fix broken links from OPS report

Author: craigcaseyMSFT

articles/active-directory/authentication/tutorial-enable-sspr.md

@@ -103,7 +103,7 @@ To keep users informed about account activity, you can configure e-mail notifica
 If users need additional help with the SSPR process, you can customize the link for "Contact your administrator". This link is used in the SSPR registration process and when a user unlocks their account or resets their password. To make sure your users get the support needed, it's highly recommended to provide a custom helpdesk email or URL.
 
 1. On the **Customization** page from the menu in the left-hand side, set *Customize helpdesk link* to **Yes**.
-1. In the **Custom helpdesk email or URL** field, provide an email address or web page URL where your users can get additional help from your organization, such as *https://support.contoso.com/*
+1. In the **Custom helpdesk email or URL** field, provide an email address or web page URL where your users can get additional help from your organization, such as *`https://support.contoso.com/`*
 1. To apply the custom link, select **Save**.
 
 ## Test self-service password reset

articles/active-directory/develop/tutorial-v2-aspnet-daemon-web-app.md

@@ -221,7 +221,7 @@ This project has web app and web API projects. To deploy them to Azure websites,
    1. Right-click the project in Solution Explorer, and then select **Publish**.
    1. Select **Import Profile** on the bottom bar, and import the publish profile that you downloaded earlier.
 1. Select **Configure**.
-1. On the **Connection** tab, update the destination URL so that it uses "https." For example, use [https://dotnet-web-daemon-v2-contoso.azurewebsites.net](https://dotnet-web-daemon-v2-contoso.azurewebsites.net). Select **Next**.
+1. On the **Connection** tab, update the destination URL so that it uses "https." For example, use `https://dotnet-web-daemon-v2-contoso.azurewebsites.net`. Select **Next**.
 1. On the **Settings** tab, make sure that **Enable Organizational Authentication** is cleared.
 1. Select **Save**. Select **Publish** on the main screen.
 

articles/active-directory/hybrid/how-to-connect-fed-o365-certs.md

@@ -115,7 +115,7 @@ https://(your_FS_name)/federationmetadata/2007-06/federationmetadata.xml
 
 where `(your_FS_name)` is replaced with the federation service host name your organization uses, such as fs.contoso.com.  If you are able to verify both of these settings successfully, you do not have to do anything else.  
 
-Example: https://fs.contoso.com/federationmetadata/2007-06/federationmetadata.xml
+Example: `https://fs.contoso.com/federationmetadata/2007-06/federationmetadata.xml`
 ## Renew the token signing certificate manually <a name="manualrenew"></a>
 You may choose to renew the token signing certificates manually. For example, the following scenarios might work better for manual renewal:
 

articles/active-directory/hybrid/how-to-connect-install-multiple-domains.md

@@ -134,7 +134,7 @@ And the IssuerUri on the new domain has been set to `https://bmfabrikam.com/adfs
 ## Support for subdomains
 When you add a subdomain, because of the way Azure AD handled domains, it will inherit the settings of the parent.  So, the IssuerUri, needs to match the parents.
 
-So lets say, for example, that I have bmcontoso.com and then add corp.bmcontoso.com.  The IssuerUri for a user from corp.bmcontoso.com will need to be **http://bmcontoso.com/adfs/services/trust.**  However the standard rule implemented above for Azure AD, will generate a token with an issuer as **http://corp.bmcontoso.com/adfs/services/trust.** which will not match the domain's required value and authentication will fail.
+So lets say, for example, that I have bmcontoso.com and then add corp.bmcontoso.com.  The IssuerUri for a user from corp.bmcontoso.com will need to be **`http://bmcontoso.com/adfs/services/trust`**.  However the standard rule implemented above for Azure AD, will generate a token with an issuer as **`http://corp.bmcontoso.com/adfs/services/trust`**. which will not match the domain's required value and authentication will fail.
 
 ### How To enable support for subdomains
 In order to work around this behavior, the AD FS relying party trust for Microsoft Online needs to be updated.  To do this, you must configure a custom claim rule so that it strips off any subdomains from the user’s UPN suffix when constructing the custom Issuer value.

articles/active-directory/manage-apps/migrate-adfs-apps-to-azure.md

@@ -194,7 +194,7 @@ The following table describes some of the most common mapping of settings betwee
 | Configuration setting| AD FS| How to configure in Azure AD| SAML Token |
 | - | - | - | - |
 | **App sign-on URL** <p>The URL for the user to sign-in to the app in a Service Provider (SP)-initiated SAML flow.| N/A| Open Basic SAML Configuration from SAML based sign-on| N/A |
-| **App reply URL** <p>The URL of the app from the identity provider's (IdP's) perspective. The IdP sends the user and token here after the user has signed in to the IdP.  ‎This is also known as **SAML assertion consumer endpoint**.| Select the **Endpoints** tab| Open Basic SAML Configuration from SAML based sign-on| Destination element in the SAML token. Example value: [https://contoso.my.salesforce.com](https://contoso.my.salesforce.com/) |
+| **App reply URL** <p>The URL of the app from the identity provider's (IdP's) perspective. The IdP sends the user and token here after the user has signed in to the IdP.  ‎This is also known as **SAML assertion consumer endpoint**.| Select the **Endpoints** tab| Open Basic SAML Configuration from SAML based sign-on| Destination element in the SAML token. Example value: `https://contoso.my.salesforce.com` |
 | **App sign-out URL** <p>This is the URL to which "sign-out cleanup" requests are sent when a user signs out from an app. The IdP sends the request to sign out the user from all other apps as well.| Select the **Endpoints** tab| Open Basic SAML Configuration from SAML based sign-on| N/A |
 | **App identifier** <p>This is the app identifier from the IdP's perspective. The sign-in URL value is often used for the identifier (but not always).  ‎Sometimes the app calls this the "entity ID."| Select the **Identifiers** tab|Open Basic SAML Configuration from SAML based sign-on| Maps to the **Audience** element in the SAML token. |
 | **App federation metadata** <p>This is the location of the app's federation metadata. The IdP uses it to automatically update specific configuration settings, such as endpoints or encryption certificates.| Select the **Monitoring** tab| N/A. Azure AD doesn't support consuming application federation metadata directly. You can manually import the federation metadata.| N/A |
@@ -231,11 +231,11 @@ SaaS apps need to know where to send authentication requests and how to validate
 
 | Configuration setting| AD FS| How to configure in Azure AD |
 | - | - | - |
-| **IdP Sign-on URL** <p>Sign-on URL of the IdP from the app's perspective (where the user is redirected for login).| The AD FS sign-on URL is the AD FS federation service name followed by "/adfs/ls/." <p>For example: [https://fs.contoso.com/adfs/ls/](https://fs.contoso.com/adfs/ls/)| Replace {tenant-id} with your tenant ID. <p> ‎For apps that use the SAML-P protocol: [https://login.microsoftonline.com/{tenant-id}/saml2](https://login.microsoftonline.com/{tenant-id}/saml2) <p>‎For apps that use the WS-Federation protocol: [https://login.microsoftonline.com/{tenant-id}/wsfed](https://login.microsoftonline.com/{tenant-id}/wsfed) |
-| **IdP sign-out URL**<p>Sign-out URL of the IdP from the app's perspective (where the user is redirected when they choose to sign out of the app).| The sign-out URL is either the same as the sign-on URL, or the same URL with "wa=wsignout1.0" appended. For example: [https://fs.contoso.com/adfs/ls/?wa=wsignout1.0](https://fs.contoso.com/adfs/ls/?wa=wsignout1.0)| Replace {tenant-id} with your tenant ID.<p>For apps that use the SAML-P protocol:<p>[https://login.microsoftonline.com/{tenant-id}/saml2](https://login.microsoftonline.com/{tenant-id}/saml2) <p> ‎For apps that use the WS-Federation protocol: [https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0](https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0) |
+| **IdP Sign-on URL** <p>Sign-on URL of the IdP from the app's perspective (where the user is redirected for login).| The AD FS sign-on URL is the AD FS federation service name followed by "/adfs/ls/." <p>For example: `https://fs.contoso.com/adfs/ls/`| Replace {tenant-id} with your tenant ID. <p> ‎For apps that use the SAML-P protocol: [https://login.microsoftonline.com/{tenant-id}/saml2](https://login.microsoftonline.com/{tenant-id}/saml2) <p>‎For apps that use the WS-Federation protocol: [https://login.microsoftonline.com/{tenant-id}/wsfed](https://login.microsoftonline.com/{tenant-id}/wsfed) |
+| **IdP sign-out URL**<p>Sign-out URL of the IdP from the app's perspective (where the user is redirected when they choose to sign out of the app).| The sign-out URL is either the same as the sign-on URL, or the same URL with "wa=wsignout1.0" appended. For example: `https://fs.contoso.com/adfs/ls/?wa=wsignout1.0`| Replace {tenant-id} with your tenant ID.<p>For apps that use the SAML-P protocol:<p>[https://login.microsoftonline.com/{tenant-id}/saml2](https://login.microsoftonline.com/{tenant-id}/saml2) <p> ‎For apps that use the WS-Federation protocol: [https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0](https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0) |
 | **Token signing certificate**<p>The IdP uses the private key of the certificate to sign issued tokens. It verifies that the token came from the same IdP that the app is configured to trust.| Find the AD FS token signing certificate in AD FS Management under **Certificates**.| Find it in the Azure portal in the application's **Single sign-on properties** under the header **SAML Signing Certificate**. There, you can download the certificate for upload to the app.  <p>‎If the application has more than one certificate, you can find all certificates in the federation metadata XML file. |
-| **Identifier/ "issuer"**<p>Identifier of the IdP from the app's perspective (sometimes called the "issuer ID").<p>‎In the SAML token, the value appears as the Issuer element.| The identifier for AD FS is usually the federation service identifier in AD FS Management under **Service > Edit Federation Service Properties**. For example: [http://fs.contoso.com/adfs/services/trust](http://fs.contoso.com/adfs/services/trust)| Replace {tenant-id} with your tenant ID.<p>https:\//sts.windows.net/{tenant-id}/ |
-| **IdP federation metadata**<p>Location of the IdP's publicly available federation metadata. (Some apps use federation metadata as an alternative to the administrator configuring URLs, identifier, and token signing certificate individually.)| Find the AD FS federation metadata URL in AD FS Management under **Service > Endpoints > Metadata > Type: Federation Metadata**. For example: [https://fs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml](https://fs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml)| The corresponding value for Azure AD follows the pattern [https://login.microsoftonline.com/{TenantDomainName}/FederationMetadata/2007-06/FederationMetadata.xml](https://login.microsoftonline.com/{TenantDomainName}/FederationMetadata/2007-06/FederationMetadata.xml). Replace {TenantDomainName} with your tenant's name in the format "contoso.onmicrosoft.com."   <p>For more information, see [Federation metadata](https://docs.microsoft.com/azure/active-directory/azuread-dev/azure-ad-federation-metadata). |
+| **Identifier/ "issuer"**<p>Identifier of the IdP from the app's perspective (sometimes called the "issuer ID").<p>‎In the SAML token, the value appears as the Issuer element.| The identifier for AD FS is usually the federation service identifier in AD FS Management under **Service > Edit Federation Service Properties**. For example: `http://fs.contoso.com/adfs/services/trust`| Replace {tenant-id} with your tenant ID.<p>https:\//sts.windows.net/{tenant-id}/ |
+| **IdP federation metadata**<p>Location of the IdP's publicly available federation metadata. (Some apps use federation metadata as an alternative to the administrator configuring URLs, identifier, and token signing certificate individually.)| Find the AD FS federation metadata URL in AD FS Management under **Service > Endpoints > Metadata > Type: Federation Metadata**. For example: `https://fs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml`| The corresponding value for Azure AD follows the pattern [https://login.microsoftonline.com/{TenantDomainName}/FederationMetadata/2007-06/FederationMetadata.xml](https://login.microsoftonline.com/{TenantDomainName}/FederationMetadata/2007-06/FederationMetadata.xml). Replace {TenantDomainName} with your tenant's name in the format "contoso.onmicrosoft.com."   <p>For more information, see [Federation metadata](https://docs.microsoft.com/azure/active-directory/azuread-dev/azure-ad-federation-metadata). |
 
 
 ## Represent AD FS security policies in Azure AD

articles/active-directory/saas-apps/esalesmanagerremix-tutorial.md

@@ -154,7 +154,7 @@ Enable Azure AD single sign-on in the Azure portal and configure single sign-on
 
 	b. In the **Collaboration item** section, in the drop-down list, select **email**.
 
-	c. In the **Collaboration item** box, paste the claim value that you copied earlier from the Azure portal (that is, **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress**).
+	c. In the **Collaboration item** box, paste the claim value that you copied earlier from the Azure portal (that is, **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`**).
 
 	d. In the **Issuer (entity ID)** box, paste the identifier value that you copied earlier from the **E Sales Manager Remix Domain and URLs** section of the Azure portal.
 

articles/active-directory/saas-apps/insideview-tutorial.md

@@ -139,13 +139,13 @@ To configure Azure AD single sign-on with InsideView, take these steps:
 
 	1. Open the Raw certificate that you downloaded from the Azure portal. Copy the contents of the certificate to the clipboard, and then paste the contents into the **STS Certificate** box.
 
-	1. In the **Crm User Id Mapping** box, enter **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress**.
+	1. In the **Crm User Id Mapping** box, enter **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`**.
 
-	1. In the **Crm Email Mapping** box, enter **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress**.
+	1. In the **Crm Email Mapping** box, enter **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`**.
 
-	1. In the **Crm First Name Mapping** box, enter **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname**.
+	1. In the **Crm First Name Mapping** box, enter **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`**.
 
-	1. In the **Crm lastName Mapping** box, enter **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname**.  
+	1. In the **Crm lastName Mapping** box, enter **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`**.  
 
 	1. Select **Save**.
 

articles/active-directory/saas-apps/intacct-tutorial.md

@@ -92,7 +92,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 	| ---------------| --------------- |
 	| Company Name | **Sage Intacct Company ID** |
 	| name | Value should be same as the Sage Intacct **User ID**, which you enter in the **Create Sage Intacct test user section**, which is explained later in the tutorial |
-	| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | Value should be same as the Sage Intacct **Federated SSO User ID**, which you enter in the **Create Sage Intacct test user section**, which is explained later in the tutorial |
+	| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier` | Value should be same as the Sage Intacct **Federated SSO User ID**, which you enter in the **Create Sage Intacct test user section**, which is explained later in the tutorial |
 
 	a. Click **Add new claim** to open the **Manage user claims** dialog.
 

articles/active-directory/saas-apps/samlssojira-tutorial.md

@@ -290,7 +290,7 @@ In this section, you test your Azure AD single sign-on configuration using the A
 
 When you click the SAML SSO for Jira by resolution GmbH tile in the Access Panel, you should be automatically signed in to the SAML SSO for Jira by resolution GmbH for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
 
-You can also test single sign-on, if you navigate to [https://\<server-base-url>/plugins/servlet/samlsso](https://\<server-base-url>/plugins/servlet/samlsso). Substitute **\<server-base-url>** with the base URL of your Jira instance.
+You can also test single sign-on, if you navigate to `https://<server-base-url>/plugins/servlet/samlsso`. Substitute **\<server-base-url>** with the base URL of your Jira instance.
 
 
 ## Enable single sign-on redirection for Jira
@@ -310,7 +310,7 @@ To activate SSO redirect, do the following in **your Jira instance**:
 
 1. Press the **Save Settings** button in the top right corner.
 
-After activating the option, you can still reach the username/password prompt if the **Enable nosso** option is ticked by navigating to [https://\<server-base-url>/login.jsp?nosso](https://\<server-base-url>/login.jsp?nosso). As always, substitute **\<server-base-url>** with your base URL.
+After activating the option, you can still reach the username/password prompt if the **Enable nosso** option is ticked by navigating to `https://\<server-base-url>/login.jsp?nosso`. As always, substitute **\<server-base-url>** with your base URL.
 
 
 ## Additional resources