gibbons324
diff --git a/‎5-AccessControl/2-call-api-groups/AppCreationScripts/Configure.ps1‎
Lines changed: 4 additions & 4 deletions b/‎5-AccessControl/2-call-api-groups/AppCreationScripts/Configure.ps1‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎5-AccessControl/2-call-api-groups/README.md‎
Lines changed: 16 additions & 17 deletions b/‎5-AccessControl/2-call-api-groups/README.md‎
Lines changed: 16 additions & 17 deletions
@@ -400,10 +400,10 @@ Function ConfigureApplications
 
  $newClaim = CreateOptionalClaim -name "groups" 
  $optionalClaims.IdToken += ($newClaim)
- # $newClaim = CreateOptionalClaim -name "groups" 
- # $optionalClaims.AccessToken += ($newClaim)
- # $newClaim = CreateOptionalClaim -name "groups" 
- # $optionalClaims.Saml2Token += ($newClaim)
+ $newClaim = CreateOptionalClaim -name "groups" 
+ $optionalClaims.AccessToken += ($newClaim)
+ $newClaim = CreateOptionalClaim -name "groups" 
+ $optionalClaims.Saml2Token += ($newClaim)
 
  # Add Optional Claims
 
 
@@ -2,16 +2,16 @@
 page_type: sample
 name: Angular single-page application calling a protected ASP.NET Core web API and using Security Groups to implement Role-Based Access Control
 description: An Angular single-page application calling a protected AspNet web API and using Security Groups to implement Role-Based Access Control (RBAC)
-- languages:
-- typescript
-- csharp
-- javascript
+languages:
+ - typescript
+ - csharp
+ - javascript
 products:
-- azure-active-directory
-- ms-graph
-- msal-js
-- msal-angular
-- microsoft-identity-web
+ - azure-active-directory
+ - ms-graph
+ - msal-js
+ - msal-angular
+ - microsoft-identity-web
 urlFragment: ms-identity-javascript-angular-tutorial
 extensions:
 - services: ms-identity
@@ -39,7 +39,7 @@ extensions:
 
 This sample demonstrates a cross-platform application suite involving an Angular single-page application (*TodoListSPA*) calling an ASP.NET Core web API (*TodoListAPI*) secured with the Microsoft identity platform. In doing so, it implements **Role-based Access Control** (RBAC) by using Azure AD **[Security Groups](https://learn.microsoft.com/azure/active-directory/fundamentals/how-to-manage-groups)**.
 
-Role based access control in Azure AD can be done with **Delegated** and **App** permissions and **App Roles** as well. We will cover RBAC using App Roles in the E:\github\Azure-Samples\ms-identity-javascript-angular-tutorial\5-AccessControl\2-call-api-groups\README.md. **Delegated** and **App** permissions, **Security Groups** and **App Roles** in Azure AD are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
+Role based access control in Azure AD can be done with **Delegated** and **App** permissions and **App Roles** as well. We will cover RBAC using App Roles in the [previous tutorial](../1-call-api-roles/README.md). **Delegated** and **App** permissions, **Security Groups** and **App Roles** in Azure AD are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
 
 In the sample, a dashboard component allows signed-in users to see the tasks assigned to them or other users based on their memberships to one of the two security groups, **GroupAdmin** and **GroupMember**.
 
@@ -203,20 +203,19 @@ To manually register the apps, as a first step you'll need to:
 ##### Grant Delegated Permissions to msal-angular-app
 
 1. Since this app signs-in users, we will now proceed to select **delegated permissions**, which is is required by apps signing-in users.
- 1. In the app's registration screen, select the **API permissions** blade in the left to open the page where we add access to the APIs that your application needs:
+1. In the app's registration screen, select the **API permissions** blade in the left to open the page where we add access to the APIs that your application needs:
  1. Select the **Add a permission** button and then:
  1. Ensure that the **My APIs** tab is selected.
  1. In the list of APIs, select the API `msal-angular-app`.
- * Since this app signs-in users, we will now proceed to select **delegated permissions**, which is requested by apps that signs-in users.
- * In the **Delegated permissions** section, select **access_via_group_assignments** in the list. Use the search box if necessary.
+ 1. In the **Delegated permissions** section, select **access_via_group_assignments** in the list. Use the search box if necessary.
  1. Select the **Add permissions** button at the bottom.
  1. Select the **Add a permission** button and then:
  1. Ensure that the **Microsoft APIs** tab is selected.
  1. In the *Commonly used Microsoft APIs* section, select **Microsoft Graph**
- * Since this app signs-in users, we will now proceed to select **delegated permissions**, which is requested by apps that signs-in users.
- * In the **Delegated permissions** section, select **User.Read**, **GroupMember.Read.All** in the list. Use the search box if necessary.
+ 1. In the **Delegated permissions** section, select **User.Read**, **GroupMember.Read.All** in the list. Use the search box if necessary.
  1. Select the **Add permissions** button at the bottom.
- > :warning: To handle the groups overage scenario, please grant [admin consent](https://learn.microsoft.com/azure/active-directory/manage-apps/grant-admin-consent?source=recommendations#grant-admin-consent-in-app-registrations) to the Microsoft Graph **GroupMember.Read.All** [permission](https://learn.microsoft.com/graph/permissions-reference). See the section on how to [create the overage scenario for testing](#create-the-overage-scenario-for-testing) below for more.
+
+> :warning: To handle the groups overage scenario, please grant [admin consent](https://learn.microsoft.com/azure/active-directory/manage-apps/grant-admin-consent?source=recommendations#grant-admin-consent-in-app-registrations) to the Microsoft Graph **GroupMember.Read.All** [permission](https://learn.microsoft.com/graph/permissions-reference). See the section on how to [create the overage scenario for testing](#create-the-overage-scenario-for-testing) below for more.
 
 ##### Configure Optional Claims
 
@@ -396,7 +395,7 @@ If a user is member of more groups than the overage limit (**150 for SAML tokens
 
 #### Create the Overage Scenario for testing
 
-1. You can use the [BulkCreateGroups.ps1](./AppCreationScripts/BulkCreateGroups.ps1) provided in the [App Creation Scripts](./AppCreationScripts/) folder to create a large number of groups and assign users to them. This will help test overage scenarios during development. You'll need to enter a user'S Object ID when prompted by the `BulkCreateGroups.ps1` script. If you would like to delete these groups after your testing, run the [BulkRemoveGroups.ps1](./AppCreationScripts/BulkRemoveGroups.ps1).
+1. You can use the [BulkCreateGroups.ps1](./AppCreationScripts/BulkCreateGroups.ps1) provided in the [App Creation Scripts](./AppCreationScripts/) folder to create a large number of groups and assign users to them. This will help test overage scenarios during development. You'll need to enter a user's object ID when prompted by the `BulkCreateGroups.ps1` script. If you would like to delete these groups after your testing, run the [BulkRemoveGroups.ps1](./AppCreationScripts/BulkRemoveGroups.ps1).
 
 > When attending to overage scenarios, which requires a call to [Microsoft Graph](https://graph.microsoft.com) to read the signed-in user's group memberships, your app will need to have the [User.Read](https://docs.microsoft.com/graph/permissions-reference#user-permissions) and [GroupMember.Read.All](https://docs.microsoft.com/graph/permissions-reference#group-permissions) for the [getMemberGroups](https://docs.microsoft.com/graph/api/user-getmembergroups) function to execute successfully.