Merge pull request #218456 from cmcclister/cm-linkfix-20221115-3

LinkFix: azure-docs-pr (2022-11) - 3

Author: tamarakhader

articles/virtual-network/nat-gateway/manage-nat-gateway.md

@@ -27,7 +27,7 @@ This article explains how to manage the following aspects of NAT gateway:
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
-- An existing Azure Virtual Network. For information about creating an Azure Virtual Network, see [Quickstart: Create a virtual network using the Azure portal](/azure/virtual-network/quick-create-portal).
+- An existing Azure Virtual Network. For information about creating an Azure Virtual Network, see [Quickstart: Create a virtual network using the Azure portal](../quick-create-portal.md).
 
     - The example virtual network used in this article is named **myVNet**. Replace the example value with the name of your virtual network. 
 
@@ -697,5 +697,4 @@ To learn more about Azure Virtual Network NAT and its capabilities, see the foll
 
 - [NAT gateway and availability zones](nat-availability-zones.md)
 
-- [Design virtual networks with NAT gateway](nat-gateway-resource.md)
-
+- [Design virtual networks with NAT gateway](nat-gateway-resource.md)

articles/virtual-network/nat-gateway/nat-metrics.md

@@ -259,7 +259,7 @@ To create the alert, use the following steps:
 11. Select **Create** to create the alert rule.
 
 >[!NOTE]
->SNAT port exhaustion on your NAT gateway resource is uncommon. If you see SNAT port exhaustion, your NAT gateway's idle timeout timer may be holding on to SNAT ports too long or your may need to scale with additional public IPs. To troubleshoot these kinds of issues, refer to the [NAT gateway connectivity troubleshooting guide](/azure/virtual-network/nat-gateway/troubleshoot-nat-connectivity#snat-exhaustion-due-to-nat-gateway-configuration). 
+>SNAT port exhaustion on your NAT gateway resource is uncommon. If you see SNAT port exhaustion, your NAT gateway's idle timeout timer may be holding on to SNAT ports too long or your may need to scale with additional public IPs. To troubleshoot these kinds of issues, refer to the [NAT gateway connectivity troubleshooting guide](./troubleshoot-nat-connectivity.md#snat-exhaustion-due-to-nat-gateway-configuration). 
 
 ## Network Insights
 
@@ -296,4 +296,4 @@ For more information on what each metric is showing you and how to analyze these
 * Learn about [Virtual Network NAT](nat-overview.md)
 * Learn about [NAT gateway resource](nat-gateway-resource.md)
 * Learn about [Azure Monitor](../../azure-monitor/overview.md)
-* Learn about [troubleshooting NAT gateway resources](troubleshoot-nat.md).
+* Learn about [troubleshooting NAT gateway resources](troubleshoot-nat.md).

articles/virtual-network/nat-gateway/quickstart-create-nat-gateway-portal.md

@@ -23,7 +23,7 @@ This quickstart shows you how to use the Azure Virtual Network NAT service. You'
 
 Before you deploy the NAT gateway resource and the other resources, a resource group is required to contain the resources deployed. In the following steps, you'll create a resource group, NAT gateway resource, and a public IP address. You can use one or more public IP address resources, public IP prefixes, or both. 
 
-For information about public IP prefixes and a NAT gateway, see [Manage NAT gateway](/azure/virtual-network/nat-gateway/manage-nat-gateway?tabs=manage-nat-portal#add-or-remove-a-public-ip-prefix).
+For information about public IP prefixes and a NAT gateway, see [Manage NAT gateway](./manage-nat-gateway.md?tabs=manage-nat-portal#add-or-remove-a-public-ip-prefix).
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -44,7 +44,7 @@ For information about public IP prefixes and a NAT gateway, see [Manage NAT gate
     | Availability Zone | Select **No Zone**. |
     | Idle timeout (minutes) | Enter **10**. |
 
-    For information about availability zones and NAT gateway, see [NAT gateway and availability zones](/azure/virtual-network/nat-gateway/nat-availability-zones).
+    For information about availability zones and NAT gateway, see [NAT gateway and availability zones](./nat-availability-zones.md).
 
 5. Select the **Outbound IP** tab, or select the **Next: Outbound IP** button at the bottom of the page.
 
@@ -205,4 +205,4 @@ the virtual network, virtual machine, and NAT gateway with the following steps:
 
 For more information on Azure Virtual Network NAT, see:
 > [!div class="nextstepaction"]
-> [Virtual Network NAT overview](nat-overview.md)
+> [Virtual Network NAT overview](nat-overview.md)

includes/active-directory-develop-quickstart-register-app.md

@@ -22,16 +22,16 @@ Get started with the Microsoft identity platform by registering an application i
 The Microsoft identity platform performs identity and access management (IAM) only for registered applications. Whether it's a client application like a web or mobile app, or it's a web API that backs a client app, registering it establishes a trust relationship between your application and the identity provider, the Microsoft identity platform.
 
 > [!TIP]
-> To register an application for Azure AD B2C, follow the steps in [Tutorial: Register a web application in Azure AD B2C](/azure/active-directory-b2c/tutorial-register-applications).
+> To register an application for Azure AD B2C, follow the steps in [Tutorial: Register a web application in Azure AD B2C](../articles/active-directory-b2c/tutorial-register-applications.md).
 
 ## Prerequisites
 
 - An Azure account that has an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - The Azure account must have permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:
-  - [Application administrator](/azure/active-directory/roles/permissions-reference#application-administrator)
-  - [Application developer](/azure/active-directory/roles/permissions-reference#application-developer)
-  - [Cloud application administrator](/azure/active-directory/roles/permissions-reference#cloud-application-administrator)
-- Completion of the [Set up a tenant](/azure/active-directory/develop/quickstart-create-new-tenant) quickstart.
+  - [Application administrator](../articles/active-directory/roles/permissions-reference.md#application-administrator)
+  - [Application developer](../articles/active-directory/roles/permissions-reference.md#application-developer)
+  - [Cloud application administrator](../articles/active-directory/roles/permissions-reference.md#cloud-application-administrator)
+- Completion of the [Set up a tenant](../articles/active-directory/develop/quickstart-create-new-tenant.md) quickstart.
 
 ## Register an application
 
@@ -101,19 +101,19 @@ To configure application settings based on the platform or device you're targeti
 
 ### Redirect URI restrictions
 
-There are some restrictions on the format of the redirect URIs you add to an app registration. For details about these restrictions, see [Redirect URI (reply URL) restrictions and limitations](/azure/active-directory/develop/reply-url).
+There are some restrictions on the format of the redirect URIs you add to an app registration. For details about these restrictions, see [Redirect URI (reply URL) restrictions and limitations](../articles/active-directory/develop/reply-url.md).
 
 ## Add credentials
 
-Credentials are used by [confidential client applications](/azure/active-directory/develop/msal-client-applications) that access a web API. Examples of confidential clients are web apps, other web APIs, or service-type and daemon-type applications. Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime.
+Credentials are used by [confidential client applications](../articles/active-directory/develop/msal-client-applications.md) that access a web API. Examples of confidential clients are web apps, other web APIs, or service-type and daemon-type applications. Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime.
 
 You can add both certificates and client secrets (a string) as credentials to your confidential client app registration.
 
 :::image type="content" source="../articles/active-directory/develop/media/quickstart-register-app/portal-05-app-reg-04-credentials.png" alt-text="Screenshot of the Azure portal, showing the Certificates and secrets pane in an app registration.":::
 
 ### Add a certificate
 
-Sometimes called a _public key_, a certificate is the recommended credential type because they're considered more secure than client secrets. For more information about using a certificate as an authentication method in your application, see [Microsoft identity platform application authentication certificate credentials](/azure/active-directory/develop/active-directory-certificate-credentials).
+Sometimes called a _public key_, a certificate is the recommended credential type because they're considered more secure than client secrets. For more information about using a certificate as an authentication method in your application, see [Microsoft identity platform application authentication certificate credentials](../articles/active-directory/develop/active-directory-certificate-credentials.md).
 
 1. In the Azure portal, in **App registrations**, select your application.
 1. Select **Certificates & secrets** > **Certificates** > **Upload certificate**.
@@ -135,12 +135,12 @@ Client secrets are considered less secure than certificate credentials. Applicat
 1. Select **Add**.
 1. _Record the secret's value_ for use in your client application code. This secret value is _never displayed again_ after you leave this page.
 
-For application security recommendations, see [Microsoft identity platform best practices and recommendations](/azure/active-directory/develop/identity-platform-integration-checklist#security).
+For application security recommendations, see [Microsoft identity platform best practices and recommendations](../articles/active-directory/develop/identity-platform-integration-checklist.md#security).
 
 
 ### Add a federated credential
 
-Federated identity credentials are a type of credential that allows workloads, such as GitHub Actions, workloads running on Kubernetes, or workloads running in compute platforms outside of Azure access Azure AD protected resources without needing to manage secrets using [workload identity federation](/azure/active-directory/develop/workload-identity-federation).
+Federated identity credentials are a type of credential that allows workloads, such as GitHub Actions, workloads running on Kubernetes, or workloads running in compute platforms outside of Azure access Azure AD protected resources without needing to manage secrets using [workload identity federation](../articles/active-directory/develop/workload-identity-federation.md).
 
 To add a federated credential, follow these steps:
 
@@ -149,9 +149,9 @@ To add a federated credential, follow these steps:
 1. In the **Federated credential scenario** drop-down box, select one of the supported scenarios, and follow the corresponding guidance to complete the configuration.
 
     - **Customer managed keys** for encrypt data in your tenant using Azure Key Vault in another tenant.
-    - **GitHub actions deploying Azure resources** to [configure a GitHub workflow](/azure/active-directory/develop/workload-identity-federation-create-trust#github-actions) to get tokens for your application and deploy assets to Azure.
-    - **Kubernetes accessing Azure resources** to configure a [Kubernetes service account](/azure/active-directory/develop/workload-identity-federation-create-trust#kubernetes) to get tokens for your application and access Azure resources.
-    - **Other issuer** to configure an identity managed by an external [OpenID Connect provider](/azure/active-directory/develop/workload-identity-federation-create-trust#other-identity-providers) to get tokens for your application and access Azure resources.
+    - **GitHub actions deploying Azure resources** to [configure a GitHub workflow](../articles/active-directory/develop/workload-identity-federation-create-trust.md#github-actions) to get tokens for your application and deploy assets to Azure.
+    - **Kubernetes accessing Azure resources** to configure a [Kubernetes service account](../articles/active-directory/develop/workload-identity-federation-create-trust.md#kubernetes) to get tokens for your application and access Azure resources.
+    - **Other issuer** to configure an identity managed by an external [OpenID Connect provider](../articles/active-directory/develop/workload-identity-federation-create-trust.md#other-identity-providers) to get tokens for your application and access Azure resources.
 
 
-For more information, how to get an access token with a federated credential, check out the [Microsoft identity platform and the OAuth 2.0 client credentials flow](/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#third-case-access-token-request-with-a-federated-credential) article.
+For more information, how to get an access token with a federated credential, check out the [Microsoft identity platform and the OAuth 2.0 client credentials flow](../articles/active-directory/develop/v2-oauth2-client-creds-grant-flow.md#third-case-access-token-request-with-a-federated-credential) article.

includes/active-directory-policy-deploy-template.md

@@ -7,5 +7,4 @@ ms.author: joflore
 ---
 ## Template deployment
 
-Organizations can choose to deploy this policy using the steps outlined below or using the [Conditional Access templates (Preview)](/azure/active-directory/conditional-access/concept-conditional-access-policy-common#conditional-access-templates-preview). 
-
+Organizations can choose to deploy this policy using the steps outlined below or using the [Conditional Access templates (Preview)](../articles/active-directory/conditional-access/concept-conditional-access-policy-common.md#conditional-access-templates-preview).

includes/active-directory-policy-exclude-user.md

@@ -10,6 +10,6 @@ ms.author: joflore
 Conditional Access policies are powerful tools, we recommend excluding the following accounts from your policy:
 
 - **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant to take steps to recover access.
-   - More information can be found in the article, [Manage emergency access accounts in Azure AD](/azure/active-directory/roles/security-emergency-access).
+   - More information can be found in the article, [Manage emergency access accounts in Azure AD](../articles/active-directory/roles/security-emergency-access.md).
 - **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that aren't tied to any particular user. They're normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Service accounts like these should be excluded since MFA can't be completed programmatically. Calls made by service principals aren't blocked by Conditional Access.
-   - If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](/azure/active-directory/managed-identities-azure-resources/overview). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
+   - If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../articles/active-directory/managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.

includes/dms-ads-sqlmi-prereq.md

@@ -55,6 +55,6 @@ ms.date: 09/30/2022
 
 - If you use a self-hosted integration runtime, make sure that the computer on which the runtime is installed can connect to the source SQL Server instance and the network file share where backup files are located.
 
-- Enable outbound port 445 to allow access to the network file share. For more information, see [recommendations for using a self-hosted integration runtime](/azure/dms/migration-using-azure-data-studio.md#recommendations-for-using-a-self-hosted-integration-runtime-for-database-migrations).
+- Enable outbound port 445 to allow access to the network file share. For more information, see [recommendations for using a self-hosted integration runtime](../articles/dms/migration-using-azure-data-studio.md#recommendations-for-using-a-self-hosted-integration-runtime-for-database-migrations).
 
-- If you're using Database Migration Service for the first time, make sure that the Microsoft.DataMigration resource provider is registered in your subscription. You can complete the steps to [register the resource provider](/azure/dms/quickstart-create-data-migration-service-portal.md#register-the-resource-provider).
+- If you're using Database Migration Service for the first time, make sure that the Microsoft.DataMigration resource provider is registered in your subscription. You can complete the steps to [register the resource provider](../articles/dms/quickstart-create-data-migration-service-portal.md#register-the-resource-provider).

includes/dms-ads-sqlvm-prereq.md

@@ -57,6 +57,6 @@ ms.date: 09/30/2022
 
 - If you use a self-hosted integration runtime, make sure that the computer on which the runtime is installed can connect to the source SQL Server instance and the network file share where backup files are located.
 
-- Enable outbound port 445 to allow access to the network file share. For more information, see [recommendations for using a self-hosted integration runtime](/azure/dms/migration-using-azure-data-studio.md#recommendations-for-using-a-self-hosted-integration-runtime-for-database-migrations).
+- Enable outbound port 445 to allow access to the network file share. For more information, see [recommendations for using a self-hosted integration runtime](../articles/dms/migration-using-azure-data-studio.md#recommendations-for-using-a-self-hosted-integration-runtime-for-database-migrations).
 
-- If you're using Azure Database Migration Service for the first time, make sure that the Microsoft.DataMigration [resource provider is registered in your subscription](/azure/dms/quickstart-create-data-migration-service-portal.md#register-the-resource-provider).
+- If you're using Azure Database Migration Service for the first time, make sure that the Microsoft.DataMigration [resource provider is registered in your subscription](../articles/dms/quickstart-create-data-migration-service-portal.md#register-the-resource-provider).