SDK along with Azure Identity SDK capable of authenticating users against the Microsoft Entra ID application and exchanging the Microsoft Entra user token for Azure Communication Services access token of Microsoft Entra ID user. 
+The Contoso developer needs to set up the *client application* to authenticate users. In the client application, the developer creates a credential using Communication Common SDK along with any implementation of the `TokenCredential` from Azure Identity SDK capable of authenticating users against the Microsoft Entra ID application. 
 
 The developer's required actions are shown in following diagram:
 
-![Diagram of developer actions to enable Azure Communication Services support for Microsoft Entra ID users.]()
+![Diagram of developer actions to enable Azure Communication Services support for Microsoft Entra ID users.](./media/entra-id/entra-id-developer-overview.svg)
 
-1. The Contoso developer initialize any implementation of `TokenCredential` from Azure Identity SDK which is capable of obtaining a Microsoft Entra user token for the application that was created earlier by the Administrator.
-1. The Contoso developer initializes `AzureCommunicationTokenCredential` from Communication Services Common SDK with `TokenCredential` created in the step 1. The `AzureCommunicationTokenCredential` credential exchanges the incoming Microsoft Entra user token for the access token of Teams user seamlessly in the background.
+1. The Contoso developer initialize any implementation of `TokenCredential` from Azure Identity SDK which is capable of obtaining a Microsoft Entra user token for the application that was created earlier by the Contoso Administrator.
+1. The Contoso developer initializes `AzureCommunicationTokenCredential` from Communication Services Common SDK with `TokenCredential` created in the step 1. The `AzureCommunicationTokenCredential` obtains an Azure Communication Services access token for Microsoft Entra ID user seamlessly in the background.
 
 > [!NOTE]
 > The following sections describe how to create `AzureCommunicationTokenCredential`.
@@ -187,12 +187,11 @@ The developer's required actions are shown in following diagram:
 
 The user represents the Fabrikam users of the Contoso application. The user experience is shown in the following diagram:
 
-![Diagram of user actions to enable Azure Communication Services support for Microsoft Entra ID users.]()
+![Diagram of user actions to enable Azure Communication Services support for Microsoft Entra ID users.](./media/entra-id/entra-id-user-overview.svg)
 
 1. The Fabrikam user uses the Contoso *client application* and is prompted to authenticate.
-1. The Contoso *client application* uses the Azure Identity SDK to authenticate the user against the Fabrikam Microsoft Entra tenant for the Contoso application with Communication Services Clients permissions. 
-1. Authentication is redirected to the *client application*, as defined in the property *Redirect URI* in the Contoso application.
-1. The Communication Common SDK seamlessly exchanges the Microsoft Entra user token for Azure Communication Services access token of Microsoft Entra ID user in the background.
+1. The Contoso *client application* uses the Azure Identity SDK to authenticate the user against the Fabrikam Microsoft Entra tenant for the Contoso application with Communication Services Clients permissions. Authentication is redirected to the *client application*, as defined in the property *Redirect URI* in the Contoso application.
+1. The Communication Common SDK seamlessly obtains an Azure Communication Services access token for Fabrikam Entra ID user in the background.
 
 Developers can integrate the Communication Services Calling SDK or Chat SDK by providing `AzureCommunicationTokenCredential`.
 
@@ -207,4 +206,4 @@ In this quickstart, you learned how to:
 Learn about the following concepts:
 
 - [Support Microsoft Entra ID users in Azure Communication Services](../concepts/identity-model.md#microsoft-entra-id-integrating-with-entra-id)
-- [Single-tenant and multitenant authentication for Microsoft Entra Id users](../concepts/entra-id-authentication-overview.md)
+- [Single-tenant and multitenant authentication for Microsoft Entra ID users](../concepts/entra-id-authentication-overview.md)