fix

TerryLanfear · TerryLanfear · commit 34fc0192e0d5 · 2023-01-28T14:51:52.000-08:00
diff --git a/articles/security/fundamentals/network-best-practices.md b/articles/security/fundamentals/network-best-practices.md
@@ -45,18 +45,18 @@ Best practices for logically segmenting subnets include:
 **Best practice**: Don't assign allow rules with broad ranges (for example, allow 0.0.0.0 through 255.255.255.255).  
 **Detail**: Ensure troubleshooting procedures discourage or ban setting up these types of rules. These allow rules lead to a false sense of security and are frequently found and exploited by red teams.
 
-**Best practice**: Segment the larger address space into subnets.   
+**Best practice**: Segment the larger address space into subnets.
 **Detail**: Use [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)-based subnetting principles to create your subnets.
 
 **Best practice**: Create network access controls between subnets. Routing between subnets happens automatically, and you don't need to manually configure routing tables. By default, there are no network access controls between the subnets that you create on an Azure virtual network.   
 **Detail**: Use a [network security group](../../virtual-network/manage-network-security-group.md) to protect against unsolicited traffic into Azure subnets. Network security groups are simple, stateful packet inspection devices that use the 5-tuple approach (source IP, source port, destination IP, destination port, and layer 4 protocol) to create allow/deny rules for network traffic. You allow or deny traffic to and from a single IP address, to and from multiple IP addresses, or to and from entire subnets.
 
 When you use network security groups for network access control between subnets, you can put resources that belong to the same security zone or role in their own subnets.
 
-**Best practice**: Avoid small virtual networks and subnets to ensure simplicity and flexibility.   
+**Best practice**: Avoid small virtual networks and subnets to ensure simplicity and flexibility.
 **Detail**: Most organizations add more resources than initially planned, and re-allocating addresses is labor intensive. Using small subnets adds limited security value, and mapping a network security group to each subnet adds overhead. Define subnets broadly to ensure that you have flexibility for growth.
 
-**Best practice**: Simplify network security group rule management by defining [Application Security Groups](../../automanage/virtual-network/application-security-groups.md).  
+**Best practice**: Simplify network security group rule management by defining [Application Security Groups](../../virtual-network/application-security-groups.md).  
 **Detail**: Define an Application Security Group for lists of IP addresses that you think might change in the future or be used across many network security groups. Be sure to name Application Security Groups clearly so others can understand their content and purpose.
 
 ## Adopt a Zero Trust approach
