Update deny assignments, fix links

rolyon · rolyon · commit 18fc087cc0a9 · 2024-02-16T14:31:26.000-08:00
diff --git a/articles/lighthouse/how-to/monitor-delegation-changes.md b/articles/lighthouse/how-to/monitor-delegation-changes.md
@@ -61,7 +61,7 @@ az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role
 
 ### Remove elevated access for the Global Administrator account
 
-After you've assigned the Monitoring Reader role at root scope to the desired account, be sure to [remove the elevated access](../../role-based-access-control/elevate-access-global-admin.md#remove-elevated-access) for the Global Administrator account, as this level of access will no longer be needed.
+After you've assigned the Monitoring Reader role at root scope to the desired account, be sure to [remove the elevated access](../../role-based-access-control/elevate-access-global-admin.md) for the Global Administrator account, as this level of access will no longer be needed.
 
 ## View delegation changes in the Azure portal
 
diff --git a/articles/role-based-access-control/elevate-access-global-admin.md b/articles/role-based-access-control/elevate-access-global-admin.md
@@ -105,7 +105,7 @@ To remove the User Access Administrator role assignment at root scope (`/`), fol
 
 ### Step 1: Elevate access for a Global Administrator
 
-Use the [Azure portal](#azure-portal) or [REST API](#rest-api) to elevate access for a Global Administrator.
+Use the Azure portal or REST API to elevate access for a Global Administrator.
 
 ### Step 2: List role assignment at root scope (/)
 
@@ -237,9 +237,9 @@ Once you have elevated access, you can list all of the role assignments for a us
 
 ### Step 3: List deny assignments at root scope (/)
 
-You can list all of the deny assignments for a user at root scope (`/`).
+Once you have elevated access, you can list all of the deny assignments for a user at root scope (`/`).
 
-- Call GET denyAssignments where `{objectIdOfUser}` is the object ID of the user whose deny assignments you want to retrieve.
+- Call [Deny Assignments - List For Scope](/rest/api/authorization/deny-assignments/list-for-scope) where `{objectIdOfUser}` is the object ID of the user whose deny assignments you want to retrieve.
 
    ```http
    GET https://management.azure.com/providers/Microsoft.Authorization/denyAssignments?api-version=2022-04-01&$filter=gdprExportPrincipalId+eq+'{objectIdOfUser}'
