Resolving build errors

Author: schaffererin

articles/aks/access-control-managed-aad.md

@@ -131,6 +131,10 @@ Error from server (Forbidden): nodes is forbidden: User "aaaa11111-11aa-aa11-a1a
 
 Make sure the admin of the security group has given your account an *Active* assignment.
 
+## Next steps
+
+* Use [kubelogin](https://github.com/Azure/kubelogin) to access features for Azure authentication that aren't available in kubectl.
+
 <!-- LINKS - External -->
 [aad-pricing]: https://azure.microsoft.com/pricing/details/active-directory/
 

articles/aks/azure-ad-integration-cli.md

@@ -13,7 +13,7 @@ ms.author: miwithro
 > [!WARNING]
 > **The feature described in this document, Azure AD Integration (legacy), will be deprecated on June 1st, 2023.
 >
-> AKS has a new improved [AKS-managed Azure AD][managed-aad] experience  that doesn't require you to manage server or client application. If you want to migrate follow the instructions [here][managed-aad-migrate].
+> AKS has a new improved [AKS-managed Azure AD][managed-aad] experience that doesn't require you to manage server or client applications. If you want to migrate follow the instructions [here][managed-aad-migrate].
 
 Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) for user authentication. In this configuration, you can log into an AKS cluster using an Azure AD authentication token. Cluster operators can also configure Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership.
 
@@ -283,4 +283,4 @@ For best practices on identity and resource control, see [Best practices for aut
 [operator-best-practices-identity]: operator-best-practices-identity.md
 [azure-ad-rbac]: azure-ad-rbac.md
 [managed-aad]: managed-aad.md
-[managed-aad-migrate]: managed-aad.md#upgrade-to-aks-managed-azure-ad-integration
+[managed-aad-migrate]: managed-aad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration

articles/aks/azure-ad-rbac.md

@@ -471,4 +471,4 @@ az ad group delete --group opssre
 [rbac-authorization]: concepts-identity.md#kubernetes-rbac
 [operator-best-practices-identity]: operator-best-practices-identity.md
 [terraform-on-azure]: /azure/developer/terraform/overview
-[enable-azure-ad-integration-existing-cluster]: managed-aad.md#enable-aks-managed-azure-ad-integration-on-your-existing-cluster
+[enable-azure-ad-integration-existing-cluster]: managed-aad.md#use-an-existing-cluster

articles/aks/kubernetes-portal.md

@@ -120,5 +120,5 @@ This article showed you how to access Kubernetes resources from the Azure portal
 [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
 [deployments]: concepts-clusters-workloads.md#deployments-and-yaml-manifests
 [aks-managed-aad]: managed-aad.md
-[cli-aad-upgrade]: managed-aad.md#upgrade-to-aks-managed-azure-ad-integration
+[cli-aad-upgrade]: managed-aad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration
 [enable-monitor]: ../azure-monitor/containers/container-insights-enable-existing-clusters.md

articles/aks/manage-local-accounts-managed-aad.md

@@ -108,7 +108,12 @@ When you deploy an AKS cluster, local accounts are enabled by default. Even when
     Merged "<cluster-name>-admin" as current context in C:\Users\<username>\.kube\config
     ```
 
+## Next steps
+
+* Learn about [Azure RBAC integration for Kubernetes Authorization][azure-rbac-integration].
+
 <!-- LINKS - Internal -->
 [az-aks-create]: /cli/azure/aks#az_aks_create
 [az-aks-update]: /cli/azure/aks#az_aks_update
 [az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
+[azure-rbac-integration]: manage-azure-rbac.md

articles/aks/managed-aad.md

@@ -149,17 +149,14 @@ If you're permanently blocked by not having access to a valid Azure AD group wit
 
 ## Next steps
 
-* Learn about [Azure RBAC integration for Kubernetes Authorization][azure-rbac-integration].
 * Learn about [Azure AD integration with Kubernetes RBAC][azure-ad-rbac].
-* Use [kubelogin](https://github.com/Azure/kubelogin) to access features for Azure authentication that aren't available in kubectl.
 * Learn more about [AKS and Kubernetes identity concepts][aks-concepts-identity].
 * Use [Azure Resource Manager (ARM) templates][aks-arm-template] to create AKS-managed Azure AD enabled clusters.
 
 <!-- LINKS - external -->
 [aks-arm-template]: /azure/templates/microsoft.containerservice/managedclusters
 
 <!-- LINKS - Internal -->
-[azure-rbac-integration]: manage-azure-rbac.md
 [aks-concepts-identity]: concepts-identity.md
 [azure-ad-rbac]: azure-ad-rbac.md
 [az-aks-create]: /cli/azure/aks#az_aks_create

articles/aks/managed-local-accounts-managed-aad.md

@@ -28,7 +28,7 @@ This article shows you how to enable secure access from your Azure services to y
 
 ## Trusted Access feature overview
 
-Trusted Access enables you to give explicit consent to your system-assigned MSI of allowed resources to access your AKS clusters using an Azure resource *RoleBinding*. Your Azure resources access AKS clusters through the AKS regional gateway via system-assigned managed identity authentication with the appropriate Kubernetes permissions via an Azure resource *Role*. The Trusted Access feature allows you to access AKS clusters with different configurations, including but not limited to [private clusters](private-clusters.md), [clusters with local accounts disabled](managed-aad.md#disable-local-accounts), [Azure AD clusters](azure-ad-integration-cli.md), and [authorized IP range clusters](api-server-authorized-ip-ranges.md).
+Trusted Access enables you to give explicit consent to your system-assigned MSI of allowed resources to access your AKS clusters using an Azure resource *RoleBinding*. Your Azure resources access AKS clusters through the AKS regional gateway via system-assigned managed identity authentication with the appropriate Kubernetes permissions via an Azure resource *Role*. The Trusted Access feature allows you to access AKS clusters with different configurations, including but not limited to [private clusters](private-clusters.md), [clusters with local accounts disabled](manage-local-accounts-managed-aad.md#disable-local-accounts), [Azure AD clusters](azure-ad-integration-cli.md), and [authorized IP range clusters](api-server-authorized-ip-ranges.md).
 
 ## Prerequisites
 

articles/aks/trusted-access-feature.md

@@ -41,7 +41,7 @@ In this article, you can learn:
 
 - [Using a service principal with AKS](../aks/kubernetes-service-principal.md) is **not supported** by Azure Machine Learning. The AKS cluster must use a **managed identity** instead. Both **system-assigned managed identity** and **user-assigned managed identity** are supported. For more information, see [Use a managed identity in Azure Kubernetes Service](../aks/use-managed-identity.md).
     -  When your AKS cluster used service principal is converted to use Managed Identity, before installing the extension, all node pools need to be deleted and recreated, rather than updated directly.
-- [Disabling local accounts](../aks/managed-aad.md#disable-local-accounts) for AKS is **not supported**  by Azure Machine Learning. When the AKS Cluster is deployed, local accounts are enabled by default.
+- [Disabling local accounts](../aks/manage-local-accounts-managed-aad.md#disable-local-accounts) for AKS is **not supported**  by Azure Machine Learning. When the AKS Cluster is deployed, local accounts are enabled by default.
 - If your AKS cluster has an [Authorized IP range enabled to access the API server](../aks/api-server-authorized-ip-ranges.md), enable the Azure Machine Learning control plane IP ranges for the AKS cluster. The Azure Machine Learning control plane is deployed across paired regions. Without access to the API server, the machine learning pods can't be deployed. Use the [IP ranges](https://www.microsoft.com/download/confirmation.aspx?id=56519) for both the [paired regions](../availability-zones/cross-region-replication-azure.md) when enabling the IP ranges in an AKS cluster.
 - Azure Machine Learning does not support attaching an AKS cluster cross subscription. If you have an AKS cluster in a different subscription, you must first [connect it to Azure-Arc](../azure-arc/kubernetes/quickstart-connect-cluster.md) and specify in the same subscription as your Azure Machine Learning workspace.
 - Azure Machine Learning does not guarantee support for all preview stage features in AKS. For example, [Azure AD pod identity](../aks/use-azure-ad-pod-identity.md) is not supported.