Merge pull request #268233 from dcurwin/fix-relative-links-march6-2024

Fix relative links

Author: v-dirichards

articles/container-instances/TOC.yml

@@ -180,7 +180,7 @@
     - name: Troubleshoot common issues
       href: container-instances-troubleshooting.md
     - name: Troubleshoot common issues
-      href: https://learn.microsoft.com/troubleshoot/azure/azure-container-instances/welcome-container-instances
+      href: /troubleshoot/azure/azure-container-instances/welcome-container-instances
 - name: Reference
   items:
   - name: Azure CLI

articles/defender-for-cloud/adaptive-network-hardening.md

@@ -134,6 +134,6 @@ To delete an adaptive network hardening rule for your current session:
 
     ![Deleting a rule.](./media/adaptive-network-hardening/delete-hard-rule.png)
 
-## Next steps
+## Next step
 
-- View common questions about [adaptive network hardening](/azure/defender-for-cloud/faq-defender-for-servers#which-ports-are-supported-by-adaptive-network-hardening-)
+- View common questions about [adaptive network hardening](faq-defender-for-servers.yml#which-ports-are-supported-by-adaptive-network-hardening-)

articles/defender-for-cloud/advanced-configurations-for-malware-scanning.md

@@ -14,7 +14,7 @@ Malware Scanning can be configured to send scanning results to the following:
 - **Event Grid custom topic** - for near-real time automatic response based on every scanning result.
 - **Log Analytics workspace** - for storing every scan result in a centralized log repository for compliance and audit.
 
-Learn more on how to [set up response for malware scanning](/azure/defender-for-cloud/defender-for-storage-configure-malware-scan) results.
+Learn more on how to [set up response for malware scanning](defender-for-storage-configure-malware-scan.md) results.
 
 > [!TIP]
 > We recommend you try the [Ninja training instructions](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2019%20-%20Defender%20for%20Storage.md), a hands-on lab, to try out malware scanning in Defender for Storage, using detailed step-by-step instructions on how to test malware scanning end-to-end with setting up responses to scanning results. This is part of the 'labs' project that helps customers get ramped up with Microsoft Defender for Cloud and provides hands-on practical experience with its capabilities.
@@ -25,7 +25,7 @@ For each storage account enabled with malware scanning, you can define a Log Ana
 
 :::image type="content" source="media/azure-defender-storage-configure/log-analytics-settings.png" alt-text="Screenshot showing where to configure a Log Analytics destination for scan log." lightbox="media/azure-defender-storage-configure/log-analytics-settings.png":::
 
-Before sending scan results to Log Analytics, [create a Log Analytics workspace](/azure/azure-monitor/logs/quick-create-workspace) or use an existing one.
+Before sending scan results to Log Analytics, [create a Log Analytics workspace](../azure-monitor/logs/quick-create-workspace.md) or use an existing one.
 
 To configure the Log Analytics destination, navigate to the relevant storage account, open the **Microsoft Defender for Cloud** tab, and select the settings to configure.
 

articles/defender-for-cloud/agentless-vulnerability-assessment-aws.md

@@ -12,7 +12,7 @@ ms.topic: how-to
 Vulnerability assessment for AWS, powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
 
 > [!NOTE]
-> This feature supports scanning of images in the ECR only. Images that are stored in other container registries should be imported into ECR for coverage. Learn how to [import container images to a container registry](/azure/container-registry/container-registry-import-images).
+> This feature supports scanning of images in the ECR only. Images that are stored in other container registries should be imported into ECR for coverage. Learn how to [import container images to a container registry](../container-registry/container-registry-import-images.md).
 
 In every account where enablement of this capability is completed, all images stored in ECR that meet the criteria for scan triggers are scanned for vulnerabilities without any extra configuration of users or registries. Recommendations with vulnerability reports are provided for all images in ECR as well as images that are currently running in EKS that were pulled from an ECR registry or any other Defender for Cloud supported registry (ACR, GCR, or GAR). Images are scanned shortly after being added to a registry, and rescanned for new vulnerabilities once every 24 hours.
 
@@ -31,7 +31,7 @@ Container vulnerability assessment powered by Microsoft Defender Vulnerability M
     | [AWS registry container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/AwsContainerRegistryRecommendationDetailsBlade/assessmentKey/c27441ae-775c-45be-8ffa-655de37362ce) | Scans your AWS registries container images for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. Resolving vulnerabilities can greatly improve your security posture, ensuring images are safe to use prior to deployment. | c27441ae-775c-45be-8ffa-655de37362ce |
     | [AWS running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/AwsContainersRuntimeRecommendationDetailsBlade/assessmentKey/682b2595-d045-4cff-b5aa-46624eb2dd8f) | Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. This recommendation provides visibility to vulnerable images currently running in your Elastic Kubernetes clusters. Remediating vulnerabilities in container images that are currently running is key to improving your security posture, significantly reducing the attack surface for your containerized workloads. | 682b2595-d045-4cff-b5aa-46624eb2dd8f |
 
-- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](/azure/governance/resource-graph/overview#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via ARG](review-security-recommendations.md).
+- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](../governance/resource-graph/overview.md#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via ARG](review-security-recommendations.md).
 
 - **Query scan results via REST API** - Learn how to query scan results via [REST API](subassessment-rest-api.md).
 
@@ -47,7 +47,7 @@ The triggers for an image scan are:
   - **Re-scan** is performed once a day for:  
     - Images pushed in the last 90 days.
     - Images pulled in the last 30 days.
-    - Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability) or the [Defender agent](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability)).
+    - Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability)).
 
 ## How does image scanning work?
 
@@ -58,9 +58,9 @@ A detailed description of the scan process is described as follows:
 - Once a day, and for new images pushed to a registry:
 
   - All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
-  - Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both  [Agentless discovery for Kubernetes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability) and [inventory collected via the Defender agent running on EKS nodes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability)
+  - Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both  [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender agent running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability)
   - Vulnerability reports for registry container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/AwsContainerRegistryRecommendationDetailsBlade/assessmentKey/c27441ae-775c-45be-8ffa-655de37362ce).
-- For customers using either [Agentless discovery for Kubernetes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability) or [inventory collected via the Defender agent running on EKS nodes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an EKS cluster. For customers using only [Agentless discovery for Kubernetes](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender agent](/azure/defender-for-cloud/defender-for-containers-enable#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
+- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender agent running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an EKS cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
 
 > [!NOTE]
 > For [Defender for Container Registries (deprecated)](defender-for-container-registries-introduction.md), images are scanned once on push, on pull, and rescanned only once a week.