Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into Includes

Author: v-krghan

articles/active-directory/develop/msal-client-application-configuration.md

@@ -17,37 +17,37 @@ ms.date: 04/25/2019
 ms.author: ryanwi
 ms.reviewer: saeeda
 ms.custom: aaddev
-#Customer intent: As an application developer, I want to learn about the types of client application so I can decide if this platform meets my application development needs and requirements.
+#Customer intent: As an application developer, I want to learn about the types of client apps so I can decide if this platform meets my app development requirements.
 ms.collection: M365-identity-device-management
 ---
 
 # Public client and confidential client applications
-Microsoft Authentication Library (MSAL) defines two types of clients: public clients and confidential clients. The two client types are distinguished by their ability to authenticate securely with the authorization server and maintain the confidentiality of their client credentials.  In contrast, Azure AD Authentication Library (ADAL) has the concept of authentication context (which is a connection to Azure AD).
+Microsoft Authentication Library (MSAL) defines two types of clients: public clients and confidential clients. The two client types are distinguished by their ability to authenticate securely with the authorization server and maintain the confidentiality of their client credentials. In contrast, Azure AD Authentication Library (ADAL) uses what's called *authentication context* (which is a connection to Azure AD).
 
-- **Confidential client applications** are applications, which run on servers (Web Apps, Web API, or even service/daemon applications). They are considered difficult to access, and therefore capable of keeping an application secret. Confidential clients are able to hold configuration time secrets. Each instance of the client has a distinct configuration (including clientId and secret). These values are difficult for end users to extract. A web app is the most common confidential client. The client ID is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed.
+- **Confidential client applications** are apps that run on servers (web apps, Web API apps, or even service/daemon apps). They're considered difficult to access, and for that reason capable of keeping an application secret. Confidential clients can hold configuration-time secrets. Each instance of the client has a distinct configuration (including client ID and client secret). These values are difficult for end users to extract. A web app is the most common confidential client. The client ID is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed.
 
     Confidential client apps: <BR>
     ![Web app](media/msal-client-applications/web-app.png) ![Web API](media/msal-client-applications/web-api.png) ![Daemon/service](media/msal-client-applications/daemon-service.png)
 
-- **Public client applications** are applications, which run on devices or desktop machines or in a web browser. They are not trusted to safely keep application secrets, and therefore only access Web APIs on behalf of the user (they only support public client flows). Public clients are unable to hold configuration time secrets, and as a result have no client secret.
+- **Public client applications** are apps that run on devices or desktop computers or in a web browser. They're not trusted to safely keep application secrets, so they only access Web APIs on behalf of the user. (They support only public client flows.) Public clients can't hold configuration-time secrets, so they don't have client secrets.
 
-    Public client applications: <BR>
+    Public client apps: <BR>
     ![Desktop app](media/msal-client-applications/desktop-app.png) ![Browserless API](media/msal-client-applications/browserless-app.png) ![Mobile app](media/msal-client-applications/mobile-app.png)
 
 > [!NOTE]
-> In MSAL.js, there is no separation of public and confidential client apps.  MSAL.js represents client apps as user-agent-based apps, a public client in which the client code is executed in a user-agent such as a web browser.  These clients do not store secrets, since the browser context is openly accessible.
+> In MSAL.js, there is no separation of public and confidential client apps.  MSAL.js represents client apps as user agent-based apps, public clients in which the client code is executed in a user agent like a web browser. These clients don't store secrets because the browser context is openly accessible.
 
 ## Comparing the client types
-There are some commonalities and differences between public client and confidential client applications:
+Here are some similarities and differences between public client and confidential client apps:
 
-- Both kinds of applications maintain a user token cache and can acquire a token silently (in cases where the token is already in the token cache). Confidential client applications also have an app token cache for tokens, which are for the app itself.
-- Both manage user accounts and can get the accounts from the user token cache, get an account from its identifier, or remove an account.
-- Public client applications have four ways of acquiring a token (four authentication flows), whereas confidential client applications have three (and one method to compute the URL of the identity provider authorize endpoint). For more information, see Scenarios and Acquiring tokens.
+- Both kinds of app maintain a user token cache and can acquire a token silently (when the token is already in the token cache). Confidential client apps also have an app token cache for tokens that are for the app itself.
+- Both types of app manage user accounts and can get an account from the user token cache, get an account from its identifier, or remove an account.
+- Public client apps have four ways to acquire a token (four authentication flows). Confidential client apps have three ways to acquire a token (and one way to compute the URL of the identity provider authorize endpoint). For more information, see [Acquiring tokens](msal-acquire-cache-tokens.md).
 
-If you used ADAL in the past, you might notice that, contrary to ADAL's authentication context, in MSAL the client ID (also named application ID or app ID) is passed once at the construction of the application, and no longer needs to be repeated when acquiring a token. This is the case both for public and confidential client applications. Constructors of confidential client applications are also passed client credentials: the secret they share with the identity provider.
+If you've used ADAL, you might notice that, unlike ADAL's authentication context, in MSAL the client ID (also called the *application ID* or *app ID*) is passed once at the construction of the application. It doesn't need to be passed again when the app acquires a token. This is true for both for public and confidential client apps. Constructors of confidential client apps are also passed client credentials: the secret they share with the identity provider.
 
 ## Next steps
 Learn about:
 - [Client application configuration options](msal-client-application-configuration.md)
-- [Instantiating client applications using MSAL.NET](msal-net-initializing-client-applications.md).
-- [Instantiating client applications using MSAL.js](msal-js-initializing-client-applications.md).
+- [Instantiating client applications by using MSAL.NET](msal-net-initializing-client-applications.md)
+- [Instantiating client applications by using MSAL.js](msal-js-initializing-client-applications.md)

articles/active-directory/develop/msal-client-applications.md

@@ -37,7 +37,7 @@
     href: azureadjoin-plan.md
   - name: Plan your hybrid Azure AD join implementation
     href: hybrid-azuread-join-plan.md
-  - name: Control the hybrid Azure AD join of your devices
+  - name: Controlled validation of hybrid Azure AD join
     href: hybrid-azuread-join-control.md
   - name: Assign local admins to Azure AD joined devices
     href: assign-local-admin.md