Build link fixes

MicrosoftGuyJFlo · MicrosoftGuyJFlo · commit 630598c21b3c · 2020-02-11T18:24:49.000-08:00
diff --git a/articles/active-directory/conditional-access/app-based-conditional-access.md b/articles/active-directory/conditional-access/app-based-conditional-access.md
@@ -35,15 +35,15 @@ In the Conditional Access terminology, these client apps are known as **approved
 
 ![Conditional Access](./media/app-based-conditional-access/05.png)
 
-For a list of approved client apps, see [approved client app requirement](technical-reference.md#approved-client-app-requirement).
+For a list of approved client apps, see [approved client app requirement](concept-conditional-access-grant.md).
 
 You can combine app-based Conditional Access policies with other policies such as [device-based Conditional Access policies](require-managed-devices.md) to provide flexibility in how to protect data for both personal and corporate devices.
 
 ## Before you begin
 
 This topic assumes that you are familiar with:
 
-- The [approved client app requirement](technical-reference.md#approved-client-app-requirement) technical reference.
+- The [approved client app requirement](concept-conditional-access-grant.md).
 - The basic concepts of [Conditional Access in Azure Active Directory](overview.md).
 - How to [configure a Conditional Access policy](app-based-mfa.md).
 - The [migration of Conditional Access policies](best-practices.md#policy-migration).
diff --git a/articles/active-directory/conditional-access/app-protection-based-conditional-access.md b/articles/active-directory/conditional-access/app-protection-based-conditional-access.md
@@ -35,7 +35,7 @@ In the Conditional Access terminology, these client apps are known to be policy
 
 ![Conditional Access](./media/app-protection-based-conditional-access/05.png)
 
-For a list of policy-protected client apps, see [App protection policy requirement](technical-reference.md#approved-client-app-requirement).
+For a list of policy-protected client apps, see [App protection policy requirement](concept-conditional-access-grant.md).
 
 You can combine app-protection-based Conditional Access policies with other policies, such as [device-based Conditional Access policies](require-managed-devices.md). This way, you can provide flexibility in how to protect data for both personal and corporate devices.
 
@@ -54,8 +54,8 @@ Similar to compliance that's reported by Intune for iOS and Android for a manage
 
 This article assumes that you're familiar with:
 
-- The [app protection policy requirement](technical-reference.md#app-protection-policy-requirement) technical reference.
-- The [approved client app requirement](technical-reference.md#approved-client-app-requirement) technical reference.
+- The [app protection policy requirement](concept-conditional-access-grant.md).
+- The [approved client app requirement](concept-conditional-access-grant.md).
 - The basic concepts of [Conditional Access in Azure Active Directory](overview.md).
 - How to [configure a Conditional Access policy](app-based-mfa.md).
 
diff --git a/articles/active-directory/conditional-access/app-sign-in-risk.md b/articles/active-directory/conditional-access/app-sign-in-risk.md
@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 ---
 # Quickstart: Block access when a session risk is detected with Azure Active Directory Conditional Access  
 
-To keep your environment protected, you might want to block suspicious users from sign-in. [Azure Active Directory (Azure AD) Identity Protection](../active-directory-identityprotection.md) analyzes each sign-in and calculates the likelihood that a sign-in attempt was not performed by the legitimate owner of a user account. The likelihood (low, medium, high) is indicated in form of a calculated value called [sign-in risk levels](conditions.md#sign-in-risk). By setting the sign-in risk condition, you can configure a Conditional Access policy to respond to specific sign-in risk levels.
+To keep your environment protected, you might want to block suspicious users from sign-in. [Azure Active Directory (Azure AD) Identity Protection](../active-directory-identityprotection.md) analyzes each sign-in and calculates the likelihood that a sign-in attempt was not performed by the legitimate owner of a user account. The likelihood (low, medium, high) is indicated in form of a calculated value called [sign-in risk levels](concept-conditional-access-conditions.md#sign-in-risk). By setting the sign-in risk condition, you can configure a Conditional Access policy to respond to specific sign-in risk levels.
 
 This quickstart shows how to configure a [Conditional Access policy](../active-directory-conditional-access-azure-portal.md) that blocks a sign-in when a configured sign-in risk level has been detected.
 
diff --git a/articles/active-directory/conditional-access/concept-conditional-access-grant.md b/articles/active-directory/conditional-access/concept-conditional-access-grant.md
@@ -94,7 +94,7 @@ This setting applies to the following client apps:
 
 - The approved client apps support the Intune mobile application management feature.
 - The **Require approved client app** requirement:
-   - Only supports the iOS and Android for [device platform condition](#device-platform-condition).
+   - Only supports the iOS and Android for device platform condition.
 - Conditional Access cannot consider Microsoft Edge in InPrivate mode an approved client app.
 
 ### Require app protection policy
@@ -114,7 +114,7 @@ This setting applies to the following client apps:
 
 - Apps for app protection policy support the Intune mobile application management feature with policy protection.
 - The **Require app protection policy** requirements:
-    - Only supports the iOS and Android for [device platform condition](#device-platform-condition).
+    - Only supports the iOS and Android for device platform condition.
 
 ## Next steps
 
diff --git a/articles/active-directory/conditional-access/controls.md b/articles/active-directory/conditional-access/controls.md
@@ -83,18 +83,18 @@ For more information, see [set up Azure Active Directory device-based Conditiona
 Because your employees use mobile devices for both personal and work tasks, you might want to have the ability to protect company data accessed using devices even in the case where they are not managed by you.
 You can use [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy) to help protect your company’s data independent of any mobile-device management (MDM) solution.
 
-With approved client apps, you can require a client app that attempts to access your cloud apps to support [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy). For example, you can restrict access to Exchange Online to the Outlook app. A Conditional Access policy that requires approved client apps is  also known as [app-based Conditional Access policy](app-based-conditional-access.md). For a list of supported approved client apps, see [approved client app requirement](technical-reference.md#approved-client-app-requirement).
+With approved client apps, you can require a client app that attempts to access your cloud apps to support [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy). For example, you can restrict access to Exchange Online to the Outlook app. A Conditional Access policy that requires approved client apps is  also known as [app-based Conditional Access policy](app-based-conditional-access.md). For a list of supported approved client apps, see [approved client app requirement](concept-conditional-access-grant.md#require-approved-client-app).
 
 ### App protection policy (preview)
 
 Because your employees use mobile devices for both personal and work tasks, you might want to have the ability to protect company data accessed using devices even in the case where they are not managed by you.
 You can use [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy) to help protect your company’s data independent of any mobile-device management (MDM) solution.
 
-With app protection policy, you can limit access to client applications that have reported to Azure AD has having received [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy). For example, you can restrict access to Exchange Online to the Outlook app that has an Intune app protection policy. A Conditional Access policy that requires app protection policy is also known as [app protection-based Conditional Access policy](app-protection-based-conditional-access.md). 
+With app protection policy, you can limit access to client applications that have reported to Azure AD has having received [Intune app protection policies](https://docs.microsoft.com/intune/app-protection-policy). For example, you can restrict access to Exchange Online to the Outlook app that has an Intune app protection policy. A Conditional Access policy that requires app protection policy is also known as [app protection-based Conditional Access policy](concept-conditional-access-session.md#application-enforced-restrictions). 
 
 Your device must be registered to Azure AD before an application can be marked as policy protected.
 
-For a list of supported policy protected client apps, see [app protection policy requirement](technical-reference.md#app-protection-policy-requirement).
+For a list of supported policy protected client apps, see [app protection policy requirement](concept-conditional-access-session.md#application-enforced-restrictions).
 
 ### Terms of use
 
diff --git a/articles/active-directory/conditional-access/faqs.md b/articles/active-directory/conditional-access/faqs.md
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 ## Which applications work with Conditional Access policies?
 
-For information about applications that work with Conditional Access policies, see [Applications and browsers that use Conditional Access rules in Azure Active Directory](technical-reference.md).
+For information about applications that work with Conditional Access policies, see [Applications and browsers that use Conditional Access rules in Azure Active Directory](concept-conditional-access-cloud-apps.md).
 
 ## Are Conditional Access policies enforced for B2B collaboration and guest users?
 
diff --git a/articles/active-directory/conditional-access/index.yml b/articles/active-directory/conditional-access/index.yml
@@ -30,7 +30,7 @@ landingContent:
       - linkListType: concept
         links:
           - text: What are conditions?
-            url: conditions.md
+            url: concept-conditional-access-conditions.md
           - text: How can I define locations?
             url: location-condition.md
           - text: What are controls?
diff --git a/articles/active-directory/conditional-access/plan-conditional-access.md b/articles/active-directory/conditional-access/plan-conditional-access.md
@@ -50,7 +50,7 @@ Use the following example template to create Conditional Access policies for you
 |An access attempt is made:<br>- To a cloud app*<br>- By users and groups*<br>Using:<br>- Condition 1 (for example, outside Corp network)<br>- Condition 2 (for example, device platforms)|Grant access with (AND):<br>- Requirement 1 (for example, MFA)<br>- Requirement 2 (for example, Device compliance)|
 |An access attempt is made:<br>- To a cloud app*<br>- By users and groups*<br>Using:<br>- Condition 1 (for example, outside Corp network)<br>- Condition 2 (for example, device platforms)|Grant access with (OR):<br>- Requirement 1 (for example, MFA)<br>- Requirement 2 (for example, Device compliance)|
 
-At a minimum, **when this happens** defines the principal (**who**) that attempts to access a cloud app (**what**). If necessary, you can also include **how** an access attempt is performed. In Conditional Access, the elements that define the who, what, and how are known as conditions. For more information, see [What are conditions in Azure Active Directory Conditional Access?](conditions.md) 
+At a minimum, **when this happens** defines the principal (**who**) that attempts to access a cloud app (**what**). If necessary, you can also include **how** an access attempt is performed. In Conditional Access, the elements that define the who, what, and how are known as conditions. For more information, see [What are conditions in Azure Active Directory Conditional Access?](concept-conditional-access-conditions.md) 
 
 With **then do this**, you define the response of your policy to an access condition. In your response, you either block or grant access with additional requirements, for example, multi-factor authentication (MFA). For a complete overview, see [What are access controls in Azure Active Directory Conditional Access?](controls.md)  
 
@@ -113,7 +113,7 @@ Common use cases to require MFA are access:
 
 With Conditional Access policies, you can implement automated responses to sign-ins from potentially compromised identities. The probability that an account has been compromised is expressed in form of risk levels. There are two risk levels calculated by identity protection: sign-in risk and user risk. To implement a response to a sign-in risk, you have two options:
 
-- [The sign-in risk condition](conditions.md#sign-in-risk) in Conditional Access policy
+- [The sign-in risk condition](concept-conditional-access-conditions.md#sign-in-risk) in Conditional Access policy
 - [The sign-in risk policy](../identity-protection/howto-sign-in-risk-policy.md) in identity protection 
 
 Addressing the sign-in risk as condition is the preferred method because it gives you more customization options.
diff --git a/articles/active-directory/conditional-access/policy-migration.md b/articles/active-directory/conditional-access/policy-migration.md
@@ -87,7 +87,7 @@ If you have a new policy that has **Exchange Active Sync** as client apps condit
 
 ![Conditional Access conditions](./media/policy-migration/16.png)
  
-[App-based](technical-reference.md#approved-client-app-requirement) classic policies for Office 365 Exchange Online that include **Exchange Active Sync** as client apps condition allow **supported** and **unsupported** [device platforms](technical-reference.md#device-platform-condition). While you can't configure individual device platforms in a related new policy, you can limit the support to [supported device platforms](technical-reference.md#device-platform-condition) only. 
+App-based classic policies for Office 365 Exchange Online that include **Exchange Active Sync** as client apps condition allow **supported** and **unsupported** device platforms. While you can't configure individual device platforms in a related new policy, you can limit the support to [supported device platforms](concept-conditional-access-conditions.md#device-platforms) only. 
 
 ![Conditional Access select Exchange ActiveSync](./media/policy-migration/65.png)
 
@@ -107,9 +107,9 @@ In this case, you can consolidate your classic policies into one new policy that
 
 ### Device platforms
 
-Classic policies with [app-based controls](technical-reference.md#approved-client-app-requirement) are pre-configured with iOS and Android as the [device platform condition](technical-reference.md#device-platform-condition). 
+Classic policies with app-based controls are pre-configured with iOS and Android as the device platform condition. 
 
-In a new policy, you need to select the [device platforms](technical-reference.md#device-platform-condition) you want to support individually.
+In a new policy, you need to select the [device platforms](concept-conditional-access-conditions.md#device-platforms) you want to support individually.
 
 ![Conditional Access device platforms selection](./media/policy-migration/41.png)
 
diff --git a/articles/active-directory/conditional-access/what-if-tool.md b/articles/active-directory/conditional-access/what-if-tool.md
@@ -70,19 +70,19 @@ The IP address is a single IPv4 address to mimic the [location condition](locati
 
 ### Device platforms
 
-This setting mimics the [device platforms condition](conditions.md#device-platforms) and represents the equivalent of **All platforms (including unsupported)**. 
+This setting mimics the [device platforms condition](concept-conditional-access-conditions.md#device-platforms) and represents the equivalent of **All platforms (including unsupported)**. 
 
 ### Client apps
 
-This setting mimics the [client apps condition](conditions.md#client-apps).
+This setting mimics the [client apps condition](concept-conditional-access-conditions.md#client-apps-preview).
 By default, this setting causes an evaluation of all policies having **Browser** or **Mobile apps and desktop clients** either individually or both selected. It also detects policies that enforce **Exchange ActiveSync (EAS)**. You can narrow this setting down by selecting:
 
 - **Browser** to evaluate all policies having at least **Browser** selected. 
 - **Mobile apps and desktop clients** to evaluate all policies having at least **Mobile apps and desktop clients** selected. 
 
 ### Sign-in risk
 
-This setting mimics the [sign-in risk condition](conditions.md#sign-in-risk).   
+This setting mimics the [sign-in risk condition](concept-conditional-access-conditions.md#sign-in-risk).   
 
 ## Evaluation 
 
diff --git a/articles/active-directory/develop/msal-net-migration-ios-broker.md b/articles/active-directory/develop/msal-net-migration-ios-broker.md
@@ -34,7 +34,7 @@ Brokers are applications provided by Microsoft on Android and iOS. (See the [Mic
 They enable:
 
 - Single sign-on.
-- Device identification, which is required by some [Conditional Access policies](../conditional-access/overview.md). For more information, see [Device management](../conditional-access/conditions.md#device-platforms).
+- Device identification, which is required by some [Conditional Access policies](../conditional-access/overview.md). For more information, see [Device management](../conditional-access/concept-conditional-access-conditions.md#device-platforms).
 - Application identification verification, which is also required in some enterprise scenarios. For more information, see [Intune mobile application management (MAM)](https://docs.microsoft.com/intune/mam-faq).
 
 ## Migrate from ADAL to MSAL
diff --git a/articles/active-directory/devices/faq.md b/articles/active-directory/devices/faq.md
@@ -314,7 +314,7 @@ Enable the following registry to block your users from adding additional work ac
 
 **Remarks:**
 
-- The users included in your Conditional Access policy need a [supported version of Office for macOS](../conditional-access/technical-reference.md#client-apps-condition) to access resources. 
+- The users included in your Conditional Access policy need a [supported version of Office for macOS](../conditional-access/concept-conditional-access-conditions.md) to access resources. 
 - During the first access try, your users are prompted to enroll the device by using the company portal.
 
 ---
diff --git a/articles/active-directory/governance/entitlement-management-external-users.md b/articles/active-directory/governance/entitlement-management-external-users.md
@@ -90,7 +90,7 @@ To ensure people outside of your organization can request access packages and ge
 
 ### Review your Conditional Access policies
 
-- Make sure to exclude guests from any Conditional Access policies that new guest users will not be able to meet as this will block them from being able to sign in to your directory. For example, guests likely don't have a registered device, aren't in a known location, and don't want to re-register for multi-factor authentication (MFA), so adding these requirements in a Conditional Access policy will block guests from using entitlement management. For more information, see [What are conditions in Azure Active Directory Conditional Access?](../conditional-access/conditions.md).
+- Make sure to exclude guests from any Conditional Access policies that new guest users will not be able to meet as this will block them from being able to sign in to your directory. For example, guests likely don't have a registered device, aren't in a known location, and don't want to re-register for multi-factor authentication (MFA), so adding these requirements in a Conditional Access policy will block guests from using entitlement management. For more information, see [What are conditions in Azure Active Directory Conditional Access?](../conditional-access/concept-conditional-access-conditions.md).
 
     ![Azure AD Conditional Access policy exclude settings](./media/entitlement-management-external-users/conditional-access-exclude.png)
 
diff --git a/articles/active-directory/hybrid/how-to-connect-pta-security-deep-dive.md b/articles/active-directory/hybrid/how-to-connect-pta-security-deep-dive.md
@@ -40,7 +40,7 @@ These are the key security aspects of this feature:
   - For the complete list of the network requirements, see [Azure Active Directory Pass-through Authentication: Quick start](how-to-connect-pta-quick-start.md#step-1-check-the-prerequisites).
 - Passwords that users provide during sign-in are encrypted in the cloud before the on-premises Authentication Agents accept them for validation against Active Directory.
 - The HTTPS channel between Azure AD and the on-premises Authentication Agent is secured by using mutual authentication.
-- Protects your user accounts by working seamlessly with [Azure AD Conditional Access policies](../active-directory-conditional-access-azure-portal.md), including Multi-Factor Authentication (MFA), [blocking legacy authentication](../conditional-access/conditions.md) and by [filtering out brute force password attacks](../authentication/howto-password-smart-lockout.md).
+- Protects your user accounts by working seamlessly with [Azure AD Conditional Access policies](../active-directory-conditional-access-azure-portal.md), including Multi-Factor Authentication (MFA), [blocking legacy authentication](../conditional-access/concept-conditional-access-conditions.md) and by [filtering out brute force password attacks](../authentication/howto-password-smart-lockout.md).
 
 ## Components involved
 
diff --git a/articles/active-directory/hybrid/how-to-connect-pta.md b/articles/active-directory/hybrid/how-to-connect-pta.md
diff --git a/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md b/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md
diff --git a/articles/active-directory/user-help/user-help-device-remediation.md b/articles/active-directory/user-help/user-help-device-remediation.md
diff --git a/articles/security/fundamentals/choose-ad-authn.md b/articles/security/fundamentals/choose-ad-authn.md
diff --git a/articles/security/fundamentals/steps-secure-identity.md b/articles/security/fundamentals/steps-secure-identity.md
