From e61c4bc60a0ae7fd5ec98d25efc34a8fdda2a255 Mon Sep 17 00:00:00 2001
From: "docsautomation[bot]"
 <198554515+docsautomation[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 08:47:46 +0000
Subject: [PATCH] Update
 msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md by
 yashy797

---
 .../authentication/bot-sso-register-aad.md    | 305 ++++++++----------
 1 file changed, 141 insertions(+), 164 deletions(-)

diff --git a/msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md b/msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md
index 179ea210cb4..b07ce5d8809 100644
--- a/msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md
+++ b/msteams-platform/bots/how-to/authentication/bot-sso-register-aad.md
@@ -8,42 +8,35 @@ ms.owner: ryanbliss
 ---
 # Configure your app in Microsoft Entra ID
 
-Microsoft Entra ID provides app users access to your bot or message extension app. The app user who has signed in to Teams can be given access to your app.
+Microsoft Entra ID grants app users access to your bot or message extension app. An app user who signs in to Teams receives access to your app.
 
 <a name='sso-configuration-in-azure-ad-portal'></a>
 
 ## SSO configuration in Microsoft Entra admin center
 
-The bot and message extension apps use Bot Framework for communicating with app users and implementing authentication.
+Bot and message extension apps use Bot Framework for communicating with app users and implementing authentication.
 
-To configure single sign-on (SSO) for your bot or message extension app, you'll need to:
+To configure single sign-on (SSO) for your bot or message extension app, you must:
 
 * Configure bot resource in Microsoft Entra ID
 * Configure app in Microsoft Entra ID
 
 > [!NOTE]
-> Ensure that you've created an app and a bot resource in Microsoft Entra ID.
+> Ensure that you have created an app and a bot resource in Microsoft Entra ID.
 >
 > * For more information about creating an app in Microsoft Entra ID, see [register a new app in Microsoft Entra ID](../../../tabs/how-to/authentication/tab-sso-register-aad.md#to-register-a-new-app-in-azure-ad).
 > * For more information about creating and configuring your bot resource in Microsoft Entra ID, see [create Teams conversation bot](../conversations/channel-and-group-conversations.md).
 
 You can configure your bot resource and app in Microsoft Entra ID for your bot or message extension app in one of the following two ways:
 
-* **Configure SSO using bot resource and configure Microsoft Entra app**: You can start by configuring SSO for your bot resource, and enable SSO for your Microsoft Entra app. You'll configure:
-
+* **Configure SSO using bot resource and configure Microsoft Entra app**: Start by configuring SSO for your bot resource and then enable SSO for your Microsoft Entra app. You will configure:
   * For bot resource: Messaging endpoint and OAuth connection.
-
     > [!NOTE]
-    > When you create your bot resource in Microsoft Entra ID, you can select the option for creating a new app ID, or you can use an existing app ID if you've already registered your app in Microsoft Entra ID.
-
+    > When you create your bot resource in Microsoft Entra ID, you can select the option for creating a new app ID, or select an existing app ID if you have already registered your app in Microsoft Entra ID.
   * For Microsoft Entra app: App ID URI, scope and permissions, trusted client IDs, access token version, client secret, and redirect URL.
-
-* **Configure SSO using Microsoft Entra app and then configuring bot resource**: You can start by configuring your Microsoft Entra app, and then use this app ID in the bot resource when you enable SSO for it. You'll configure:
-
+* **Configure SSO using Microsoft Entra app and then configuring bot resource**: Start by configuring your Microsoft Entra app, and then use its app ID in the bot resource when you enable SSO. You will configure:
   * For Microsoft Entra app: App ID URI, access token, trusted client IDs, access token version, client secret, and redirect URL.
-
   * For bot resource: Messaging endpoint and OAuth connection.
-
     > [!NOTE]
     > Configure bot resource using the app ID generated by Microsoft Entra ID when you registered your app.
 
@@ -51,7 +44,7 @@ You can configure your bot resource and app in Microsoft Entra ID for your bot o
 
 ## Enable SSO in Microsoft Entra ID
 
-By the end of this tutorial, you'll learn to configure:
+By the end of this tutorial, you configure:
 
 * Application ID
 * Bot ID
@@ -77,11 +70,11 @@ To enable SSO for your app in Microsoft Entra ID:
 * **[Configure OAuth connection](#configure-oauth-connection)**
 
 > [!IMPORTANT]
-> Ensure that when you create your bot resource, select the option to create a new app ID. You can also use an existing app ID, if you've already registered an app in Microsoft Entra admin center.
+> Ensure that when you create your bot resource, you select the option to create a new app ID. You can also use an existing app ID, if you have already registered an app in Microsoft Entra admin center.
 
 ## Configure messaging endpoint
 
-Messaging endpoint is where messages are sent to your bot. It enables communication with your bot.
+Messaging endpoint is where messages send to your bot. It enables communication with your bot.
 
 ### To configure messaging endpoint for your bot resource
 
@@ -92,7 +85,7 @@ Messaging endpoint is where messages are sent to your bot. It enables communicat
 
 1. Select **Settings** > **Configuration**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu." :::
 
     The **Configuration** page appears.
 
@@ -102,9 +95,9 @@ Messaging endpoint is where messages are sent to your bot. It enables communicat
 
 1. Select **Apply**.
 
-    The messaging endpoint is configured.
+    The messaging endpoint configures.
 
-You've configured the messaging endpoint for your bot resource. Next, you must enable SSO for the Microsoft Entra app.
+You have configured the messaging endpoint for your bot resource. Next, enable SSO for the Microsoft Entra app.
 
 <a name='configure-sso-for-azure-ad-app'></a>
 
@@ -113,7 +106,7 @@ You've configured the messaging endpoint for your bot resource. Next, you must e
 
 ## Configure SSO for Microsoft Entra app
 
-You must configure permissions and scopes, authorize client applications, update app manifest (previously called Teams app manifest), and create client secret for your Microsoft Entra app. These configurations help to invoke SSO for your bot app.
+You must configure permissions and scopes, authorize client applications, update app manifest (previously called Teams app manifest), and create client secret for your Microsoft Entra app. These configurations help invoke SSO for your bot app.
 
 ### Configure access token version
 
@@ -129,15 +122,15 @@ You must define the access token version for your app in the Microsoft Entra app
 
 1. Set the `requestedAccessTokenVersion` property to **2**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" alt-text="Screenshot shows the Value for access token version." lightbox="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" alt-text="Screenshot shows the Value for access token version." lightbox="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" :::
 
 1. Select **Save**.
 
-    A message appears on the browser stating that the app manifest was updated successfully.
+    A message appears on the browser stating that the app manifest updated successfully.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-aad-manifest-msg.png" alt-text="Screenshot shows the Manifest updated message.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-aad-manifest-msg.png" alt-text="Screenshot shows the Manifest updated message." :::
 
-You've updated the access token version. Next, you'll configure the scope of the access token.
+You have updated the access token version. Next, configure the scope of the access token.
 
 ### Configure scope for the access token
 
@@ -145,9 +138,9 @@ Configure scope (permission) options for sending access token to Teams client an
 
 You need:
 
-* [To configure application ID URI](#to-configure-application-id-uri): Configure scope (permission) options for your app. You'll expose a web API and configure the application ID URI.
-* [To configure API scope](#to-configure-api-scope): Define scope for the API, and the users who can consent for a scope. You can let only admins provide consent for higher-privileged permissions.
-* [To configure authorized client application](#to-configure-authorized-client-application): Create authorized client IDs for applications that you want to pre-authorize. It allows the app user to access the app scopes (permissions) you've configured, without requiring any further consent. Pre-authorize only those client applications you trust, as your app users won't have the opportunity to decline consent.
+* [To configure application ID URI](#to-configure-application-id-uri): Configure scope (permission) options for your app. You expose a web API and configure the application ID URI.
+* [To configure API scope](#to-configure-api-scope): Define scope for the API and the users who can consent for a scope. You can let only admins provide consent for higher-privileged permissions.
+* [To configure authorized client application](#to-configure-authorized-client-application): Create authorized client IDs for applications you want to pre-authorize. It allows the app user to access the app scopes (permissions) you configure, without requiring any further consent. Pre-authorize only those client applications you trust because your app users will not have the opportunity to decline consent.
 
 #### To configure application ID URI
 
@@ -159,7 +152,7 @@ You need:
 
 1. Select **Settings** > **Configuration**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu under Settings.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu under Settings." :::
 
     The **Configuration** page appears.
 
@@ -169,9 +162,9 @@ You need:
 
     The Microsoft Entra app page appears.
 
-    The new app ID (client ID) for the app appears on this page. Note and save this app ID. You'll need to update it in the app manifest later. If you used the ID of an existing app when you created the bot resource, then ID of that app appears in this page.
+    The new app ID (client ID) for the app appears on this page. Note and save this app ID. You need to update it in the app manifest later. If you used the ID of an existing app when you created the bot resource, then that app's ID appears on this page.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/aad-app-regd.png" alt-text="Screenshot shows the Bot app page with Application client ID highlighted.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/aad-app-regd.png" alt-text="Screenshot shows the Bot app page with Application client ID highlighted." :::
 
 1. Select **Manage** > **Expose an API** from the left pane.
 
@@ -187,16 +180,16 @@ You need:
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/set-app-id-uri.png" alt-text="Screenshot shows the Application ID URI added." :::
 
-    * The **Application ID URI** is prefilled with app ID (GUID) in the format `api://{AppID}`.
+    * The **Application ID URI** pre-fills with app ID (GUID) in the format `api://{AppID}`.
 
     > [!IMPORTANT]
     >
-    > * **Sensitive information**: The application ID URI is logged as part of the authentication process and must not contain sensitive information.
+    > * **Sensitive information**: The application ID URI logs as part of the authentication process and must not contain sensitive information.
     >
-    > * **Standalone bot**: If you're building a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} is your Microsoft Entra application ID.
-    > * **Application ID URI for app with multiple capabilities**: If you're building an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` is your bot app ID.
+    > * **Standalone bot**: If you build a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} represents your Microsoft Entra application ID.
+    > * **Application ID URI for app with multiple capabilities**: If you build an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` identifies your bot app ID.
     >
-    > * **Format for domain name**: Use lowercase letters for domain name. Don't use upper case.
+    > * **Format for domain name**: Use lowercase letters for domain name. Do not use upper case.
     >
     >   For example, to create an app service or web app with resource name, 'demoapplication':
     >
@@ -209,7 +202,7 @@ You need:
 
 1. Select **Save**.
 
-    A message appears on the browser stating that the application ID URI was updated.
+    A message appears on the browser stating that the application ID URI updated.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/app-id-uri-msg.png" alt-text="Screenshot shows the Application ID URI updated message." :::
 
@@ -217,9 +210,9 @@ You need:
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/app-id-uri-added.png" alt-text="Screenshot shows the updated Application ID URI." :::
 
-1. Note and save the application ID URI. You'll need it for updating the app manifest later.
+1. Note and save the application ID URI. You need it for updating the app manifest later.
 
-The application ID URI is configured. You can now define scope and permissions for your app.
+The application ID URI configures. You can now define scope and permissions for your app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+configure+application+ID+URI&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dbotid%23to-configure-application-id-uri&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
@@ -234,7 +227,7 @@ The application ID URI is configured. You can now define scope and permissions f
 
 1. Enter the details for configuring scope.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-scope.png" alt-text="Screenshot shows how to add scope details in Azure.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-scope.png" alt-text="Screenshot shows how to add scope details in Azure." :::
 
     1. Enter the scope name.
     2. Select the user who can give consent for this scope. The default option is **Admins only**.
@@ -246,37 +239,37 @@ The application ID URI is configured. You can now define scope and permissions f
     8. Select **Add scope**.
 
         > [!NOTE]
-        > For this tutorial, you can use openid profile `User.Read User.ReadBasic.All` as scope. This scope is suitable for using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md).
+        > For this tutorial, you can use openid profile `User.Read User.ReadBasic.All` as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md).
 
-    A message appears on the browser stating that the scope was added.
+    A message appears on the browser stating that the scope added.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/scope-added-msg.png" alt-text="Screenshot shows the Scope added message." :::
 
     > [!NOTE]
-    > The new scope you defined displays on the page. Ensure that you note and save the scope that you've configured. You'll need it to update OAuth connection later.
+    > The new scope you defined displays on the page. Ensure that you note and save the scope you configured. You need it to update OAuth connection later.
 
-The scope and permissions are now configured. Next, you must configure the authorized client applications for your Microsoft Entra app.
+The scope and permissions configure. Next, configure the authorized client applications for your Microsoft Entra app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+configure+API+scope&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dbotid%23to-configure-api-scope&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
 
 #### To configure authorized client application
 
-1. Move through the **Expose an API** page to the **Authorized client application** section, and select **+ Add a client application**.
+1. Navigate through the **Expose an API** page to the **Authorized client application** section, and select **+ Add a client application**.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/auth-client-apps.png" alt-text="Screenshot shows the Add a client application option highlighted under Authorized client applications." :::
 
     The **Add a client application** page appears.
 
-1. Enter the appropriate Microsoft 365 client ID for the applications that you want to authorize for your app’s web application.
+1. Enter the appropriate Microsoft 365 client ID for the applications you want to authorize for your app’s web application.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-client-app.png" alt-text="Screenshot shows the Client ID added." :::
 
     > [!NOTE]
     >
-    > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs that you must add.
-    > * If your app has a tab app, you'll need either web or SPA, as you can't have a mobile or desktop client application in Teams.
-    > * While it's recommended to use same App ID, you can use a different App Registration ID in the webApplicationInfo section of your Teams app manifest that's not same as the Azure bot App ID. This is a valid and supported configuration.
+    > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs to add.
+    > * If your app has a tab app, you need either web or SPA because you cannot use a mobile or desktop client application in Teams.
+    > * Although it is recommended to use the same App ID, you can use a different App Registration ID in the webApplicationInfo section of your Teams app manifest that is different from the Azure bot App ID. This configuration is valid and supported.
     >   * The `botId` in the bots section refers to the Azure Bot registration used for messaging and interaction.
     >   * The `webApplicationInfo.id` refers to the Microsoft Entra App Registration used for authentication such as SSO, token acquisition, Graph API access.
 
@@ -297,7 +290,7 @@ The scope and permissions are now configured. Next, you must configure the autho
 
 1. Select **Add application**.
 
-    A message appears on the browser stating that the authorized client app was added.
+    A message appears on the browser stating that the authorized client app added.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-app-auth-msg.png" alt-text="Screenshot shows the Client ID added message." :::
 
@@ -306,9 +299,9 @@ The scope and permissions are now configured. Next, you must configure the autho
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/client-app-added.png" alt-text="Screenshot shows the newly added Client ID under Authorized client applications screen." :::
 
     > [!NOTE]
-    > You can authorize more than one client application. Repeat the steps of this procedure for configuring another authorized client application.
+    > You can authorize more than one client application. Repeat this procedure to configure another authorized client application.
 
-You've successfully configured app scope, permissions, and client applications. Ensure that you note and save the application ID URI. Next, you'll create a client secret for your app.
+You have successfully configured app scope, permissions, and client applications. Ensure that you note and save the application ID URI. Next, create a client secret for your app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+define+the+access+token+version&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dbotid%23to-define-the-access-token-version&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
@@ -321,13 +314,13 @@ A client secret is a string that the application uses to prove its identity when
 
 1. Select **Manage** > **Certificates & secrets**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-menu.png" alt-text="Screenshot shows the Certificates and secrets menu option.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-menu.png" alt-text="Screenshot shows the Certificates and secrets menu option." :::
 
     The **Certificates & secrets** page appears.
 
 1. Select **+ New client secret**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret.png" alt-text="Screenshot shows the New client secret option highlighted to add a new client secret.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret.png" alt-text="Screenshot shows the New client secret option highlighted to add a new client secret." :::
 
    The **Add a client secret** page appears.
 
@@ -338,28 +331,28 @@ A client secret is a string that the application uses to prove its identity when
 
 1. Select **Add**.
 
-   A message appears on the browser stating that the client secret was updated, and the client secret displays on the page.
+   A message appears on the browser stating that the client secret updated, and the client secret displays on the page.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-added.png" alt-text="Screenshot shows the Client secret added message.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-added.png" alt-text="Screenshot shows the Client secret added message." :::
 
 1. Select the copy button next to the **Value** of client secret.
-1. Save the value that you copied. You'll need it later for updating code.
+1. Save the value you copied. You need it later for updating code.
 
    > [!IMPORTANT]
-   > Ensure that you copy the value of client secret right after you create it. The value is visible only at the time when the client secret is created, and it can't be viewed after that.
+   > Ensure that you copy the value of client secret right after you create it. The value displays only when the client secret is created, and you cannot view it later.
 
-You've configured the client secret. Next, you must configure the redirect URL.
+You have configured the client secret. Next, configure the redirect URL.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+create+a+client+secret+for+your+app&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dbotid%23to-create-a-client-secret-for-your-app&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
 
 ### Configure redirect URL
 
-Configuration for authentication depends on the platform or device where you want to target your app. You may need to configure redirect URIs, authentication settings, or platform-specific details.
+Configuration for authentication depends on the platform or device you want to target your app. You may need to configure redirect URIs, authentication settings, or platform-specific details.
 
 > [!NOTE]
 >
-> * If your bot app hasn't been granted IT admin consent, app users have to provide consent the first time they use your app on a different platform.
+> * If your bot app has not been granted IT admin consent, app users must provide consent the first time they use your app on a different platform.
 > * Implicit grant is not required if SSO is enabled on a bot app.
 
 You can configure authentication for multiple platforms as long as the URL is unique.
@@ -380,43 +373,39 @@ You can configure authentication for multiple platforms as long as the URL is un
 
     The **Configure platforms** page appears.
 
-1. Select the platform that you want to configure for your app. You can select the platform type from Web or SPA.
+1. Select the platform you want to configure for your app. You can select the platform type from Web or SPA.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/configure-platform.png" alt-text="Screenshot shows the selection of web platform." :::
 
-    <!--You can configure multiple platforms for a particular platform type. Ensure that the redirect URI is unique for every platform you configure.-->
-
     The **Configure Web** page appears.
 
     > [!NOTE]
-    > The configurations will be different based on the platform you select.
+    > Configurations differ based on the platform you select.
 
 1. Enter the configuration details for the platform.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/config-web-platform.png" alt-text="Screenshot shows the Configure Web page to provide inputs." :::
 
-    1. Enter the redirect URI. The URI should be unique.
-
+    1. Enter the redirect URI. The URI must be unique.
         > [!NOTE]
         >
         > * The URL mentioned in **Redirect URIs** is an example.
         > * You can customize the OAuth redirect URL for your bot and identity provider based on your data residency requirements, whether your bot is in the public cloud, Microsoft Azure Government cloud, or Microsoft Azure operated by 21Vianet. For OAuth URLs and data residency list, see [OAuth URL support in Azure AI Bot Service](/azure/bot-service/ref-oauth-redirect-urls?view=azure-bot-service-4.0&preserve-view=true).
-
     1. Enter the front-channel logout URL.
     1. Select the tokens you want Microsoft Entra ID to send for your app.
 
 1. Select **Configure**.
 
-    The platform is configured and displayed in the **Platform configurations** page.
+    The platform configures and displays in the **Platform configurations** page.
 
-The Microsoft Entra app configuration is complete, and now you must enable SSO support for your bot resource by configuring OAuth connection.
+The Microsoft Entra app configuration completes, and now configure OAuth connection to enable SSO on your bot resource.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+configure+redirect+URL&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dbotid%23to-configure-redirect-url&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
 
 ## Configure OAuth connection
 
-For a bot to support SSO, you must update its OAuth connection settings. This process associates the bot with app details that you configured for your Microsoft Entra app:
+For a bot to support SSO, update its OAuth connection settings. This process associates the bot with app details you configured for your Microsoft Entra app:
 
 * Microsoft Entra app ID, which is the client ID
 * Tenant ID
@@ -437,9 +426,9 @@ With the app (client) ID and client secret provided, the Bot Framework Token Sto
 
     The **Configuration** page appears.
 
-1. Move through the **Configuration** page and select **Add OAuth Connection Settings**.
+1. Navigate through the **Configuration** page and select **Add OAuth Connection Settings**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-oauth-connection.png" alt-text="Screenshot shows the Add OAuth Connection Settings option highlighted.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-oauth-connection.png" alt-text="Screenshot shows the Add OAuth Connection Settings option highlighted." :::
 
     The **New Connection Setting** page appears.
 
@@ -449,27 +438,25 @@ With the app (client) ID and client secret provided, the Bot Framework Token Sto
 
     1. Enter a name for the configuration setting.
     1. Select the service provider.
-
         The remaining configuration details appear.
-
         :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/new-config-setting-b.png" alt-text="Screenshot shows the additional fields for New Connection Setting." :::
-
-    1. Enter the app (client) ID for the Microsoft Entra app.
-    1. Enter the client secret that you've created for your bot.
+    1. Enter the client ID that was generated when you created the bot app.
+    1. Enter the client secret that you created for your bot.
     1. Enter the application ID URI of your bot in the **Token Exchange URL**.
     1. Enter the tenant ID.
-    1. Enter the scope that you defined when you configured the scope and permissions.
-
+    1. Enter the scope you defined when configuring the permissions.
+        > [!NOTE]
+        > For this tutorial, you can use openid profile `User.Read User.ReadBasic.All` as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample).
 1. Select **Save**.
 1. Select **Apply**.
 
-    After you've configured the OAuth connection, you can select **Test connection** to check if the OAuth connection is successful.
+After you configure the OAuth connection, select **Test connection** to verify if the OAuth connection succeeds.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/test-oauth.png" alt-text="Screenshot shows the Test OAuth connection for your bot resource option.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/test-oauth.png" alt-text="Screenshot shows the Test OAuth connection for your bot resource option." :::
 
-    If the connection isn't successful, Microsoft Entra ID displays an error. You can verify all the configurations and test again.
+If the connection does not succeed, Microsoft Entra ID displays an error. Verify all configurations and test again.
 
-Congratulations! You've completed the following app configurations in Microsoft Entra ID required to enable SSO for your bot app:
+Congratulations! You have completed the following app configurations in Microsoft Entra ID required to enable SSO for your bot app:
 
 * Application ID
 * Bot ID
@@ -503,7 +490,7 @@ To create and configure your app for enabling SSO in Microsoft Entra ID:
 You must configure permissions and scopes, authorize client applications, update app manifest, and create client secret for your Microsoft Entra app. These configurations help invoke SSO for your bot app.
 
 > [!IMPORTANT]
-> Ensure that you've [registered your app](../../../tabs/how-to/authentication/tab-sso-register-aad.md#to-register-a-new-app-in-azure-ad) in Microsoft Entra ID. At registration, Microsoft Entra ID generates a new app ID that you must note. You'll need to update it later in the app manifest file.
+> Ensure that you have [registered your app](../../../tabs/how-to/authentication/tab-sso-register-aad.md#to-register-a-new-app-in-azure-ad) in Microsoft Entra ID. At registration, Microsoft Entra ID generates a new app ID that you must note. You need to update it later in the app manifest file.
 
 ### Configure the access token version
 
@@ -519,25 +506,25 @@ You must define the access token version for your app in the Microsoft Entra app
 
 1. Set the `requestedAccessTokenVersion` property to **2**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" alt-text="Screenshot shows the Value for access token version." lightbox="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" alt-text="Screenshot shows the Value for access token version." lightbox="../../../assets/images/authentication/teams-sso-bots/azure-manifest-value.png" :::
 
 1. Select **Save**.
 
-    A message appears on the browser stating that the app manifest was updated successfully.
+    A message appears on the browser stating that the app manifest updated successfully.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-aad-manifest-msg.png" alt-text="Screenshot shows the Manifest updated message.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-aad-manifest-msg.png" alt-text="Screenshot shows the Manifest updated message." :::
 
-You've updated the access token version. Next, you'll configure the scope for access token.
+You have updated the access token version. Next, configure the scope for access token.
 
 ### Configure scope for access token
 
-You must configure scope (permission) options for your Microsoft Entra app. You need it for sending access token to Teams client and authorize trusted client applications.
+You must configure scope (permission) options for your Microsoft Entra app. You need it for sending access token to Teams client and authorizing trusted client applications.
 
-To configure scope and authorize trusted client applications, you'll need:
+To configure scope and authorize trusted client applications, you need:
 
-* [To configure application ID URI for your app](#to-configure-application-id-uri-for-your-app): Configure scope (permission) options for your app. You'll expose a web API and configure the application ID URI.
+* [To configure application ID URI for your app](#to-configure-application-id-uri-for-your-app): Configure scope (permission) options for your app. You expose a web API and configure the application ID URI.
 * [To configure API scope for your app](#to-configure-api-scope-for-your-app): Define scope for the API and the users who can consent for a scope. You can let only admins provide consent for higher-privileged permissions.
-* [To configure an authorized client application](#to-configure-an-authorized-client-application): Create authorized client IDs for applications that you want to pre-authorize. It allows the app user to access the app scopes (permissions) you've configured, without requiring any further consent. Pre-authorize only those client applications you trust as your app users won't have the opportunity to decline consent.
+* [To configure an authorized client application](#to-configure-an-authorized-client-application): Create authorized client IDs for applications you want to pre-authorize. It allows the app user to access the app scopes (permissions) you configure, without requiring any further consent.
 
 #### To configure application ID URI for your app
 
@@ -549,7 +536,7 @@ To configure scope and authorize trusted client applications, you'll need:
 
 1. Select **Settings** > **Configuration**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the Configuration menu.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the Configuration menu." :::
 
     The **Configuration** page appears.
 
@@ -559,9 +546,9 @@ To configure scope and authorize trusted client applications, you'll need:
 
     The Microsoft Entra app page appears.
 
-    The new app ID (client ID) for the app appears on this page. Note and save this app ID. You'll need to update it in the app manifest later. If you used the ID of an existing app when you created the bot resource, then ID of that app appears in this page.
+    The new app ID (client ID) for the app appears on this page. Note and save this app ID. You need to update it in the app manifest later. If you used the ID of an existing app when you created the bot resource, then that app's ID appears on this page.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/aad-app-regd.png" alt-text="Screenshot shows the Bot app page with Application client ID highlighted.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/aad-app-regd.png" alt-text="Screenshot shows the Bot app page with Application client ID highlighted." :::
 
 1. Select **Manage** > **Expose an API** from the left pane.
 
@@ -577,14 +564,14 @@ To configure scope and authorize trusted client applications, you'll need:
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/set-app-id-uri.png" alt-text="Screenshot shows the Application ID URI added." :::
 
-    * The **Application ID URI** is pre-filled with app ID (GUID) in the format `api://{AppID}`.
+    * The **Application ID URI** pre-fills with app ID (GUID) in the format `api://{AppID}`.
 
     > [!IMPORTANT]
     >
-    > * **Standalone bot**: If you're building a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} is your Microsoft Entra application ID.
-    > * **Application ID URI for app with multiple capabilities**: If you're building an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` is your bot app ID.
+    > * **Standalone bot**: If you build a standalone bot, enter the application ID URI as api://botid-{YourBotId}. Here, {YourBotId} represents your Microsoft Entra application ID.
+    > * **Application ID URI for app with multiple capabilities**: If you build an app with a bot, a messaging extension, and a tab, enter the application ID URI as `api://fully-qualified-domain-name.com/botid-{YourClientId}`, where `{YourClientId}` identifies your bot app ID.
     >
-    > * **Format for domain name**: Use lowercase letters for domain name. Don't use upper case.
+    > * **Format for domain name**: Use lowercase letters for domain name. Do not use upper case.
     >
     >   For example, to create an app service or web app with resource name, 'demoapplication':
     >
@@ -597,7 +584,7 @@ To configure scope and authorize trusted client applications, you'll need:
 
 1. Select **Save**.
 
-    A message appears on the browser stating that the application ID URI was updated.
+    A message appears on the browser stating that the application ID URI updated.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/app-id-uri-msg.png" alt-text="Screenshot shows the Application ID URI updated message." :::
 
@@ -605,9 +592,9 @@ To configure scope and authorize trusted client applications, you'll need:
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/app-id-uri-added.png" alt-text="Screenshot shows the updated Application ID URI." :::
 
-1. Note and save the application ID URI. You'll need it for updating the app manifest later.
+1. Note and save the application ID URI. You need it for updating the app manifest later.
 
-The application ID URI is configured. You can now define scope and permissions for your app.
+The application ID URI configures. You can now define scope and permissions for your app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+configure+application+ID+URI+for+your+app&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
@@ -622,49 +609,49 @@ The application ID URI is configured. You can now define scope and permissions f
 
 1. Enter the details for configuring scope.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-scope.png" alt-text="Screenshot shows how to add scope details in Azure.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-scope.png" alt-text="Screenshot shows how to add scope details in Azure." :::
 
     1. Enter the scope name.
-    1. Select the user who can give consent for this scope. The default option is **Admins only**.
-    1. Enter the **Admin consent display name**.
-    1. Enter the description for admin consent.
-    1. Enter the **User consent display name**.
-    1. Enter the user consent description.
-    1. Select the **Enabled** option for state.
-    1. Select **Add scope**.
+    2. Select the user who can give consent for this scope. The default option is **Admins only**.
+    3. Enter the **Admin consent display name**.
+    4. Enter the description for admin consent.
+    5. Enter the **User consent display name**.
+    6. Enter the user consent description.
+    7. Select the **Enabled** option for state.
+    8. Select **Add scope**.
 
         > [!NOTE]
-        > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope is suitable for using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md).
+        > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample). You can also add more Graph scopes and permissions. For more information, see [Extend your app with Microsoft Graph permissions and scopes](bot-sso-graph-api.md).
 
-    A message appears on the browser stating that the scope was added.
+    A message appears on the browser stating that the scope added.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/scope-added-msg.png" alt-text="Screenshot shows the Scope added message." :::
 
     > [!NOTE]
-    > The new scope you defined displays on the page. Ensure that you note and save the scope that you've configured. You'll need it to update OAuth connection later.
+    > The new scope you defined displays on the page. Ensure that you note and save the scope you configured. You need it to update OAuth connection later.
 
-The scope and permissions are now configured. Next, you must configure the authorized client applications for your Microsoft Entra app.
+The scope and permissions configure. Next, configure the authorized client applications for your Microsoft Entra app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+configure+API+scope+for+your+app&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dwindows%23to-configure-api-scope-for-your-app&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
 
 #### To configure an authorized client application
 
-1. Move through the **Expose an API** page to the **Authorized client application** section, and select **+ Add a client application**.
+1. Navigate through the **Expose an API** page to the **Authorized client application** section, and select **+ Add a client application**.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/auth-client-apps.png" alt-text="Screenshot shows the Add a client application option highlighted under Authorized client applications." :::
 
     The **Add a client application** page appears.
 
-1. Enter the appropriate Microsoft 365 client ID for the applications that you want to authorize for your app’s web application.
+1. Enter the appropriate Microsoft 365 client ID for the applications you want to authorize for your app’s web application.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/add-client-app.png" alt-text="Screenshot shows the Client ID added." :::
 
     > [!NOTE]
     >
-    > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs that you must add.
-    > * If your app has a tab app, you'll need either web or SPA, as you can't have a mobile or desktop client application in Teams.
-    > * While it's recommended to use same App ID, you can use a different App Registration ID in the webApplicationInfo section of your Teams app manifest that's not same as the Azure bot App ID. This is a valid and supported configuration.
+    > * The Microsoft 365 client IDs for mobile, desktop, and web applications for Teams, Microsoft 365 app, and Outlook are the actual IDs to add.
+    > * If your app has a tab app, you need either web or SPA because you cannot use a mobile or desktop client application in Teams.
+    > * Although it is recommended to use the same App ID, you can use a different App Registration ID in the webApplicationInfo section of your Teams app manifest that is different from the Azure bot App ID. This configuration is valid and supported.
     >   * The `botId` in the bots section refers to the Azure Bot registration used for messaging and interaction.
     >   * The `webApplicationInfo.id` refers to the Microsoft Entra App Registration used for authentication such as SSO, token acquisition, Graph API access.
 
@@ -685,7 +672,7 @@ The scope and permissions are now configured. Next, you must configure the autho
 
 1. Select **Add application**.
 
-    A message appears on the browser stating that the authorized client app was added.
+    A message appears on the browser stating that the authorized client app added.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/update-app-auth-msg.png" alt-text="Screenshot shows the Client ID added message." :::
 
@@ -694,9 +681,9 @@ The scope and permissions are now configured. Next, you must configure the autho
     :::image type="content" source="../../../assets/images/authentication/teams-sso-tabs/client-app-added.png" alt-text="Screenshot shows the newly added Client ID under Authorized client applications screen." :::
 
     > [!NOTE]
-    > You can authorize more than one client application. Repeat the steps of this procedure for configuring another authorized client application.
+    > You can authorize more than one client application. Repeat this procedure to configure another authorized client application.
 
-You've successfully configured app scope, permissions, and client applications. Ensure that you note and save the application ID URI. Next, step is to create a client secret for your app next.
+You have successfully configured app scope, permissions, and client applications. Ensure that you note and save the application ID URI. Next, create a client secret for your app.
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+define+access+token+version&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dwindows%23to-define-access-token-version&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
@@ -709,13 +696,13 @@ A client secret is a string that the application uses to prove its identity when
 
 1. Select **Manage** > **Certificates & secrets**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-menu.png" alt-text="Screenshot shows the Certificates and secrets menu option.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-menu.png" alt-text="Screenshot shows the Certificates and secrets menu option." :::
 
     The **Certificates & secrets** page appears.
 
 1. Select **+ New client secret**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret.png" alt-text="Screenshot shows the New client secret option highlighted to add a new client secret.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret.png" alt-text="Screenshot shows the New client secret option highlighted to add a new client secret." :::
 
    The **Add a client secret** page appears.
 
@@ -726,26 +713,23 @@ A client secret is a string that the application uses to prove its identity when
 
 1. Select **Add**.
 
-   A message appears on the browser stating that the client secret was updated, and the client secret displays on the page.
+   A message appears on the browser stating that the client secret updated, and the client secret displays on the page.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-added.png" alt-text="Screenshot shows the Client secret added message.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/client-secret-added.png" alt-text="Screenshot shows the Client secret added message." :::
 
 1. Select the copy button next to the **Value** of client secret.
-1. Save the value that you copied. You'll need it later for updating code.
+1. Save the value you copied. You need it later for updating code.
 
    > [!IMPORTANT]
-   > Ensure that you copy the value of client secret right after you create it. The value is visible only at the time when the client secret is created, and it can't be viewed after that.
-
-> [!div class="nextstepaction"]
-> [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI+ran+into+an+issue%5D+To+create+a+client+secret&&author=%40surbhigupta&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad%3Ftabs%3Dwindows%23to-create-a-client-secret&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Fbots%2Fhow-to%2Fauthentication%2Fbot-sso-register-aad.md&documentVersionIndependentId=ac68d7e8-2a35-5208-8724-68bd2fdd79b6&platformId=cdaccc16-060c-8eb1-2cee-c1f6a26e285c&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B%2A%2Amsteams%2A%2A)
+   > Ensure that you copy the value of client secret right after you create it. The value displays only when the client secret is created, and you cannot view it later.
 
 ### Configure redirect URL for your app
 
-Configuration for authentication depends on the platform or device where you want to target your app. You may need to configure redirect URIs, authentication settings, or platform-specific details.
+Configuration for authentication depends on the platform or device you want to target your app. You may need to configure redirect URIs, authentication settings, or platform-specific details.
 
 > [!NOTE]
 >
-> * If your bot app hasn't been granted IT admin consent, app users have to provide consent the first time they use your app on a different platform.
+> * If your bot app has not been granted IT admin consent, app users must provide consent the first time they use your app on a different platform.
 > * Implicit grant is not required if SSO is enabled on a bot app.
 
 You can configure authentication for multiple platforms as long as the URL is unique.
@@ -766,34 +750,32 @@ You can configure authentication for multiple platforms as long as the URL is un
 
     The **Configure platforms** page appears.
 
-1. Select the platform that you want to configure for your app. You can select the platform type from web or SPA.
+1. Select the platform you want to configure for your app. You can select the platform type from web or SPA.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/configure-platform.png" alt-text="Screenshot shows the selection of web platform." :::
 
     The **Configure Web** page appears.
 
     > [!NOTE]
-    > The configurations will be different based on the platform you select.
+    > Configurations differ based on the platform you select.
 
 1. Enter the configuration details for the platform.
 
     :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/config-web-platform.png" alt-text="Screenshot shows the Configure Web page to provide inputs." :::
 
-    1. Enter the redirect URI. The URI should be unique.
-
+    1. Enter the redirect URI. The URI must be unique.
         > [!NOTE]
         >
         > * The URL mentioned in **Redirect URIs** is an example.
-        > * You can customize the OAuth redirect URL for your bot and identity provider based on your data residency requirements, whether your bot is in the public cloud, Microsoft Azure Government cloud, or 21Vianet operated Microsoft Azure. For OAuth URL and data residency list, see [OAuth URL support in Azure AI Bot Service](/azure/bot-service/ref-oauth-redirect-urls?view=azure-bot-service-4.0&preserve-view=true).
-
+        > * You can customize the OAuth redirect URL for your bot and identity provider based on your data residency requirements, whether your bot is in the public cloud, Microsoft Azure Government cloud, or 21Vianet operated Microsoft Azure. For OAuth URLs and data residency list, see [OAuth URL support in Azure AI Bot Service](/azure/bot-service/ref-oauth-redirect-urls?view=azure-bot-service-4.0&preserve-view=true).
     1. Enter the front-channel logout URL.
     1. Select the tokens you want Microsoft Entra ID to send for your app.
 
 1. Select **Configure**.
 
-    The platform is configured and displayed in the **Platform configurations** page.
+    The platform configures and displays in the **Platform configurations** page.
 
-The configuration for Microsoft Entra app is complete, and now you can configure your bot resource for enabling SSO.
+The configuration for Microsoft Entra app completes, and now you can configure your bot resource for enabling SSO.
 
 <a name='configure-bot-resource-in-azure-ad'></a>
 
@@ -814,7 +796,7 @@ To enable SSO for your bot resource:
 
 ### Configure messaging endpoint for your bot resource
 
-Messaging endpoint is where messages are sent to your bot. It enables communication with your bot.
+Messaging endpoint is where messages send to your bot. It enables communication with your bot.
 
 #### To configure messaging endpoint
 
@@ -825,7 +807,7 @@ Messaging endpoint is where messages are sent to your bot. It enables communicat
 
 1. Select **Settings** > **Configuration**.
 
-    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/bot-app-menu.png" alt-text="Screenshot shows the bot Configuration menu." :::
 
     The **Configuration** page appears.
 
@@ -835,7 +817,7 @@ Messaging endpoint is where messages are sent to your bot. It enables communicat
 
 1. Select **Apply**.
 
-    The messaging endpoint is configured.
+    The messaging endpoint configures.
 
 Now, you must configure the OAuth connection to enable SSO for your bot resource.
 
@@ -844,7 +826,7 @@ Now, you must configure the OAuth connection to enable SSO for your bot resource
 
 ### Configure OAuth connection for your bot resource
 
-For a bot to support SSO, you must update its OAuth connection settings. This process associates the bot with app details that you configured for your Microsoft Entra app:
+For a bot to support SSO, update its OAuth connection settings. This process associates the bot with app details you configured for your Microsoft Entra app:
 
 * Microsoft Entra app ID, which is the client ID
 * Tenant ID
@@ -865,7 +847,7 @@ With the app (client) ID and client secret provided, the Bot Framework Token Sto
 
     The **Configuration** page appears.
 
-1. Move through the **Configuration** page and select **Add OAuth Connection Settings**.
+1. Navigate through the **Configuration** page and select **Add OAuth Connection Settings**.
 
     The **New Connection Setting** page appears.
 
@@ -875,30 +857,25 @@ With the app (client) ID and client secret provided, the Bot Framework Token Sto
 
     1. Enter a name for the configuration setting.
     1. Select the service provider.
-
         The remaining configuration details appear.
-
         :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/new-config-setting-b.png" alt-text="Screenshot shows the additional fields for New Connection Setting." :::
-
     1. Enter the client ID that was generated when you created the bot app.
-    1. Enter the client secret that you've created for your bot.
+    1. Enter the client secret that you created for your bot.
     1. Enter the application ID URI of your bot in the **Token Exchange URL**.
     1. Enter the tenant ID.
-    1. Enter the scope that you defined when you configured the permissions.
-
+    1. Enter the scope you defined when configuring the permissions.
         > [!NOTE]
-        > For this tutorial, you can use openid profile User.Read User.ReadBasic.All as scope. This scope is suitable for using the [Code sample](bot-sso-code.md#code-sample).
-
+        > For this tutorial, you can use openid profile `User.Read User.ReadBasic.All` as scope. This scope suits using the [Code sample](bot-sso-code.md#code-sample).
 1. Select **Save**.
 1. Select **Apply**.
 
-After you've configured the OAuth connection, you can select **Test connection** to check if the OAuth connection is successful.
+After you configure the OAuth connection, select **Test connection** to verify if the OAuth connection succeeds.
 
-:::image type="content" source="../../../assets/images/authentication/teams-sso-bots/test-oauth.png" alt-text="Screenshot shows the Test OAuth connection for your bot resource option.":::
+    :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/test-oauth.png" alt-text="Screenshot shows the Test OAuth connection for your bot resource option." :::
 
-If the connection isn't successful, Microsoft Entra ID displays an error. You can verify all configurations and test again.
+If the connection does not succeed, Microsoft Entra ID displays an error. Verify all configurations and test again.
 
-Congratulations! You've completed the following app configurations in Microsoft Entra ID required to enable SSO for your bot app:
+Congratulations! You have completed the following app configurations in Microsoft Entra ID required to enable SSO for your bot app:
 
 * Application ID
 * Bot ID
@@ -916,15 +893,15 @@ Congratulations! You've completed the following app configurations in Microsoft
 
 ## Best practices
 
-* Keep the Microsoft Entra app registration restricted to its original purpose of service to service application.
-* For better control over disabling authentication connections, rolling secrets, or reusing the Microsoft Entra app with other applications, create an additional Microsoft Entra app for any user to service authentication.
+* Keep Microsoft Entra app registration restricted to its original purpose of service-to-service application.
+* For better control over disabling authentication connections, rolling secrets, or reusing Microsoft Entra app with other applications, create an additional Microsoft Entra app for any user-to-service authentication.
 
-If you use the Microsoft Entra registration app for authentication, you might encounter the following issues:
+If you use Microsoft Entra registration app for authentication, you might encounter the following issues:
 
-* If you renew the certificate attached to the Microsoft Entra app registration, it affects the users who have authenticated with other Microsoft Entra services using the certificate.
+* Renewing the certificate attached to Microsoft Entra app registration affects users who have authenticated with other Microsoft Entra services using the certificate.
 * It creates a single point of failure and control for all authentication-related activities with the bot.
 
 ## Next step
 
 > [!div class="nextstepaction"]
-> [Add code to enable SSO](bot-sso-code.md)
+> [Add code to enable SSO](bot-sso-code.md)
\ No newline at end of file