integrate @hpsin review comments

Author: mmacy

articles/active-directory/develop/media/quickstart-v2-javascript-auth-code/diagram-01-auth-code-flow.png

@@ -119,6 +119,12 @@ This quickstart uses MSAL.js 2.0 with the authorization code flow. For a similar
 >   - To restrict support to *personal Microsoft accounts only*, replace this value with `consumers`.
 > - `Enter_the_Redirect_Uri_Here` is `http://localhost:3000/`.
 >
+> The `authority` value in your *authConfig.js* should be similar to the following if you're using the main (global) Azure cloud:
+>
+> ```javascript
+> authority: "https://login.microsoftonline.com/common",
+> ```
+>
 > > [!TIP]
 > > To find the values of **Application (client) ID**, **Directory (tenant) ID**, and **Supported account types**, go to the app registration's **Overview** page in the Azure portal.
 >
@@ -143,11 +149,17 @@ This quickstart uses MSAL.js 2.0 with the authorization code flow. For a similar
 >   };
 > ```
 >
-
 > [!div renderon="docs"]
 >
 > `Enter_the_Graph_Endpoint_Here` is the endpoint that API calls will be made against. For the main (global) Microsoft Graph API service, enter `https://graph.microsoft.com/` (include the trailing forward-slash). For more information about Microsoft Graph on national clouds, see [National cloud deployment](https://docs.microsoft.com/graph/deployments).
 >
+> The `graphMeEndpoint` and `graphMailEndpoint` values in the *graphConfig.js* file should be similar to the following if you're using the main (global) Microsoft Graph API service:
+>
+> ```javascript
+> graphMeEndpoint: "https://graph.microsoft.com/v1.0/me",
+> graphMailEndpoint: "https://graph.microsoft.com/v1.0/me/messages"
+> ```
+>
 > #### Step 4: Run the project
 
 Run the project with a web server by using Node.js:
@@ -167,7 +179,7 @@ Run the project with a web server by using Node.js:
 
 ### How the sample works
 
-![How the sample JavaScript SPA works: 1. The SPA initiates sign in. 2. The SPA acquires an ID token from the Microsoft identity platform. 3. The SPA calls acquire token. 4. The Microsoft identity platform returns an Access token to the SPA. 5. The SPA makes and HTTP GET request with the Access Token to the Microsoft Graph API. 6. The Graph API returns an HTTP response to the SPA.](media/quickstart-v2-javascript/javascriptspa-intro.svg)
+:::image type="content" source="media/quickstart-v2-javascript-auth-code/diagram-01-auth-code-flow.png" alt-text="Diagram showing the authorization code flow for a single-page application":::
 
 ### msal.js
 

articles/active-directory/develop/media/tutorial-v2-javascript-auth-code/diagram-01-auth-code-flow.png

@@ -40,19 +40,19 @@ Follow these steps to add a redirect URI for an app that uses MSAL.js 2.0 or lat
 
 1. In the Azure portal, select the app registration you created earlier in [Create the app registration](#create-the-app-registration).
 1. Under **Manage**, select **Authentication**, and then select **Add a platform**.
-1. Under **Web applications**, select **Single-page application**.
+1. Under **Web applications**, select the **Single-page application** tile.
 1. Under **Redirect URIs**, enter a [redirect URI](reply-url.md). Do **NOT** select either checkbox under **Implicit grant**.
 1. Select **Configure** to finish adding the redirect URI.
 
-You've now completed the registration of your single-page application (SPA) and configured a redirect URI to which the client will be redirected and any security tokens will be sent. By not selecting either of the settings under **Implicit grant**, your application registration is configured to support the authorization code flow with PKCE and CORS.
+You've now completed the registration of your single-page application (SPA) and configured a redirect URI to which the client will be redirected and any security tokens will be sent. By configuring your redirect URI using the **Single-page application** tile in the **Add a platform** pane, your application registration is configured to support the authorization code flow with PKCE and CORS.
 
 ## Redirect URI: MSAL.js 1.0 with implicit flow
 
 Follow these steps to add a redirect URI for a single-page app that uses MSAL.js 1.3 or earlier and the implicit grant flow. Applications that use MSAL.js 1.3 or earlier do not support the auth code flow.
 
 1. In the Azure portal, select the app registration you created earlier in [Create the app registration](#create-the-app-registration).
 1. Under **Manage**, select **Authentication**, and then select **Add a platform**.
-1. Under **Web applications**, select **Single-page application**.
+1. Under **Web applications**, select **Single-page application** tile.
 1. Under **Redirect URIs**, enter a [redirect URI](reply-url.md).
 1. Enable the **Implicit flow**:
     - If your application signs in users, select **ID tokens**.
@@ -67,7 +67,7 @@ By default, an app registration created by using single-page application platfor
 
 As mentioned previously, single-page applications using MSAL.js 1.3 are restricted to the implicit grant flow. Current [OAuth 2.0 best practices](v2-oauth2-auth-code-flow.md) recommend using the authorization code flow rather than the implicit flow for SPAs. Having limited-lifetime refresh tokens also helps your application adapt to [modern browser cookie privacy limitations](reference-third-party-cookies-spas.md), like Safari ITP.
 
-When all of your production applications represented by an app registration are using MSAL.js 2.0 and the authorization code flow, uncheck the implicit grant settings in its **Authentication** pane in the Azure portal. Applications using MSAL.js 1.x and the implicit flow can continue to function, however, if you leave the implicit flow enabled (checked).
+When all your production single-page applications represented by an app registration are using MSAL.js 2.0 and the authorization code flow, uncheck the implicit grant settings the app registration's **Authentication** pane in the Azure portal. Applications using MSAL.js 1.x and the implicit flow can continue to function, however, if you leave the implicit flow enabled (checked).
 
 ## Next steps
 

articles/active-directory/develop/media/tutorial-v2-javascript-spa/spa-01-signin-dialog.png renamed to articles/active-directory/develop/media/tutorial-v2-javascript-auth-code/spa-01-signin-dialog.png

@@ -31,7 +31,7 @@ MSAL.js 2.0 improves on MSAL.js 1.0 by supporting the authorization code flow in
 
 ## How the tutorial app works
 
-![Shows how the sample app generated by this tutorial works](media/active-directory-develop-guidedsetup-javascriptspa-introduction/javascriptspa-intro.svg)
+:::image type="content" source="media/tutorial-v2-javascript-auth-code/diagram-01-auth-code-flow.png" alt-text="Diagram showing the authorization code flow in a single-page application":::
 
 The application you create in this tutorial enables a JavaScript SPA to query the Microsoft Graph API by acquiring security tokens from the the Microsoft identity platform endpoint. In this scenario, after a user signs in, an access token is requested and added to HTTP requests in the authorization header. Token acquisition and renewal are handled by the Microsoft Authentication Library for JavaScript (MSAL.js).
 
@@ -336,6 +336,12 @@ Modify the values in the `msalConfig` section as described here:
   - To restrict support to *personal Microsoft accounts only*, replace this value with `consumers`.
 - `Enter_the_Redirect_Uri_Here` is `http://localhost:3000`.
 
+The `authority` value in your *authConfig.js* should be similar to the following if you're using the global Azure cloud:
+
+```javascript
+authority: "https://login.microsoftonline.com/common",
+```
+
 Still in the *app* folder, create a file named *graphConfig.js*. Add the following code to provide your application the configuration parameters for calling the Microsoft Graph API:
 
 ```javascript
@@ -352,6 +358,13 @@ Modify the values in the `graphConfig` section as described here:
   - For the **global** Microsoft Graph API endpoint, replace both instances of this string with `https://graph.microsoft.com`.
   - For endpoints in **national** cloud deployments, see [National cloud deployments](https://docs.microsoft.com/graph/deployments) in the Microsoft Graph documentation.
 
+The `graphMeEndpoint` and `graphMailEndpoint` values in your *graphConfig.js* should be similar to the following if you're using the global endpoint:
+
+```javascript
+graphMeEndpoint: "https://graph.microsoft.com/v1.0/me",
+graphMailEndpoint: "https://graph.microsoft.com/v1.0/me/messages"
+```
+
 ## Use Microsoft Authentication Library (MSAL) to sign in user
 
 ### Pop-up
@@ -569,23 +582,23 @@ You've completed creation of the application and are now ready to launch the Nod
 
 After the browser loads your *index.html* file, select **Sign In**. You're prompted to sign in with the Microsoft identity platform endpoint:
 
-:::image type="content" source="media/tutorial-v2-javascript-spa/spa-01-signin-dialog.png" alt-text="Web browser displaying sign-in dialog":::
+:::image type="content" source="media/tutorial-v2-javascript-auth-code/spa-01-signin-dialog.png" alt-text="Web browser displaying sign-in dialog":::
 
 ### Provide consent for application access
 
 The first time you sign in to your application, you're prompted to grant it access to your profile and sign you in:
 
-:::image type="content" source="media/tutorial-v2-javascript-spa/spa-02-consent-dialog.png" alt-text="Content dialog displayed in web browser":::
+:::image type="content" source="media/tutorial-v2-javascript-auth-code/spa-02-consent-dialog.png" alt-text="Content dialog displayed in web browser":::
 
 If you consent to the requested permissions, the web applications displays your user name, signifying a successful login:
 
-:::image type="content" source="media/tutorial-v2-javascript-spa/spa-03-signed-in.png" alt-text="Results of a successful sign-in in the web browser":::
+:::image type="content" source="media/tutorial-v2-javascript-auth-code/spa-03-signed-in.png" alt-text="Results of a successful sign-in in the web browser":::
 
 ### Call the Graph API
 
 After you sign in, select **See Profile** to view the user profile information returned in the response from the call to the Microsoft Graph API:
 
-:::image type="content" source="media/tutorial-v2-javascript-spa/spa-04-see-profile.png" alt-text="Profile information from Microsoft Graph displayed in the browser":::
+:::image type="content" source="media/tutorial-v2-javascript-auth-code/spa-04-see-profile.png" alt-text="Profile information from Microsoft Graph displayed in the browser":::
 
 ### More information about scopes and delegated permissions