MicrosoftDocs
diff --git a/‎articles/healthcare-apis/configure-azure-rbac-using-scripts.md
Lines changed: 19 additions & 21 deletions b/‎articles/healthcare-apis/configure-azure-rbac-using-scripts.md
Lines changed: 19 additions & 21 deletions
diff --git a/‎articles/healthcare-apis/configure-azure-rbac.md
Lines changed: 22 additions & 24 deletions b/‎articles/healthcare-apis/configure-azure-rbac.md
Lines changed: 22 additions & 24 deletions
diff --git a/‎articles/healthcare-apis/fhir/get-started-with-fhir.md
Lines changed: 12 additions & 12 deletions b/‎articles/healthcare-apis/fhir/get-started-with-fhir.md
Lines changed: 12 additions & 12 deletions
@@ -1,6 +1,6 @@
 ---
-title: Grant permissions to users and client applications using CLI and REST API - Azure Health Data Services
-description: This article describes how to grant permissions to users and client applications using CLI and REST API.
+title: Grant permissions to users and applications by using CLI and REST API in Azure Health Data Services
+description: Learn to configure Azure RBAC roles using CLI and REST API for secure access to Azure Health Data Services. See how to make role assignments with detailed scripts and examples. 
 services: healthcare-apis
 author: chachachachami
 ms.service: healthcare-apis
@@ -10,19 +10,19 @@ ms.date: 06/06/2022
 ms.author: chrupa
 ---
 
-# Configure Azure RBAC role using Azure CLI and REST API
+# Configure Azure RBAC roles by using Azure CLI and REST API
 
-In this article, you'll learn how to grant permissions to client applications (and users) to access Azure Health Data Services using Azure Command-Line Interface (CLI) and REST API. This step is referred to as "role assignment" or Azure 
-[role-based access control (Azure RBAC role)](./../role-based-access-control/role-assignments-cli.md). To further your understanding about the application roles defined for Azure Health Data Services, see [Configure Azure RBAC role](configure-azure-rbac.md).
+In this article, you learn how to grant permissions to client applications and users to access Azure Health Data Services by using the Azure Command-Line Interface (CLI) and REST API. This step is referred to as role assignment or Azure
+[role-based access control (RBAC)](./../role-based-access-control/role-assignments-cli.md). For more information, see [Configure Azure RBAC role](configure-azure-rbac.md).
 
-You can view and download the [CLI scripts](https://github.com/microsoft/healthcare-apis-samples/blob/main/src/scripts/role-assignment-using-cli.http) and [REST API scripts](https://github.com/microsoft/healthcare-apis-samples/blob/main/src/scripts/role-assignment-using-rest-api.http) from [Azure Health Data Services samples](https://github.com/microsoft/healthcare-apis-samples).
+View and download the [CLI scripts](https://github.com/microsoft/healthcare-apis-samples/blob/main/src/scripts/role-assignment-using-cli.http) and [REST API scripts](https://github.com/microsoft/healthcare-apis-samples/blob/main/src/scripts/role-assignment-using-rest-api.http) from [Azure Health Data Services samples](https://github.com/microsoft/healthcare-apis-samples).
 
-> [!Note] 
+> [!Note]
 > To perform the role assignment operation, the user (or the client application) must be granted with RBAC permissions. Contact your Azure subscription administrators for assistance.
 
 ## Role assignments with CLI
 
-You can list application roles using role names or GUID IDs. Include the role name in double quotes when there are spaces in it. For more information, see
+You can list application roles by using role names or GUID IDs. Include the role name in double quotes when there are spaces in it. For more information, see
 [List Azure role definitions](./../role-based-access-control/role-definitions-list.yml#azure-cli).
 
 ```
@@ -34,7 +34,7 @@ az role definition list --name 58a3b984-7adf-4c20-983a-32417c86fbc8
 
 ### Azure Health Data Services role assignment
 
-The role assignments for Azure Health Data Services require the following values.
+The role assignments for Azure Health Data Services require these values:
 
 - Application role name or GUID ID.
 - Service principal ID for the user or client application.
@@ -82,19 +82,20 @@ spid=$(az ad sp show --id $clientid --query objectId --output tsv)
 #assign the specified role
 az role assignment create --assignee-object-id $spid --assignee-principal-type ServicePrincipal --role "$fhirrole" --scope $fhirrolescope
 ```
+
 ## Role assignments with REST API
 
 Alternatively, you can send a Put request to the role assignment REST API directly. For more information, see [Assign Azure roles using the REST API](./../role-based-access-control/role-assignments-rest.md).
 
 >[!Note]
->The REST API scripts in this article are based on the [REST Client](./fhir/using-rest-client.md) extension. You'll need to revise the variables if you are in a different environment.
+>The REST API scripts in this article are based on the [REST Client](./fhir/using-rest-client.md) extension. You need to revise the variables if you are in a different environment.
 
-The API requires the following values:
+The API requires these values:
 
 - Assignment ID, which is a GUID value that uniquely identifies the transaction. You can use tools such as Visual Studio or Visual Studio Code extension to get a GUID value. Also, you can use online tools such as [UUID Generator](https://www.uuidgenerator.net/api/guid) to get it.
-- API version that is supported by the API.
+- API version supported by the API.
 - Scope for Azure Health Data Services to which you grant access permissions. It includes subscription ID, resource group name, and the FHIR or DICOM service instance name.
-- Role definition ID for roles such as "FHIR Data Contributor" or "DICOM Data Owner". Use `az role definition list --name "<role name>"` to list the role definition IDs.
+- Role definition ID for roles such as **FHIR Data Contributor** or **DICOM Data Owner**. Use `az role definition list --name "<role name>"` to list the role definition IDs.
 - Service principal ID for the user or the client application.
 - Microsoft Entra access token to the `https://management.azure.com/`, not Azure Health Data Services. You can get the access token using an existing tool or using Azure CLI command, `az account get-access-token --resource  "https://management.azure.com/"`
 - For Azure Health Data Services, the scope includes workspace name and FHIR/DICOM service instance name.
@@ -124,7 +125,7 @@ Accept: application/json
 }
 ```
 
-For Azure API for FHIR, the scope is defined slightly differently as it supports the FHIR service only, and no workspace name is required.
+For Azure API for FHIR, the scope is defined differently as it supports the FHIR service only, and no workspace name is required.
 
 ```rest
 ### Create a role assignment - Azure API for FHIR
@@ -153,7 +154,7 @@ Accept: application/json
 
 ## List service instances of Azure Health Data Services
 
-Optionally, you can get a list of Azure Health Data Services services, or Azure API for FHIR. Note that the API version is based on Azure Health Data Services, not the version for the role assignment REST API.
+Optionally, you can get a list of Azure Health Data Services services, or Azure API for FHIR. The API version is based on Azure Health Data Services, not the version for the role assignment REST API.
 
 For Azure Health Data Services, specify the subscription ID, resource group name, workspace name, FHIR or DICOM services, and the API version.
 
@@ -185,13 +186,10 @@ Accept: application/json
 
 ```
 
-Now that you've granted proper permissions to the client application, you can access Azure Health Data Services in your applications.
+After you grant proper permissions to the client application, you can access Azure Health Data Services in your applications.
 
 ## Next steps
 
-In this article, you learned how to grant permissions to client applications using Azure CLI and REST API. For information on how to access Azure Health Data Services using the REST Client Extension in Visual Studio Code, see 
-
->[!div class="nextstepaction"]
->[Access using REST Client](./fhir/using-rest-client.md) 
+[Access using REST Client](./fhir/using-rest-client.md) 
 
-FHIR&#174; is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.
+[!INCLUDE [FHIR and DICOM trademark statement](./includes/healthcare-apis-fhir-dicom-trademark.md)]
@@ -1,61 +1,59 @@
 ---
-title: Configure Azure RBAC role for FHIR service - Azure Health Data Services
-description: This article describes how to configure Azure RBAC role for FHIR.
+title: Configure Azure RBAC role for the FHIR service in Azure Health Data Services
+description: Learn how to configure Azure RBAC for the FHIR service in Azure Health Data Services. Assign roles, manage access, and safeguard your data plane.
 author: chachachachami
 ms.service: healthcare-apis
 ms.topic: tutorial
 ms.date: 06/06/2022
 ms.author: chrupa
 --- 
+# Configure Azure RBAC roles for Azure Health Data Services
 
-# Configure Azure RBAC role for Azure Health Data Services
+In this article, you learn how to use [Azure role-based access control (RBAC)](../role-based-access-control/index.yml) to assign access to the Azure Health Data Services data plane. Using Azure RBAC roles is the preferred method for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription.
 
-In this article, you'll learn how to use [Azure role-based access control (Azure RBAC role)](../role-based-access-control/index.yml) to assign access to the Azure Health Data Services data plane. Azure RBAC role is the preferred methods for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription.
-
-You can complete role assignments through the Azure portal. Note that the FHIR service and DICOM service have defined different application roles. Add or remove one or more roles to manage user access controls.
+You can complete role assignments in the Azure portal. The FHIR&reg; service and DICOM&reg; service define application roles differently. Add or remove one or more roles to manage user access controls.
 
 ## Assign roles for the FHIR service
 
-To grant users, service principals, or groups access to the FHIR data plane, select the FHIR service from the Azure portal. Select **Access control (IAM)**, and then select the **Role assignments** tab. Select **+Add**, and then select **Add role assignment**.
- 
-If the role assignment option is grayed out, ask your Azure subscription administrator to grant you with the permissions to the subscription or the resource group, for example, “User Access Administrator”. For more information about the Azure built-in roles, see [Azure built-in roles](../role-based-access-control/built-in-roles.md).
+To grant users, service principals, or groups access to the FHIR data plane, go to the FHIR service in the Azure portal. Select **Access control (IAM)**, and then select the **Role assignments** tab. Select **+Add**, and then select **Add role assignment**.
+
+If the role assignment option is grayed out, ask your Azure subscription administrator to grant you with the permissions to the subscription or the resource group, for example, **User Access Administrator**. For more information, see [Azure built-in roles](../role-based-access-control/built-in-roles.md).
 
-[ ![Access control role assignment.](fhir/media/rbac/role-assignment.png) ](fhir/media/rbac/role-assignment.png#lightbox)
+:::image type="content" source="media/rbac/select-role-assignment.png" alt-text="Screenshot showing role assignment selection." lightbox="media/rbac/select-role-assignment.png":::
 
-In the Role selection, search for one of the built-in roles for the FHIR data plane, for example, “FHIR Data Contributor”. You can choose other roles below.
+In the **Role** selection, search for one of the built-in roles for the FHIR data plane. You can choose from these roles:
 
 * **FHIR Data Reader**: Can read (and search) FHIR data.
 * **FHIR Data Writer**: Can read, write, and soft delete FHIR data.
 * **FHIR Data Exporter**: Can read and export ($export operator) data.
 * **FHIR Data Contributor**: Can perform all data plane operations.
 * **FHIR Data Converter**: Can use the converter to perform data conversion.
-* **FHIR SMART User**: Role allows to read and write FHIR data according to the SMART IG V1.0.0 specifications.
+* **FHIR SMART User**: Can read and write FHIR data according to the SMART IG V1.0.0 specifications.
 
-In the **Select** section, type the client application registration name. If the name is found, the application name is listed. Select the application name, and then select **Save**. 
+In the **Select** section, type the client application registration name. If the name is found, the application name is listed. Select the application name, and then select **Save**.
 
 If the client application isn’t found, check your application registration. This is to ensure that the name is correct. Ensure that the client application is created in the same tenant where the FHIR service in Azure Health Data Services (hereby called the FHIR service) is deployed in.
 
-
-[ ![Select role assignment.](fhir/media/rbac/select-role-assignment.png) ](fhir/media/rbac/select-role-assignment.png#lightbox)
+:::image type="content" source="media/rbac/select-role-assignment.png" alt-text="Screenshot showing selection of role assignment." lightbox="media/rbac/select-role-assignment.png":::
 
 You can verify the role assignment by selecting the **Role assignments** tab from the **Access control (IAM)** menu option.
- 
+
 ## Assign roles for the DICOM service
 
 To grant users, service principals, or groups access to the DICOM data plane, select the **Access control (IAM)** blade. Select the**Role assignments** tab, and select **+ Add**.
 
-[ ![dicom access control.](dicom/media/dicom-access-control.png) ](dicom/media/dicom-access-control.png#lightbox)
+:::image type="content" source="media/rbac/dicom-access-control.png" alt-text="Screenshot showing DICOM access control." lightbox="media/rbac/dicom-access-control.png":::
 
 In the **Role** selection, search for one of the built-in roles for the DICOM data plane:
 
-[ ![Add RBAC role assignment.](dicom/media/rbac-add-role-assignment.png) ](dicom/media/rbac-add-role-assignment.png#lightbox)
+:::image type="content" source="media/rbac/rbac-add-role-assignment.png" alt-text="Screenshot showing how to add an RBAC role assignment." lightbox="media/rbac/rbac-add-role-assignment.png":::
 
 You can choose between:
 
 * DICOM Data Owner:  Full access to DICOM data.
 * DICOM Data Reader: Read and search DICOM data.
 
-If these roles aren’t sufficient for your need, you can use PowerShell to create custom roles.  For information about creating custom roles, see [Create a custom role using Azure PowerShell](../role-based-access-control/custom-roles-powershell.md).
+If these roles aren’t sufficient, you can use PowerShell to create custom roles. For information about creating custom roles, see [Create a custom role by using Azure PowerShell](../role-based-access-control/custom-roles-powershell.md).
 
 In the **Select** box, search for a user, service principal, or group that you want to assign the role to.
 
@@ -64,10 +62,10 @@ In the **Select** box, search for a user, service principal, or group that you w
 
 ## Next steps
 
-In this article, you've learned how to assign Azure roles for the FHIR service and DICOM service. To learn how to access the Azure Health Data Services using Postman, see
+[Access by using Postman](./fhir/use-postman.md)
+
+[Access by using the REST Client](./fhir/using-rest-client.md)
 
-- [Access using Postman](./fhir/use-postman.md)
-- [Access using the REST Client](./fhir/using-rest-client.md)
-- [Access using cURL](./fhir/using-curl.md)
+[Access by using cURL](./fhir/using-curl.md)
 
-FHIR&#174; is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.
+[!INCLUDE [FHIR and DICOM trademark statement](./includes/healthcare-apis-fhir-dicom-trademark.md)]
@@ -1,6 +1,6 @@
 ---
-title: Get started with FHIR service - Azure Health Data Services
-description: This document describes how to get started with FHIR service in Azure Health Data Services.
+title: Get started with the FHIR service in Azure Health Data Services
+description: Learn how to set up the FHIR service in Azure Health Data Services with steps to create workspaces, register apps, and manage data.
 author: expekesheth
 ms.service: healthcare-apis
 ms.subservice: fhir
@@ -10,9 +10,9 @@ ms.author: kesheth
 ms.custom: mode-api
 ---
 
-# Get started with FHIR service
+# Get started with the FHIR service
 
-This article outlines the basic steps to get started with the FHIR service in [Azure Health Data Services](../healthcare-apis-overview.md).
+This article outlines the basic steps to get started with the FHIR&reg; service in [Azure Health Data Services](../healthcare-apis-overview.md).
 
 As a prerequisite, you need an Azure subscription and permissions to create Azure resource groups and deploy Azure resources. You can follow all the steps, or skip some if you have an existing environment. Also, you can combine all the steps and complete them in PowerShell, Azure CLI, and REST API scripts.
 
@@ -45,15 +45,15 @@ You can delete a client application. Before you delete a client application, ens
 
 ### Grant access permissions
 
-You can grant access permissions or assign roles from the [Azure portal](../configure-azure-rbac.md), or using PowerShell and Azure CLI scripts.
+You can grant access permissions or assign roles in the [Azure portal](../configure-azure-rbac.md), or by using PowerShell and Azure CLI scripts.
 
 ### Perform create, read, update, and delete (CRUD) transactions
 
-You can perform Create, Read (search), Update, and Delete (CRUD) transactions against the FHIR service in your applications or by using tools such as Postman, REST Client, and cURL. Because the FHIR service is secured by default, you must obtain an access token and include it in your transaction request.
+You can perform Create, Read (search), Update, and Delete (CRUD) transactions against the FHIR service in your applications or by using tools such as Postman, REST Client, and cURL. Because the FHIR service is secured by default, you need to obtain an access token and include it in your transaction request.
 
 #### Get an access token
 
-You can obtain a Microsoft Entra access token using PowerShell, Azure CLI, REST CCI, or .NET SDK.  For more information, see [Get access token](../get-access-token.md).
+You can obtain a Microsoft Entra access token by using PowerShell, Azure CLI, REST CCI, or .NET SDK. For more information, see [Get an access token](../get-access-token.md).
 
 #### Access using existing tools
 
@@ -63,19 +63,19 @@ You can obtain a Microsoft Entra access token using PowerShell, Azure CLI, REST
 
 #### Load data
 
-You can load data directly using the POST or PUT method against the FHIR service. To bulk load data, you can use $import operation. For information, visit [import operation](import-data.md).
+You can load data directly by using the POST or PUT method against the FHIR service. To bulk load data, you can use $import operation. For information, visit [import operation](import-data.md).
 
 ### CMS, search, profile validation, and reindex
 
 You can find more details on interoperability and patient access, search, profile validation, and reindex in the [FHIR service](overview.md) documentation.
 
 ### Export data
 
-Optionally, you can export ($export) data to [Azure Storage](../data-transformation/export-data.md) and use it in your analytics or machine-learning projects. You can export the data "as-is" or [deid](../data-transformation/de-identified-export.md) in `ndjson` format. 
+Optionally, you can export ($export) data to [Azure Storage](../data-transformation/export-data.md) and use it in your analytics or machine-learning projects. You can export the data "as-is" or [deID](../data-transformation/de-identified-export.md) in `ndjson` format. 
 
-### Converting data
+### Convert data
 
-Optionally, you can convert [HL7 v2](convert-data-overview.md) and other format data to FHIR.
+Optionally, you can convert [HL7 v2](convert-data-overview.md) data and other formats to FHIR.
 
 ### Using FHIR data in Power BI dashboard
 
@@ -86,6 +86,6 @@ Optionally, you can create Power BI dashboard reports with FHIR data.
 
 ## Next steps
 
-[Deploy a FHIR service within Azure Health Data Services](fhir-portal-quickstart.md)
+[Deploy a FHIR service in Azure Health Data Services](fhir-portal-quickstart.md)
 
 [!INCLUDE [FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]