MicrosoftDocs
diff --git a/‎articles/active-directory/conditional-access/howto-conditional-access-policy-authentication-strength-external.md
Lines changed: 6 additions & 5 deletions b/‎articles/active-directory/conditional-access/howto-conditional-access-policy-authentication-strength-external.md
Lines changed: 6 additions & 5 deletions
diff --git a/‎articles/active-directory/fundamentals/how-to-customize-branding.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/fundamentals/how-to-customize-branding.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/azure-blob-csi.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/azure-blob-csi.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/concepts-network.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/concepts-network.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/gpu-cluster.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/gpu-cluster.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/operator-best-practices-advanced-scheduler.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/operator-best-practices-advanced-scheduler.md
Lines changed: 1 addition & 1 deletion
@@ -30,15 +30,19 @@ In external user scenarios, the MFA authentication methods that a resource tenan
 
 > [!NOTE]
 > Currently, you can only apply authentication strength policies to external users who authenticate with Azure AD. For email one-time passcode, SAML/WS-Fed, and Google federation users, use the [MFA grant control](concept-conditional-access-grant.md#require-multi-factor-authentication) to require MFA.
+
 ## Configure cross-tenant access settings to trust MFA
 
 Authentication strength policies work together with [MFA trust settings](../external-identities/cross-tenant-access-settings-b2b-collaboration.md#to-change-inbound-trust-settings-for-mfa-and-device-claims) in your cross-tenant access settings to determine where and how the external user must perform MFA. An Azure AD user first authenticates with their own account in their home tenant. Then when this user tries to access your resource, Azure AD applies the authentication strength Conditional Access policy and checks to see if you've enabled MFA trust.
 
-- **If MFA trust is enabled**, Azure AD checks the user's authentication session for a claim indicating that MFA has been fulfilled in the user's home tenant. The table below indicates which authentication methods are acceptable for MFA fulfillment when completed in an external user's home tenant.
-- **If MFA trust is disabled**, the resource tenant presents the user with a challenge to complete MFA in the resource tenant using an acceptable authentication method. The table below shows which authentication methods are acceptable for MFA fulfillment by an external user.
+- **If MFA trust is enabled**, Azure AD checks the user's authentication session for a claim indicating that MFA has been fulfilled in the user's home tenant.
+- **If MFA trust is disabled**, the resource tenant presents the user with a challenge to complete MFA in the resource tenant using an acceptable authentication method.
+
+The authentication methods that external users can use to satisfy MFA requirements are different depending on whether the user is completing MFA in their home tenant or the resource tenant. See the table in [Conditional Access authentication strength](https://aka.ms/b2b-auth-strengths).
 
 > [!IMPORTANT]
 > Before you create the Conditional Access policy, check your cross-tenant access settings to make sure your inbound MFA trust settings are configured as intended.
+
 ## Choose an authentication strength
 
 Determine if one of the built-in authentication strengths will work for your scenario or if you'll need to create a custom authentication strength.
@@ -48,9 +52,6 @@ Determine if one of the built-in authentication strengths will work for your sce
 1. Review the built-in authentication strengths to see if one of them meets your requirements.
 1. If you want to enforce a different set of authentication methods, [create a custom authentication strength](https://aka.ms/b2b-auth-strengths).
 
-> [!NOTE]
-> The authentication methods that external users can use to satisfy MFA requirements are different depending on whether the user is completing MFA in their home tenant or the resource tenant. See the table in [Conditional Access authentication strength](https://aka.ms/b2b-auth-strengths).
-
 ## Create a Conditional Access policy
 
 Use the following steps to create a Conditional Access policy that applies an authentication strength to external users.
 
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: how-to
-ms.date: 11/21/2022
+ms.date: 01/31/2023
 ms.author: sarahlipsey
 ms.reviewer: almars
 ms.custom: "it-pro, seodec18, fasttrack-edit"
@@ -83,7 +83,7 @@ The sign-in experience process is grouped into sections. At the end of each sect
     - Choose one of two **Templates**: Full-screen or partial-screen background. The full-screen background could obscure your background image, so choose the partial-screen background if your background image is important.
     - The details of the **Header** and **Footer** options are set on the next two sections of the process.
 
-- **Custom CSS**: Upload custom CSS to replace the Microsoft default style of the page. [Download the CSS template](https://download.microsoft.com/download/7/2/7/727f287a-125d-4368-a673-a785907ac5ab/custom-styles-template.css).
+- **Custom CSS**: Upload custom CSS to replace the Microsoft default style of the page. [Download the CSS template](https://download.microsoft.com/download/7/2/7/727f287a-125d-4368-a673-a785907ac5ab/custom-styles-template-013023.css).
 
 ## Header
 
 
@@ -229,4 +229,4 @@ To have a storage volume persist for your workload, you can use a StatefulSet. T
 [azure-csi-blob-storage-provision]: azure-csi-blob-storage-provision.md
 [azure-disk-csi-driver]: azure-disk-csi.md
 [azure-files-csi-driver]: azure-files-csi.md
-[install-azure-cli]: /cli/azure/install_azure_cli
+[install-azure-cli]: /cli/azure/install-azure-cli
@@ -268,5 +268,5 @@ For more information on core Kubernetes and AKS concepts, see the following arti
 [nginx-ingress]: ingress-basic.md
 [ip-preservation]: https://techcommunity.microsoft.com/t5/fasttrack-for-azure/how-client-source-ip-preservation-works-for-loadbalancer/ba-p/3033722#:~:text=Enable%20Client%20source%20IP%20preservation%201%20Edit%20loadbalancer,is%20the%20same%20as%20the%20source%20IP%20%28srjumpbox%29.
 [nsg-traffic]: ../virtual-network/network-security-group-how-it-works.md
-[azure-cni-aks]: /configure-azure-cni.md
-[kubenet-aks]: /configure-kubenet.md
+[azure-cni-aks]: configure-azure-cni.md
+[kubenet-aks]: configure-kubenet.md
@@ -442,7 +442,7 @@ For information on using Azure Kubernetes Service with Azure Machine Learning, s
 [azureml-deploy]: ../machine-learning/how-to-deploy-managed-online-endpoints.md
 [azureml-triton]: ../machine-learning/how-to-deploy-with-triton.md
 [aks-container-insights]: monitor-aks.md#container-insights
-[advanced-scheduler-aks]: /aks/operator-best-practices-advanced-scheduler.md
+[advanced-scheduler-aks]: operator-best-practices-advanced-scheduler.md
 [az-provider-register]: /cli/azure/provider#az-provider-register
 [az-feature-register]: /cli/azure/feature#az-feature-register
-[az-feature-show]: /cli/azure/feature#az-feature-show
+[az-feature-show]: /cli/azure/feature#az-feature-show
@@ -247,4 +247,4 @@ This article focused on advanced Kubernetes scheduler features. For more informa
 [aks-best-practices-identity]: operator-best-practices-identity.md
 [use-multiple-node-pools]: use-multiple-node-pools.md
 [taint-node-pool]: use-multiple-node-pools.md#specify-a-taint-label-or-tag-for-a-node-pool
-[use-gpus-aks]: /aks/gpu-cluster.md
+[use-gpus-aks]: gpu-cluster.md