Merge pull request #218453 from cmcclister/cm-linkfix-20221115-0

LinkFix: azure-docs-pr (2022-11) - 0

Author: v-dirichards

articles/active-directory-b2c/index.yml

@@ -244,7 +244,7 @@ conceptualContent:
             url: azure-sentinel.md
             itemType: how-to-guide             
           - text: Regulations
-            url: https://docs.microsoft.com/azure/compliance/
+            url: ../compliance/index.yml
             itemType: concept 
           #- text: 'Manage user access: Minors and parental consent'
            #  url: manage-user-access.md
@@ -364,4 +364,4 @@ tools:
   - title: MSAL React
     url: https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
     imageSrc: ../active-directory/develop/media/hub/react.svg
-## BAND 4 - TOOLS END #######################################################################################################################################
+## BAND 4 - TOOLS END #######################################################################################################################################

articles/active-directory/authentication/overview-authentication.md

@@ -99,7 +99,7 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | ESTSAUTHPERSISTENT | Common | Contains user's session information to facilitate SSO. Persistent. |
 | ESTSAUTHLIGHT | Common  | Contains Session GUID Information. Lite session state cookie used exclusively by client-side JavaScript in order to facilitate OIDC sign-out. Security feature. |
 | SignInStateCookie | Common | Contains list of services accessed to facilitate sign-out. No user information. Security feature. |
-| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). |
+| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). |
 | buid | Common | Tracks browser related information. Used for service telemetry and protection mechanisms. |
 | fpc | Common | Tracks browser related information. Used for tracking requests and throttling. |
 | esctx | Common | Session context cookie information. For CSRF protection. Binds a request to a specific browser instance so the request can't be replayed outside the browser. No user information. |
@@ -116,15 +116,15 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | wlidperf | Common | Client-side cookie (set by JavaScript) that tracks local time for performance purposes. |
 | x-ms-gateway-slice | Common | Azure AD Gateway cookie used for tracking and load balance purposes. |
 | stsservicecookie | Common | Azure AD Gateway cookie also used for tracking purposes. |
-| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](/azure/active-directory/devices/concept-primary-refresh-token) is in use. |
+| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](../devices/concept-primary-refresh-token.md) is in use. |
 | estsStateTransient | Specific | Applicable to new session information model only. Transient. | 
 | estsStatePersistent | Specific | Same as estsStateTransient, but persistent. |
 | ESTSNCLOGIN | Specific | National Cloud Login related Cookie. | 
 | UsGovTraffic | Specific | US Gov Cloud Traffic Cookie. | 
 | ESTSWCTXFLOWTOKEN | Specific | Saves flowToken information when redirecting to ADFS. |
-| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Native flows. | 
-| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Web flows. | 
-| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults) is in use. | 
+| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Native flows. | 
+| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Web flows. | 
+| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md) is in use. | 
 | threxp | Specific | Used for throttling control. | 
 | rrc | Specific | Cookie used to identify a recent B2B invitation redemption. | 
 | debug | Specific | Cookie used to track if user's browser session is enabled for DebugMode. |
@@ -147,4 +147,4 @@ To learn more about multi-factor authentication concepts, see [How Azure AD Mult
 [tutorial-sspr]: tutorial-enable-sspr.md
 [tutorial-azure-mfa]: tutorial-enable-azure-mfa.md
 [concept-sspr]: concept-sspr-howitworks.md
-[concept-mfa]: concept-mfa-howitworks.md
+[concept-mfa]: concept-mfa-howitworks.md

articles/active-directory/develop/troubleshoot-publisher-verification.md

@@ -247,11 +247,11 @@ The error message displayed will be: "Due to a configuration change made by your
 
 When a request to add a verified publisher is made, many signals are used to make a security risk assessment. If the user risk state is determined to be ‘AtRisk’, an error, “You're unable to add a verified publisher to this application. Contact your administrator for assistance” will be returned. Please investigate the user risk and take the appropriate steps to remediate the risk (guidance below): 
 
-> [Investigate risk](/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-users)
+> [Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md#risky-users)
 
-> [Remediate risk/unblock users](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock)
+> [Remediate risk/unblock users](../identity-protection/howto-identity-protection-remediate-unblock.md)
 
-> [Self-remediation guidance](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock)
+> [Self-remediation guidance](../identity-protection/howto-identity-protection-remediate-unblock.md)
 
 > Self-serve password reset (SSPR): If the organization allows SSPR, use aka.ms/sspr to reset the password for remediation. Please choose a strong password; Choosing a weak password may not reset the risk state.  
 
@@ -275,4 +275,4 @@ If you've reviewed all of the previous information and are still receiving an er
 - TenantId where app is registered
 - MPN ID
 - REST request being made 
-- Error code and message being returned
+- Error code and message being returned

articles/active-directory/develop/v2-protocols-oidc.md

@@ -71,7 +71,7 @@ The value of `{tenant}` varies based on the application's sign-in audience as sh
 | `8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com` | Only users from a specific Azure AD tenant (directory members with a work or school account or directory guests with a personal Microsoft account) can sign in to the application. <br/><br/>The value can be the domain name of the Azure AD tenant or the tenant ID in GUID format. You can also use the consumer tenant GUID, `9188040d-6c67-4c5b-b112-36a304b66dad`, in place of `consumers`.  |
 
 > [!TIP]
-> Note that when using the `common` or `consumers` authority for personal Microsoft accounts, the consuming resource application must be configured to support such type of accounts in accordance with [signInAudience](/azure/active-directory/develop/supported-accounts-validation).
+> Note that when using the `common` or `consumers` authority for personal Microsoft accounts, the consuming resource application must be configured to support such type of accounts in accordance with [signInAudience](./supported-accounts-validation.md).
 
 You can also find your app's OpenID configuration document URI in its app registration in the Azure portal.
 
@@ -347,4 +347,4 @@ When you redirect the user to the `end_session_endpoint`, the Microsoft identity
 
 * Review the [UserInfo endpoint documentation](userinfo.md).
 * [Populate claim values in a token](active-directory-claims-mapping.md) with data from on-premises systems. 
-* [Include your own claims in tokens](active-directory-optional-claims.md).  
+* [Include your own claims in tokens](active-directory-optional-claims.md).

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

@@ -274,14 +274,14 @@ az identity federated-credential delete --name $ficId --identity-name $uaId --re
 ::: zone pivot="identity-wif-mi-methods-powershell"
 ## Prerequisites
 
-- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](/azure/active-directory/managed-identities-azure-resources/overview). Be sure to review the [difference between a system-assigned and user-assigned managed identity](/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types).
+- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](/azure/role-based-access-control/built-in-roles#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
 - To run the example scripts, you have two options:
   - Use [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open by using the **Try It** button in the upper-right corner of code blocks.
   - Run scripts locally with Azure PowerShell, as described in the next section.
-- [Create a user-assigned manged identity](/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-powershell#list-user-assigned-managed-identities-2) 
+- [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-powershell#list-user-assigned-managed-identities-2) 
 - Find the object ID of the user-assigned managed identity, which you need in the following steps.
 
 ### Configure Azure PowerShell locally

articles/active-directory/develop/workload-identity-federation.md

@@ -43,7 +43,7 @@ The following scenarios are supported for accessing Azure AD protected resources
 
 Create a trust relationship between the external IdP and an app registration or user-assigned managed identity in Azure AD. The federated identity credential is used to indicate which token from the external IdP should be trusted by your application or managed identity. You configure a federated identity either:
 
-- On an Azure AD [App registration](/azure/active-directory/develop/quickstart-register-app) in the Azure portal or through Microsoft Graph. This configuration allows you to get an access token for your application without needing to manage secrets outside Azure. For more information, learn how to [configure an app to trust an external identity provider](workload-identity-federation-create-trust.md).
+- On an Azure AD [App registration](./quickstart-register-app.md) in the Azure portal or through Microsoft Graph. This configuration allows you to get an access token for your application without needing to manage secrets outside Azure. For more information, learn how to [configure an app to trust an external identity provider](workload-identity-federation-create-trust.md).
 - On a user-assigned managed identity through the Azure portal, Azure CLI, Azure PowerShell, Azure SDK, and Azure Resource Manager (ARM) templates. The external workload uses the access token to access Azure AD protected resources without needing to manage secrets (in supported scenarios). The [steps for configuring the trust relationship](workload-identity-federation-create-trust-user-assigned-managed-identity.md) will differ, depending on the scenario and external IdP. 
 
 The workflow for exchanging an external token for an access token is the same, however, for all scenarios. The following diagram shows the general workflow of a workload exchanging an external token for an access token and then accessing Azure AD protected resources.
@@ -65,4 +65,4 @@ Learn more about how workload identity federation works:
 - How to create, delete, get, or update [federated identity credentials](workload-identity-federation-create-trust.md) on an app registration.
 - How to create, delete, get, or update [federated identity credentials](workload-identity-federation-create-trust-user-assigned-managed-identity.md) on a user-assigned managed identity.
 - Read the [GitHub Actions documentation](https://docs.github.com/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure) to learn more about configuring your GitHub Actions workflow to get an access token from Microsoft identity provider and access Azure resources.
-- For information about the required format of JWTs created by external identity providers, read about the [assertion format](active-directory-certificate-credentials.md#assertion-format).
+- For information about the required format of JWTs created by external identity providers, read about the [assertion format](active-directory-certificate-credentials.md#assertion-format).

articles/active-directory/enterprise-users/clean-up-stale-guest-accounts.md

@@ -18,23 +18,23 @@ ms.collection: M365-identity-device-management
 
 As users collaborate with external partners, it’s possible that many guest accounts get created in Azure Active Directory (Azure AD) tenants over time. When collaboration ends and the users no longer access your tenant, the guest accounts may become stale. Admins can use Access Reviews to automatically review inactive guest users and block them from signing in, and later, delete them from the directory.
 
-Learn more about [how to manage inactive user accounts in Azure AD](/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts).
+Learn more about [how to manage inactive user accounts in Azure AD](../reports-monitoring/howto-manage-inactive-user-accounts.md).
 
 There are a few recommended patterns that are effective at cleaning up stale guest accounts:
 
 1. Create a multi-stage review whereby guests self-attest whether they still need access. A second-stage reviewer assesses results and makes a final decision. Guests with denied access are disabled and later deleted.
 
-2. Create a review to remove inactive external guests. Admins define inactive as period of days. They disable and later delete guests that don’t sign in to the tenant within that time frame. By default, this doesn't affect recently created users. [Learn more about how to identify inactive accounts](/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts#how-to-detect-inactive-user-accounts).
+2. Create a review to remove inactive external guests. Admins define inactive as period of days. They disable and later delete guests that don’t sign in to the tenant within that time frame. By default, this doesn't affect recently created users. [Learn more about how to identify inactive accounts](../reports-monitoring/howto-manage-inactive-user-accounts.md#how-to-detect-inactive-user-accounts).
 
 Use the following instructions to learn how to create Access Reviews that follow these patterns. Consider the configuration recommendations and then make the needed changes that suit your environment.
 
 ## Create a multi-stage review for guests to self-attest continued access
 
-1. Create a [dynamic group](/azure/active-directory/enterprise-users/groups-create-rule) for the guest users you want to review. For example,
+1. Create a [dynamic group](./groups-create-rule.md) for the guest users you want to review. For example,
 
    `(user.userType -eq "Guest") and (user.mail -contains "@contoso.com") and (user.accountEnabled -eq true)`
 
-2. To [create an Access Review](/azure/active-directory/governance/create-access-review)
+2. To [create an Access Review](../governance/create-access-review.md)
     for the dynamic group, navigate to **Azure Active Directory > Identity Governance > Access Reviews**.
 
 3. Select **New access review**.
@@ -98,11 +98,11 @@ Use the following instructions to learn how to create Access Reviews that follow
 
 ## Create a review to remove inactive external guests
 
-1. Create a [dynamic group](/azure/active-directory/enterprise-users/groups-create-rule) for the guest users you want to review. For example,
+1. Create a [dynamic group](./groups-create-rule.md) for the guest users you want to review. For example,
 
    `(user.userType -eq "Guest") and (user.mail -contains "@contoso.com") and (user.accountEnabled -eq true)`
 
-2. To [create an access review](/azure/active-directory/governance/create-access-review) for the dynamic group, navigate to **Azure Active Directory > Identity Governance > Access Reviews**.
+2. To [create an access review](../governance/create-access-review.md) for the dynamic group, navigate to **Azure Active Directory > Identity Governance > Access Reviews**.
 
 3. Select **New access review**.
 
@@ -163,4 +163,4 @@ Use the following instructions to learn how to create Access Reviews that follow
 Guest users who don't sign into the tenant for the number of days you
 configured are disabled for 30 days, then deleted. After deletion, you
 can restore guests for up to 30 days, after which a new invitation is
-needed.
+needed.

articles/active-directory/external-identities/what-is-b2b.md

@@ -43,7 +43,7 @@ B2B collaboration is enabled by default, but comprehensive admin settings let yo
 
 - Use [external collaboration settings](external-collaboration-settings-configure.md) to define who can invite external users, allow or block B2B specific domains, and set restrictions on guest user access to your directory.
 
-- Use [Microsoft cloud settings (preview)](cross-cloud-settings.md) to establish mutual B2B collaboration between the Microsoft Azure global cloud and [Microsoft Azure Government](/azure/azure-government) or [Microsoft Azure China 21Vianet](/azure/china).
+- Use [Microsoft cloud settings (preview)](cross-cloud-settings.md) to establish mutual B2B collaboration between the Microsoft Azure global cloud and [Microsoft Azure Government](../../azure-government/index.yml) or [Microsoft Azure China 21Vianet](/azure/china).
 
 ## Easily invite guest users from the Azure AD portal
 
@@ -109,4 +109,4 @@ You can [enable integration with SharePoint and OneDrive](/sharepoint/sharepoint
 
 - [External Identities pricing](external-identities-pricing.md)
 - [Add B2B collaboration guest users in the portal](add-users-administrator.md)
-- [Understand the invitation redemption process](redemption-experience.md)
+- [Understand the invitation redemption process](redemption-experience.md)