more updates

cebundy-work · cebundy-work · commit ebb340e4d17e · 2026-03-24T16:51:26.000-07:00
diff --git a/articles/healthcare-apis/register-application.md b/articles/healthcare-apis/register-application.md
@@ -19,35 +19,41 @@ In this article, you learn how to register a client application in Microsoft Ent
 
 1. In the [Azure portal](https://portal.azure.com), select **Microsoft Entra ID**.
 2. Select **App registrations**.
-[ ![Screen shot of new app registration window.](media/register-application-new-app-registration.png) ](media/register-application-new-app-registration.png#lightbox)
+    :::image type="content" source="media/register-application-new-app-registration.png" alt-text="Screen shot of new app registration window." lightbox="media/register-application-new-app-registration.png":::
+
 3. Select **New registration**.
 4. For Supported account types, select **Accounts in this organization directory only**. Don't change the other options.
-[ ![Screenshot of new registration account options.](media/register-application-account-types.png) ](media/register-application-account-types.png#lightbox)
+   :::image type="content" source="media/register-application-account-types.png" alt-text="Screenshot of new registration account options." lightbox="media/register-application-account-types.png":::
+
 5. Select **Register**.
 
 ## Application ID (client ID)
 
 After registering a new application, you can find the application (client) ID and Directory (tenant) ID in the **Overview** menu option. Make a note of the values for use later.
 
-[![Screenshot of client ID overview panel.](media/register-application-app-overview.png) ](media/register-application-app-overview.png#lightbox)
+:::image type="content" source="media/register-application-app-overview.png" alt-text="Screenshot of client ID overview panel." lightbox="media/register-application-app-overview.png":::
+
 
 ## Authentication setting: confidential vs. public
 
-Select **Authentication** > **Settings** to review the settings. The default value for **Allow public client flows** is **No**.
+Select **Authentication** and the **Settings** tab to review the settings. The default value for **Allow public client flows** is **Disabled**.
 
 If you keep this default value, the application registration is a **confidential client application** and requires a certificate or secret.
 
-[ ![Screenshot of confidential client application.](media/register-application-allow-public-client-flows.png) ](media/register-application-allow-public-client-flows.png#lightbox)
+:::image type="content" source="media/register-application-allow-public-client-flows.png" alt-text="Screenshot of confidential client application."::: ](media/register-application-allow-public-client-flows.png#lightbox)
 
-If you change the default value to **Yes** for the **Allow public client flows** option in the advanced setting, the application registration is a **public client application** and doesn't require a certificate or secret. The **Yes** value is useful when you want to build a public client application using the OAuth authorization protocol or features as described in [Public client and confidential client applications](/entra/identity-platform/msal-client-applications#when-should-you-enable-a-public-client-flow-in-your-app-registration).
+
+If you enable the **Allow public client flows** option, the application registration is a public client application and doesn't require a certificate or secret. Public client applications are useful when you want to use the OAuth 2.0 authorization protocol or features as described in [Public client and confidential client applications](/entra/identity-platform/msal-client-applications#when-should-you-enable-a-public-client-flow-in-your-app-registration).
 
 For tools that require a redirect URI, such as [OAuth 2.0](/entra/identity-platform/v2-app-types), go to the **Redirect URI configuration** tab and select **Add Redirect URI** to configure the platform.
 
-[ ![Screenshot of select a platform.](media/register-application-select-platform.png) ](media/register-application-select-platform.png#lightbox)
+:::image type="content" source="media/register-application-select-platform.png" alt-text="Screenshot of select a platform." lightbox="media/register-application-select-platform.png":::
+
+
+For example, when you choose **Mobile and desktop applications**, you select the redirect URI for that platform.
 
-For example, when you choose **Mobile and desktop applications**, you then select the redirect URI for that platform.
+:::image type="content" source="media/register-application-add-redirect-uri-mobile-desktop-platform.png" alt-text="Screenshot of configure other platform." lightbox="media/register-application-add-redirect-uri-mobile-desktop-platform.png":::
 
-[ ![Screenshot of configure other platform.](media/register-application-add-redirect-uri-mobile-desktop-platform.png) ](media/register-application-add-redirect-uri-mobile-desktop-platform.png#lightbox)
 
 
 
@@ -60,10 +66,10 @@ To create a new client secret, use the following steps.
 1. In **Add a client secret**, enter a **Description**.
 1. Accept the recommended 180-day value in the **Expires** field, or select a different value from the list.
 1. Select **Add**.
-    [ ![Screenshot of certificates and secrets.](media/register-application-new-client-secret.png) ](media/register-application-new-client-secret.png#lightbox)
+    :::image type="content" source="media/register-application-new-client-secret.png" alt-text="Screenshot of certificates and secrets." lightbox="media/register-application-new-client-secret.png":::
 
 1. Copy the secret value by selecting the copy button next to the **Value**.
-    [ ![Screenshot of copy client secret.](media/register-application-copy-client-secret.png) ](media/register-application-copy-client-secret.png#lightbox)
+    :::image type="content" source="media/register-application-copy-client-secret.png" alt-text="Screenshot of copy client secret." lightbox="media/register-application-copy-client-secret.png":::
 
 
 >[!NOTE]
@@ -78,27 +84,28 @@ The following steps are required for the DICOM service, but optional for the FHI
 
 1. Select **API permissions**.
 
-   [ ![Screenshot of API permission page with Add a permission button highlighted.](dicom/media/dicom-add-apis-permissions.png) ](dicom/media/dicom-add-apis-permissions.png#lightbox)
+   :::image type="content" source="dicom/media/dicom-add-apis-permissions.png" alt-text="Screenshot of API permission page with Add a permission button highlighted." lightbox="dicom/media/dicom-add-apis-permissions.png":::
 
 2. Select **Add a permission**.
 
    If you're using Azure Health Data Services, add a permission to the DICOM service by searching for **Azure API for DICOM** under **APIs my organization** uses. 
 
-   [ ![Screenshot of Search API permissions page with the APIs my organization uses tab selected.](dicom/media/dicom-search-apis-permissions.png) ](dicom/media/dicom-search-apis-permissions.png#lightbox)
+   :::image type="content" source="dicom/media/dicom-search-apis-permissions.png" alt-text="Screenshot of Search API permissions page with the APIs my organization uses tab selected." lightbox="dicom/media/dicom-search-apis-permissions.png":::
 
    The search result for Azure API for DICOM appears only if you already deployed the DICOM service in the workspace.
 
    If you're referencing a different resource application, select your DICOM API Resource Application Registration that you created previously under **APIs my organization**.
 
 3. Select scopes (permissions) that the confidential client application asks for on behalf of a user. Select **Dicom.ReadWrite**, and then select **Add permissions**.
 
-   [ ![Screenshot of scopes (permissions) that the client application will ask for on behalf of a user.](dicom/media/dicom-select-scope.png) ](dicom/media/dicom-select-scope.png#lightbox)
+   :::image type="content" source="dicom/media/dicom-select-scope.png" alt-text="Screenshot of scopes (permissions) that the client application will ask for on behalf of a user." lightbox="dicom/media/dicom-select-scope.png":::
 
 >[!NOTE]
->Use `grant_type` of `client_credentials` when getting an access token for the FHIR service using tools such as REST Client. For more information, see [Accessing Azure Health Data Services using the REST Client Extension in Visual Studio Code](./fhir/using-rest-client.md).
+>Use `grant_type` of `client_credentials` when getting an access token for the FHIR service by using tools such as REST Client. For more information, see [Accessing Azure Health Data Services using the REST Client Extension in Visual Studio Code](./fhir/using-rest-client.md).
 >>Use `grant_type` of `client_credentials` or `authentication_code` when getting an access token for the DICOM service. For more information, see [Using DICOM with cURL](dicom/dicomweb-standard-apis-curl.md).
 
-## Related content
+## Next steps
 
-[Register an application with REST API](register-application-cli-rest.md)
-[Access Azure Health Data Services with a REST Client](fhir/using-rest-client.md)
+>[!NEXT STEPS]
+> - [Grant permissions to the client application](configure-azure-rbac.md)
+> - [Access Azure Health Data Services](access-healthcare-apis.md)
