[Dev-Docs AI Improvement]: Configure your app in Microsoft Entra ID #13656
Conversation
…ad.md by yashy797
Acrolinx ScorecardsWe currently enforce a minimum score of 80. Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
More info about Acrolinx Use the Acrolinx extension, or sidebar, in Visual Studio Code to check spelling, grammar, style, tone, clarity, and key terminology when you're creating or updating content. For more information, see Use the Visual Studio Code extension to run Acrolinx locally. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit e61c4bc:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md | View | Details |
msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md
- Line 455, Column 1: [Warning: code-block-indented - See documentation]
Indented code blocks aren't allowed. Use a Markdown code block surrounded by triple backticks (```). - Line 874, Column 1: [Warning: code-block-indented - See documentation]
Indented code blocks aren't allowed. Use a Markdown code block surrounded by triple backticks (```).
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
|
|
||
| > [!NOTE] | ||
| > Ensure that you've created an app and a bot resource in Microsoft Entra ID. | ||
| > Ensure that you have created an app and a bot resource in Microsoft Entra ID. |
There was a problem hiding this comment.
Use contractions. This should be applied to all similar instances in the document.
| ## Enable SSO in Microsoft Entra ID | ||
|
|
||
| By the end of this tutorial, you'll learn to configure: | ||
| By the end of this tutorial, you configure: |
There was a problem hiding this comment.
Original version uses the correct future tense.
|
|
||
| > [!IMPORTANT] | ||
| > Ensure that when you create your bot resource, select the option to create a new app ID. You can also use an existing app ID, if you've already registered an app in Microsoft Entra admin center. | ||
| > Ensure that when you create your bot resource, you select the option to create a new app ID. You can also use an existing app ID, if you have already registered an app in Microsoft Entra admin center. |
| ## Configure messaging endpoint | ||
|
|
||
| Messaging endpoint is where messages are sent to your bot. It enables communication with your bot. | ||
| Messaging endpoint is where messages send to your bot. It enables communication with your bot. |
There was a problem hiding this comment.
Original version uses correct grammar (messages are sent to your bot), making it clear and accurate.
| 1. Select **Apply**. | ||
|
|
||
| The messaging endpoint is configured. | ||
| The messaging endpoint configures. |
There was a problem hiding this comment.
Keep the original one. It is is clear and correct. This should be applied to all similar instances in the document.
| The messaging endpoint configures. | ||
|
|
||
| You've configured the messaging endpoint for your bot resource. Next, you must enable SSO for the Microsoft Entra app. | ||
| You have configured the messaging endpoint for your bot resource. Next, enable SSO for the Microsoft Entra app. |
| 1. Select **Save**. | ||
|
|
||
| A message appears on the browser stating that the app manifest was updated successfully. | ||
| A message appears on the browser stating that the app manifest updated successfully. |
There was a problem hiding this comment.
Keep "was". This should be applied to all similar instances in the document.
| :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-aad-manifest-msg.png" alt-text="Screenshot shows the Manifest updated message." ::: | ||
|
|
||
| You've updated the access token version. Next, you'll configure the scope of the access token. | ||
| You have updated the access token version. Next, configure the scope of the access token. |
| * [To configure application ID URI](#to-configure-application-id-uri): Configure scope (permission) options for your app. You'll expose a web API and configure the application ID URI. | ||
| * [To configure API scope](#to-configure-api-scope): Define scope for the API, and the users who can consent for a scope. You can let only admins provide consent for higher-privileged permissions. | ||
| * [To configure authorized client application](#to-configure-authorized-client-application): Create authorized client IDs for applications that you want to pre-authorize. It allows the app user to access the app scopes (permissions) you've configured, without requiring any further consent. Pre-authorize only those client applications you trust, as your app users won't have the opportunity to decline consent. | ||
| * [To configure application ID URI](#to-configure-application-id-uri): Configure scope (permission) options for your app. You expose a web API and configure the application ID URI. |
There was a problem hiding this comment.
Use contractions in all the three lines where they've been removed. Remaining content is fine.
| :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/set-app-id-uri.png" alt-text="Screenshot shows the Application ID URI added." ::: | ||
|
|
||
| * The **Application ID URI** is prefilled with app ID (GUID) in the format `api://{AppID}`. | ||
| * The **Application ID URI** pre-fills with app ID (GUID) in the format `api://{AppID}`. |
There was a problem hiding this comment.
Keep the original version. “is prefilled” is grammatically correct and appropriate. This should be applied to all similar instances in the document.
| > [!IMPORTANT] | ||
| > | ||
| > * **Sensitive information**: The application ID URI is logged as part of the authentication process and must not contain sensitive information. | ||
| > * **Sensitive information**: The application ID URI logs as part of the authentication process and must not contain sensitive information. |
There was a problem hiding this comment.
"logs" is not correct and is changing the meaning. Keep the original version.
| > * **Application ID URI for app with multiple capabilities**: If you build an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` identifies your bot app ID. | ||
| > | ||
| > * **Format for domain name**: Use lowercase letters for domain name. Don't use upper case. | ||
| > * **Format for domain name**: Use lowercase letters for domain name. Do not use upper case. |
| 1. Select **Save**. | ||
|
|
||
| A message appears on the browser stating that the application ID URI was updated. | ||
| A message appears on the browser stating that the application ID URI updated. |
| 1. Note and save the application ID URI. You need it for updating the app manifest later. | ||
|
|
||
| The application ID URI is configured. You can now define scope and permissions for your app. | ||
| The application ID URI configures. You can now define scope and permissions for your app. |
There was a problem hiding this comment.
“is configured” correctly indicates the state
| 1. Select **Add application**. | ||
|
|
||
| A message appears on the browser stating that the authorized client app was added. | ||
| A message appears on the browser stating that the authorized client app added. |
| > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs that you must add. | ||
| > * If your app has a tab app, you'll need either web or SPA, as you can't have a mobile or desktop client application in Teams. | ||
| > * While it's recommended to use same App ID, you can use a different App Registration ID in the webApplicationInfo section of your Teams app manifest that's not same as the Azure bot App ID. This is a valid and supported configuration. | ||
| > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs to add. |
There was a problem hiding this comment.
"that you must" should be used as it conveys an essential requirement. Also use common contractions at every place in this document. This should be applied to all similar instances in the document.
| 1. Select **Add**. | ||
|
|
||
| A message appears on the browser stating that the client secret was updated, and the client secret displays on the page. | ||
| A message appears on the browser stating that the client secret updated, and the client secret displays on the page. |
| 1. Select **Configure**. | ||
|
|
||
| The platform is configured and displayed in the **Platform configurations** page. | ||
| The platform configures and displays in the **Platform configurations** page. |
There was a problem hiding this comment.
Keep the original version
| The platform configures and displays in the **Platform configurations** page. | ||
|
|
||
| The Microsoft Entra app configuration is complete, and now you must enable SSO support for your bot resource by configuring OAuth connection. | ||
| The Microsoft Entra app configuration completes, and now configure OAuth connection to enable SSO on your bot resource. |
There was a problem hiding this comment.
keep "is complete", rest is fine
| :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/set-app-id-uri.png" alt-text="Screenshot shows the Application ID URI added." ::: | ||
|
|
||
| * The **Application ID URI** is pre-filled with app ID (GUID) in the format `api://{AppID}`. | ||
| * The **Application ID URI** pre-fills with app ID (GUID) in the format `api://{AppID}`. |
There was a problem hiding this comment.
Keep the original version. “is prefilled” is grammatically correct and appropriate.
| > * **Standalone bot**: If you're building a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} is your Microsoft Entra application ID. | ||
| > * **Application ID URI for app with multiple capabilities**: If you're building an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` is your bot app ID. | ||
| > * **Standalone bot**: If you build a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} represents your Microsoft Entra application ID. | ||
| > * **Application ID URI for app with multiple capabilities**: If you build an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` identifies your bot app ID. |
There was a problem hiding this comment.
Use “is” for simplicity and clarity. Rest is fine
| 1. Note and save the application ID URI. You need it for updating the app manifest later. | ||
|
|
||
| The application ID URI is configured. You can now define scope and permissions for your app. | ||
| The application ID URI configures. You can now define scope and permissions for your app. |
There was a problem hiding this comment.
Keep the original one. It is is clear and correct.
|
|
||
| > [!NOTE] | ||
| > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope is suitable for using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md). | ||
| > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md). |
There was a problem hiding this comment.
Stick with “is suitable for” for better readability
| > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md). | ||
| A message appears on the browser stating that the scope was added. | ||
| A message appears on the browser stating that the scope added. |
| > The new scope you defined displays on the page. Ensure that you note and save the scope you configured. You need it to update OAuth connection later. | ||
| The scope and permissions are now configured. Next, you must configure the authorized client applications for your Microsoft Entra app. | ||
| The scope and permissions configure. Next, configure the authorized client applications for your Microsoft Entra app. |
There was a problem hiding this comment.
“are now configured” correctly indicates the state
| > The new scope you defined displays on the page. Ensure that you note and save the scope you configured. You need it to update OAuth connection later. | ||
| The scope and permissions are now configured. Next, you must configure the authorized client applications for your Microsoft Entra app. | ||
| The scope and permissions configure. Next, configure the authorized client applications for your Microsoft Entra app. |
There was a problem hiding this comment.
“are now configured” correctly indicates the state.
This PR updates the content of the file: msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md.
Submitted by: @yashy797