Merge branch 'main' into alexbuckgit/docutune-autopr-20230815-060645-9343817-ignore-build

Author: alexbuckgit

articles/active-directory/architecture/resilience-in-hybrid.md

@@ -24,15 +24,15 @@ Hybrid authentication allows users to access cloud-based resources with their id
 
 Microsoft offers three mechanisms for hybrid authentication. The options are listed in order of resilience. We recommend that you implement password hash synchronization, if possible.
 
-* [Password hash synchronization](../hybrid/whatis-phs.md) (PHS) uses Azure AD Connect to sync the identity and a hash-of-the-hash of the password to Azure AD. It enables users to sign in to cloud-based resources with their password mastered on premises. PHS has on premises dependencies only for synchronization, not for authentication.
-* [Pass-through Authentication](../hybrid/how-to-connect-pta.md) (PTA) redirects users to Azure AD for sign-in. Then, the username and password are validated against Active Directory on premises through an agent that is deployed in the corporate network. PTA has an on premises footprint of its Azure AD PTA agents that reside on servers on premises.
-* [Federation](../hybrid/whatis-fed.md) customers deploy a federation service such as Active Directory Federation Services (ADFS). Then Azure AD validates the SAML assertion produced by the federation service. Federation has the highest dependency on on-premises infrastructure and, therefore, more failure points. 
+* [Password hash synchronization](../hybrid/connect/whatis-phs.md) (PHS) uses Azure AD Connect to sync the identity and a hash-of-the-hash of the password to Azure AD. It enables users to sign in to cloud-based resources with their password mastered on premises. PHS has on premises dependencies only for synchronization, not for authentication.
+* [Pass-through Authentication](../hybrid/connect/how-to-connect-pta.md) (PTA) redirects users to Azure AD for sign-in. Then, the username and password are validated against Active Directory on premises through an agent that is deployed in the corporate network. PTA has an on premises footprint of its Azure AD PTA agents that reside on servers on premises.
+* [Federation](../hybrid/connect/whatis-fed.md) customers deploy a federation service such as Active Directory Federation Services (ADFS). Then Azure AD validates the SAML assertion produced by the federation service. Federation has the highest dependency on on-premises infrastructure and, therefore, more failure points. 
 
-You may be using one or more of these methods in your organization. For more information, see [Choose the right authentication method for your Azure AD hybrid identity solution](../hybrid/choose-ad-authn.md). This article contains a decision tree that can help you decide on your methodology.
+You may be using one or more of these methods in your organization. For more information, see [Choose the right authentication method for your Azure AD hybrid identity solution](../hybrid/connect/choose-ad-authn.md). This article contains a decision tree that can help you decide on your methodology.
 
 ## Password hash synchronization
 
-The simplest and most resilient hybrid authentication option for Azure AD is [Password Hash Synchronization](../hybrid/whatis-phs.md). It doesn't have any on premises identity infrastructure dependency when processing authentication requests. After identities with password hashes are synchronized to Azure AD, users can authenticate to cloud resources with no dependency on the on premises identity components. 
+The simplest and most resilient hybrid authentication option for Azure AD is [Password Hash Synchronization](../hybrid/connect/whatis-phs.md). It doesn't have any on premises identity infrastructure dependency when processing authentication requests. After identities with password hashes are synchronized to Azure AD, users can authenticate to cloud resources with no dependency on the on premises identity components. 
 
 ![Architecture diagram of PHS](./media/resilience-in-hybrid/admin-resilience-password-hash-sync.png)
 
@@ -42,8 +42,8 @@ If you choose this authentication option, you won't experience disruption when o
 
 To implement PHS, see the following resources:
 
-* [Implement password hash synchronization with Azure AD Connect](../hybrid/how-to-connect-password-hash-synchronization.md)
-* [Enable password hash synchronization](../hybrid/how-to-connect-password-hash-synchronization.md)
+* [Implement password hash synchronization with Azure AD Connect](../hybrid/connect/how-to-connect-password-hash-synchronization.md)
+* [Enable password hash synchronization](../hybrid/connect/how-to-connect-password-hash-synchronization.md)
 
 If your requirements are such that you can't use PHS, use Pass-through Authentication.
 
@@ -57,11 +57,11 @@ Pass-through Authentication has a dependency on authentication agents that resid
 
 To implement Pass-through Authentication, see the following resources.
 
-* [How Pass-through Authentication works](../hybrid/how-to-connect-pta-how-it-works.md)
-* [Pass-through Authentication security deep dive](../hybrid/how-to-connect-pta-security-deep-dive.md)
-* [Install Azure AD Pass-through Authentication](../hybrid/how-to-connect-pta-quick-start.md)
+* [How Pass-through Authentication works](../hybrid/connect/how-to-connect-pta-how-it-works.md)
+* [Pass-through Authentication security deep dive](../hybrid/connect/how-to-connect-pta-security-deep-dive.md)
+* [Install Azure AD Pass-through Authentication](../hybrid/connect/how-to-connect-pta-quick-start.md)
 
-* If you're using PTA, define a [highly available topology](../hybrid/how-to-connect-pta-quick-start.md).
+* If you're using PTA, define a [highly available topology](../hybrid/connect/how-to-connect-pta-quick-start.md).
 
  ## Federation
 
@@ -78,12 +78,12 @@ The following diagram shows a topology of an enterprise AD FS deployment that in
 
 If you're implementing a federated authentication strategy or want to make it more resilient, see the following resources.
 
-* [What is federated authentication](../hybrid/whatis-fed.md)
-* [How federation works](../hybrid/how-to-connect-fed-whatis.md)
-* [Azure AD federation compatibility list](../hybrid/how-to-connect-fed-compatibility.md)
+* [What is federated authentication](../hybrid/connect/whatis-fed.md)
+* [How federation works](../hybrid/connect/how-to-connect-fed-whatis.md)
+* [Azure AD federation compatibility list](../hybrid/connect/how-to-connect-fed-compatibility.md)
 * Follow the [AD FS capacity planning documentation](/windows-server/identity/ad-fs/design/planning-for-ad-fs-server-capacity)
 * [Deploying AD FS in Azure IaaS](/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs)
-* [Enable PHS](../hybrid/tutorial-phs-backup.md) along with your federation
+* [Enable PHS](../hybrid/connect/tutorial-phs-backup.md) along with your federation
 
 ## Next steps
 
@@ -93,7 +93,7 @@ If you're implementing a federated authentication strategy or want to make it mo
 * [Build resilience with device states](resilience-with-device-states.md)
 * [Build resilience by using Continuous Access Evaluation (CAE)](resilience-with-continuous-access-evaluation.md)
 * [Build resilience in external user authentication](resilience-b2b-authentication.md)
-* [Build resilience in application access with Application Proxy](resilience-on-premises-access.md)
+* [Build resilience in application access with Application Proxy](./resilience-on-premises-access.md)
 
 ### Resilience resources for developers
 

articles/active-directory/architecture/resilience-with-monitoring-alerting.md

@@ -47,10 +47,10 @@ For example, track the following metrics, since a sudden drop in either will lea
 
    - **Previous period**: Create temporal charts to show changes in the Total requests and Success rate (%) over some previous period for reference purposes, for example, last week.
 
-- **Alerting**: Using log analytics define [alerts](../../azure-monitor/alerts/alerts-log.md) that get triggered when there are sudden changes in the key indicators. These changes may negatively impact the SLOs. Alerts use various forms of notification methods including email, SMS, and webhooks. Start by defining a criterion that acts as a threshold against which alert will be triggered. For example:
+- **Alerting**: Using log analytics define [alerts](../../azure-monitor/alerts/alerts-create-new-alert-rule.md) that get triggered when there are sudden changes in the key indicators. These changes may negatively impact the SLOs. Alerts use various forms of notification methods including email, SMS, and webhooks. Start by defining a criterion that acts as a threshold against which alert will be triggered. For example:
   - Alert against abrupt drop in Total requests: Trigger an alert when number of total requests drop abruptly. For example, when there's a 25% drop in the total number of requests compared to previous period, raise an alert.  
   - Alert against significant drop in Success rate (%): Trigger an alert when success rate of the selected policy significantly drops.
-  - Upon receiving an alert, troubleshoot the issue using [Log Analytics](../reports-monitoring/howto-install-use-log-analytics-views.md), [Application Insights](../../active-directory-b2c/troubleshoot-with-application-insights.md), and [VS Code extension](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c) for Azure AD B2C. After you resolve the issue and deploy an updated application or policy, it continues to monitor the key indicators until they return back to normal range.
+  - Upon receiving an alert, troubleshoot the issue using [Log Analytics](../../azure-monitor/visualize/workbooks-view-designer-conversion-overview.md), [Application Insights](../../active-directory-b2c/troubleshoot-with-application-insights.md), and [VS Code extension](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c) for Azure AD B2C. After you resolve the issue and deploy an updated application or policy, it continues to monitor the key indicators until they return back to normal range.
 
 - **Service alerts**: Use the [Azure AD B2C service level alerts](../../service-health/service-health-overview.md) to get notified of service issues, planned maintenance, health advisory, and security advisory.
 

articles/active-directory/architecture/road-to-the-cloud-establish.md

@@ -19,9 +19,9 @@ Before you migrate identity and access management (IAM) from Active Directory to
 
 If you're using Microsoft Office 365, Exchange Online, or Teams, then you're already using Azure AD. Your next step is to establish more Azure AD capabilities:
 
-* Establish hybrid identity synchronization between Active Directory and Azure AD by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md) or [Azure AD Connect cloud sync](../cloud-sync/what-is-cloud-sync.md).
+* Establish hybrid identity synchronization between Active Directory and Azure AD by using [Azure AD Connect](../hybrid/connect/whatis-azure-ad-connect.md) or [Azure AD Connect cloud sync](../hybrid/cloud-sync/what-is-cloud-sync.md).
 
-* [Select authentication methods](../hybrid/choose-ad-authn.md). We strongly recommend password hash synchronization.
+* [Select authentication methods](../hybrid/connect/choose-ad-authn.md). We strongly recommend password hash synchronization.
 
 * Secure your hybrid identity infrastructure by following [Five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md).
 

articles/active-directory/architecture/road-to-the-cloud-implement.md

@@ -32,19 +32,19 @@ You can enrich user attributes in Azure AD to make more user attributes availabl
 
 These two links provide guidance on making schema changes:
 
-* [Understand the Azure AD schema and custom expressions](../cloud-sync/concept-attributes.md)
+* [Understand the Azure AD schema and custom expressions](../hybrid/cloud-sync/concept-attributes.md)
 
-* [Attributes synchronized by Azure AD Connect](../hybrid/reference-connect-sync-attributes-synchronized.md)
+* [Attributes synchronized by Azure AD Connect](../hybrid/connect/reference-connect-sync-attributes-synchronized.md)
 
 These links provide more information on this topic but aren't specific to changing the schema:
 
-* [Use Azure AD schema extension attributes in claims - Microsoft identity platform](../develop/active-directory-schema-extensions.md)
+* [Use Azure AD schema extension attributes in claims - Microsoft identity platform](../develop/schema-extensions.md)
 
 * [What are custom security attributes in Azure AD (preview)?](../fundamentals/custom-security-attributes-overview.md)
 
 * [Customize Azure Active Directory attribute mappings in application provisioning](../app-provisioning/customize-application-attributes.md)
 
-* [Provide optional claims to Azure AD apps - Microsoft identity platform](../develop/active-directory-optional-claims.md)
+* [Provide optional claims to Azure AD apps - Microsoft identity platform](../develop/optional-claims.md)
 
 These links provide more information about groups:
 

articles/active-directory/architecture/road-to-the-cloud-migrate.md

@@ -128,7 +128,7 @@ This project has two primary initiatives:
 
 For more information, see:
 
-* [Deploy Azure AD-joined VMs in Azure Virtual Desktop](../../virtual-desktop/deploy-azure-ad-joined-vm.md)
+* [Deploy Azure AD-joined VMs in Azure Virtual Desktop](../../virtual-desktop/azure-ad-joined-session-hosts.md)
 
 * [Windows 365 planning guide](/windows-365/enterprise/planning-guide)
 
@@ -186,11 +186,11 @@ When you plan your migration to Azure AD, consider migrating the apps that use m
 
 After you move SaaS applications that were federated to Azure AD, there are a few steps to decommission the on-premises federation system:
 
-* [Move application authentication to Azure Active Directory](../manage-apps/migrate-adfs-apps-to-azure.md)
+* [Move application authentication to Azure Active Directory](../manage-apps/migrate-adfs-apps-stages.md)
 
 * [Migrate from Azure AD Multi-Factor Authentication Server to Azure AD Multi-Factor Authentication](../authentication/how-to-migrate-mfa-server-to-azure-mfa.md)
 
-* [Migrate from federation to cloud authentication](../hybrid/migrate-from-federation-to-cloud-authentication.md)
+* [Migrate from federation to cloud authentication](../hybrid/connect/migrate-from-federation-to-cloud-authentication.md)
 
 * [Move remote access to internal applications](#move-remote-access-to-internal-applications), if you're using Azure AD Application Proxy
 

articles/active-directory/architecture/road-to-the-cloud-posture.md

@@ -160,7 +160,7 @@ As organizations start a migration of IAM to Azure AD, they must determine the p
 
 :::image type="content" source="media/road-to-cloud-posture/road-to-the-cloud-migration.png" alt-text="Chart that shows three major milestones in migrating from Active Directory to Azure AD: establish Azure AD capabilities, implement a cloud-first approach, and move workloads to the cloud." border="false":::
 
-* **Establish an Azure AD footprint**: Initialize your new Azure AD tenant to support the vision for your end-state deployment. Adopt a [Zero Trust](https://www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/) approach and a security model that [helps protect your tenant from on-premises compromise](../fundamentals/protect-m365-from-on-premises-attacks.md) early in your journey.
+* **Establish an Azure AD footprint**: Initialize your new Azure AD tenant to support the vision for your end-state deployment. Adopt a [Zero Trust](https://www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/) approach and a security model that [helps protect your tenant from on-premises compromise](./protect-m365-from-on-premises-attacks.md) early in your journey.
 
 * **Implement a cloud-first approach**: Establish a policy that all new devices, apps, and services should be cloud-first. New applications and services that use legacy protocols (for example, NTLM, Kerberos, or LDAP) should be by exception only.