Resolving blocking issues

schaffererin · schaffererin · commit d520642f692d · 2023-04-21T16:10:58.000-07:00
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -327,11 +327,11 @@
                 - name: AKS-managed Azure AD
                   items: 
                     - name: Enable AKS-managed Azure AD integration
-                      href: managed-aad.md
+                      href: managed-azure-ad.md
                     - name: Manage local accounts
-                      href: manage-local-accounts-managed-aad.md
+                      href: manage-local-accounts-managed-azure-ad.md
                     - name: Cluster access control
-                      href: access-control-managed-aad.md
+                      href: access-control-managed-azure-ad.md
                 - name: Azure AD integration (legacy)
                   href: azure-ad-integration-cli.md
                 - name: Enable GMSA integration
diff --git a/articles/aks/access-control-managed-azure-ad.md b/articles/aks/access-control-managed-azure-ad.md
@@ -8,39 +8,39 @@ ms.custom: devx-track-azurecli
 
 # Cluster access control with AKS-managed Azure Active Directory integration
 
-When you integrate Azure AD with your AKS cluster, you can use [Conditional Access][aad-conditional-access] or Privileged Identity Management (PIM) for just-in-time requests to control access to your cluster. This articles shows you how to enable Conditional Access and PIM on your AKS clusters.
+When you integrate Azure AD with your AKS cluster, you can use [Conditional Access][aad-conditional-access] or Privileged Identity Management (PIM) for just-in-time requests to control access to your cluster. This article shows you how to enable Conditional Access and PIM on your AKS clusters.
 
 > [!NOTE]
 > Azure AD Conditional Access and Privileged Identity Management are Azure AD Premium capabilities requiring a Premium P2 SKU. For more on Azure AD SKUs, see the [pricing guide][aad-pricing].
 
 ## Before you begin
 
-* See [AKS-managed Azure Active Directory integration](./managed-aad.md) for an overview and setup instructions.
+* See [AKS-managed Azure Active Directory integration](./managed-azure-ad.md) for an overview and setup instructions.
 
 ## Use Conditional Access with Azure AD and AKS
 
 1. In the Azure portal, go to the **Azure Active Directory** page and select **Enterprise applications**.
 2. Select **Conditional Access** > **Policies** > **New policy**.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-new-policy.png" alt-text="Adding a Conditional Access policy":::
+    :::image type="content" source="./media/managed-aad/conditional-access-new-policy.png" alt-text="Screenshot of adding a Conditional Access policy." lightbox="./media/managed-aad/conditional-access-new-policy.png":::
 
 3. Enter a name for the policy, such as *aks-policy*.
 
 4. Under **Assignments**, select **Users and groups**. Choose the users and groups you want to apply the policy to. In this example, choose the same Azure AD group that has administrator access to your cluster.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-users-groups.png" alt-text="Selecting users or groups to apply the Conditional Access policy":::
+    :::image type="content" source="./media/managed-aad/conditional-access-users-groups.png" alt-text="Screenshot of selecting users or groups to apply the Conditional Access policy." lightbox=source="./media/managed-aad/conditional-access-users-groups.png":::
 
 5. Under **Cloud apps or actions** > **Include**, select **Select apps**. Search for **Azure Kubernetes Service** and select **Azure Kubernetes Service AAD Server**.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-apps.png" alt-text="Selecting Azure Kubernetes Service AD Server for applying the Conditional Access policy":::
+    :::image type="content" source="./media/managed-aad/conditional-access-apps.png" alt-text="Screenshot of selecting Azure Kubernetes Service AD Server for applying the Conditional Access policy." lightbox="./media/managed-aad/conditional-access-apps.png":::
 
 6. Under **Access controls** > **Grant**, select **Grant access**, **Require device to be marked as compliant**, and **Require all the selected controls**.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-grant-compliant.png" alt-text="Selecting to only allow compliant devices for the Conditional Access policy":::
+    :::image type="content" source="./media/managed-aad/conditional-access-grant-compliant.png" alt-text="Screenshot of selecting to only allow compliant devices for the Conditional Access policy." lightbox="./media/managed-aad/conditional-access-grant-compliant.png" :::
 
 7. Confirm your settings, set **Enable policy** to **On**, and then select **Create**.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-enable-policy.png" alt-text="Enabling the Conditional Access policy":::
+    :::image type="content" source="./media/managed-aad/conditional-access-enable-policy.png" alt-text="Screenshot of enabling the Conditional Access policy." lightbox="./media/managed-aad/conditional-access-enable-policy.png":::
 
 ### Verify your Conditional Access policy has been successfully listed
 
@@ -62,27 +62,27 @@ When you integrate Azure AD with your AKS cluster, you can use [Conditional Acce
 
 5. Under the **Conditional Access** column you should see a status of *Success*. Select the event and then select the **Conditional Access** tab. Your Conditional Access policy will be listed.
 
-    :::image type="content" source="./media/managed-aad/conditional-access-sign-in-activity.png" alt-text="Screenshot that shows failed sign-in entry due to Conditional Access policy.":::
+    :::image type="content" source="./media/managed-aad/conditional-access-sign-in-activity.png" alt-text="Screenshot that shows failed sign-in entry due to Conditional Access policy." lightbox="./media/managed-aad/conditional-access-sign-in-activity.png":::
 
 ## Configure just-in-time cluster access with Azure AD and AKS
 
 1. In the Azure portal, go to **Azure Active Directory** and select **Properties**.
 
 2. Note the value listed under **Tenant ID**. It will be referenced in a later step as `<tenant-id>`.
 
-    :::image type="content" source="./media/managed-aad/jit-get-tenant-id.png" alt-text="In a web browser, the Azure portal screen for Azure Active Directory is shown with the tenant's ID highlighted.":::
+    :::image type="content" source="./media/managed-aad/jit-get-tenant-id.png" alt-text="Screenshot of the Azure portal screen for Azure Active Directory with the tenant's ID highlighted." lightbox="./media/managed-aad/jit-get-tenant-id.png":::
 
 3. Select **Groups** > **New group**.
 
-    :::image type="content" source="./media/managed-aad/jit-create-new-group.png" alt-text="Shows the Azure portal Active Directory groups screen with the 'New Group' option highlighted.":::
+    :::image type="content" source="./media/managed-aad/jit-create-new-group.png" alt-text="Screenshot of the Azure portal Active Directory groups screen with the New Group option highlighted." lightbox="./media/managed-aad/jit-create-new-group.png":::
 
 4. Verify the group type **Security** is selected and specify a group name, such as *myJITGroup*. Under the option **Azure AD roles can be assigned to this group (Preview)**, select **Yes** and then select **Create**.
 
-    :::image type="content" source="./media/managed-aad/jit-new-group-created.png" alt-text="Shows the Azure portal's new group creation screen.":::
+    :::image type="content" source="./media/managed-aad/jit-new-group-created.png" alt-text="Screenshot of the new group creation screen in the Azure portal." lightbox="./media/managed-aad/jit-new-group-created.png":::
 
 5. On the **Groups** page, select the group you just created and note the Object ID. It will be referenced in a later step as `<object-id>`.
 
-    :::image type="content" source="./media/managed-aad/jit-get-object-id.png" alt-text="Shows the Azure portal screen for the just-created group, highlighting the Object Id":::
+    :::image type="content" source="./media/managed-aad/jit-get-object-id.png" alt-text="Screenshot of the Azure portal screen for the just-created group with the Object ID highlighted." lightbox="./media/managed-aad/jit-get-object-id.png":::
 
 6. Create the AKS cluster with AKS-managed Azure AD integration using the [`az aks create`][az-aks-create] command with the `--aad-admin-group-objects-ids` and `--aad-tenant-id parameters` and include the values noted in the steps earlier.
 
@@ -92,19 +92,19 @@ When you integrate Azure AD with your AKS cluster, you can use [Conditional Acce
 
 7. In the Azure portal, select **Activity** > **Privileged Access (Preview)** > **Enable Privileged Access**.
 
-    :::image type="content" source="./media/managed-aad/jit-enabling-priv-access.png" alt-text="The Azure portal's Privileged access (Preview) page is shown, with 'Enable privileged access' highlighted":::
+    :::image type="content" source="./media/managed-aad/jit-enabling-priv-access.png" alt-text="Screenshot of the Privileged access (Preview) page in the Azure portal with Enable privileged access highlighted." lightbox="./media/managed-aad/jit-enabling-priv-access.png":::
 
 8. To grant access, select **Add assignments**.
 
-    :::image type="content" source="./media/managed-aad/jit-add-active-assignment.png" alt-text="The Azure portal's Privileged access (Preview) screen after enabling is shown. The option to 'Add assignments' is highlighted.":::
+    :::image type="content" source="./media/managed-aad/jit-add-active-assignment.png" alt-text="Screenshot of the Privileged access (Preview) screen in the Azure portal after enabling. The option to Add assignments is highlighted." lightbox="./media/managed-aad/jit-add-active-assignment.png":::
 
-9.  From the **Select role** drop-down list, select the users and groups you want to grant cluster access. These assignments can be modified at any time by a group administrator. Then select **Next**.
+9. From the **Select role** drop-down list, select the users and groups you want to grant cluster access. These assignments can be modified at any time by a group administrator. Then select **Next**.
 
-    :::image type="content" source="./media/managed-aad/jit-adding-assignment.png" alt-text="The Azure portal's Add assignments Membership screen is shown, with a sample user selected to be added as a member. The option 'Next' is highlighted.":::
+    :::image type="content" source="./media/managed-aad/jit-adding-assignment.png" alt-text="Screenshot of the Add assignments Membership screen in the Azure portal with a sample user selected to be added as a member. The Next option is highlighted." lightbox="./media/managed-aad/jit-adding-assignment.png":::
 
 10. Under **Assignment type**, select **Active** and then specify the desired duration. Provide a justification and then select **Assign**.
 
-    :::image type="content" source="./media/managed-aad/jit-set-active-assignment-details.png" alt-text="The Azure portal's Add assignments Setting screen is shown. An assignment type of 'Active' is selected and a sample justification has been given. The option 'Assign' is highlighted.":::
+    :::image type="content" source="./media/managed-aad/jit-set-active-assignment-details.png" alt-text="Screenshot of the Add assignments Setting screen in the Azure portal. An assignment type of Active is selected and a sample justification has been given. The Assign option is highlighted." lightbox="./media/managed-aad/jit-set-active-assignment-details.png":::
 
 For more information about assignment types, see [Assign eligibility for a privileged access group (preview) in Privileged Identity Management][aad-assignments].
 
diff --git a/articles/aks/azure-ad-integration-cli.md b/articles/aks/azure-ad-integration-cli.md
@@ -282,5 +282,5 @@ For best practices on identity and resource control, see [Best practices for aut
 [rbac-authorization]: concepts-identity.md#kubernetes-rbac
 [operator-best-practices-identity]: operator-best-practices-identity.md
 [azure-ad-rbac]: azure-ad-rbac.md
-[managed-aad]: managed-aad.md
-[managed-aad-migrate]: managed-aad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration
+[managed-aad]: managed-azure-ad.md
+[managed-aad-migrate]: managed-azure-ad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration
diff --git a/articles/aks/azure-ad-rbac.md b/articles/aks/azure-ad-rbac.md
@@ -461,7 +461,7 @@ az ad group delete --group opssre
 <!-- LINKS - internal -->
 [az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
 [install-azure-cli]: /cli/azure/install-azure-cli
-[azure-ad-aks-cli]: managed-aad.md
+[azure-ad-aks-cli]: managed-azure-ad.md
 [az-aks-show]: /cli/azure/aks#az_aks_show
 [az-ad-group-create]: /cli/azure/ad/group#az_ad_group_create
 [az-role-assignment-create]: /cli/azure/role/assignment#az_role_assignment_create
@@ -471,4 +471,4 @@ az ad group delete --group opssre
 [rbac-authorization]: concepts-identity.md#kubernetes-rbac
 [operator-best-practices-identity]: operator-best-practices-identity.md
 [terraform-on-azure]: /azure/developer/terraform/overview
-[enable-azure-ad-integration-existing-cluster]: managed-aad.md#use-an-existing-cluster
+[enable-azure-ad-integration-existing-cluster]: managed-azure-ad.md#use-an-existing-cluster
diff --git a/articles/aks/kubernetes-portal.md b/articles/aks/kubernetes-portal.md
@@ -119,6 +119,6 @@ This article showed you how to access Kubernetes resources from the Azure portal
 [concepts-identity]: concepts-identity.md
 [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
 [deployments]: concepts-clusters-workloads.md#deployments-and-yaml-manifests
-[aks-managed-aad]: managed-aad.md
-[cli-aad-upgrade]: managed-aad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration
+[aks-managed-aad]: managed-azure-ad.md
+[cli-aad-upgrade]: managed-azure-ad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration
 [enable-monitor]: ../azure-monitor/containers/container-insights-enable-existing-clusters.md
diff --git a/articles/aks/manage-local-accounts-managed-azure-ad.md b/articles/aks/manage-local-accounts-managed-azure-ad.md
@@ -12,7 +12,7 @@ When you deploy an AKS cluster, local accounts are enabled by default. Even when
 
 ## Before you begin
 
-* See [AKS-managed Azure Active Directory integration](./managed-aad.md) for an overview and setup instructions.
+* See [AKS-managed Azure Active Directory integration](./managed-azure-ad.md) for an overview and setup instructions.
 
 ## Disable local accounts
 
diff --git a/articles/aks/managed-azure-ad.md b/articles/aks/managed-azure-ad.md
diff --git a/articles/aks/trusted-access-feature.md b/articles/aks/trusted-access-feature.md
@@ -28,7 +28,7 @@ This article shows you how to enable secure access from your Azure services to y
 
 ## Trusted Access feature overview
 
-Trusted Access enables you to give explicit consent to your system-assigned MSI of allowed resources to access your AKS clusters using an Azure resource *RoleBinding*. Your Azure resources access AKS clusters through the AKS regional gateway via system-assigned managed identity authentication with the appropriate Kubernetes permissions via an Azure resource *Role*. The Trusted Access feature allows you to access AKS clusters with different configurations, including but not limited to [private clusters](private-clusters.md), [clusters with local accounts disabled](manage-local-accounts-managed-aad.md#disable-local-accounts), [Azure AD clusters](azure-ad-integration-cli.md), and [authorized IP range clusters](api-server-authorized-ip-ranges.md).
+Trusted Access enables you to give explicit consent to your system-assigned MSI of allowed resources to access your AKS clusters using an Azure resource *RoleBinding*. Your Azure resources access AKS clusters through the AKS regional gateway via system-assigned managed identity authentication with the appropriate Kubernetes permissions via an Azure resource *Role*. The Trusted Access feature allows you to access AKS clusters with different configurations, including but not limited to [private clusters](private-clusters.md), [clusters with local accounts disabled](manage-local-accounts-managed-azure-ad.md#disable-local-accounts), [Azure AD clusters](azure-ad-integration-cli.md), and [authorized IP range clusters](api-server-authorized-ip-ranges.md).
 
 ## Prerequisites
 
diff --git a/articles/machine-learning/how-to-deploy-kubernetes-extension.md b/articles/machine-learning/how-to-deploy-kubernetes-extension.md
@@ -41,7 +41,7 @@ In this article, you can learn:
 
 - [Using a service principal with AKS](../aks/kubernetes-service-principal.md) is **not supported** by Azure Machine Learning. The AKS cluster must use a **managed identity** instead. Both **system-assigned managed identity** and **user-assigned managed identity** are supported. For more information, see [Use a managed identity in Azure Kubernetes Service](../aks/use-managed-identity.md).
     -  When your AKS cluster used service principal is converted to use Managed Identity, before installing the extension, all node pools need to be deleted and recreated, rather than updated directly.
-- [Disabling local accounts](../aks/manage-local-accounts-managed-aad.md#disable-local-accounts) for AKS is **not supported**  by Azure Machine Learning. When the AKS Cluster is deployed, local accounts are enabled by default.
+- [Disabling local accounts](../aks/manage-local-accounts-managed-azure-ad.md#disable-local-accounts) for AKS is **not supported**  by Azure Machine Learning. When the AKS Cluster is deployed, local accounts are enabled by default.
 - If your AKS cluster has an [Authorized IP range enabled to access the API server](../aks/api-server-authorized-ip-ranges.md), enable the Azure Machine Learning control plane IP ranges for the AKS cluster. The Azure Machine Learning control plane is deployed across paired regions. Without access to the API server, the machine learning pods can't be deployed. Use the [IP ranges](https://www.microsoft.com/download/confirmation.aspx?id=56519) for both the [paired regions](../availability-zones/cross-region-replication-azure.md) when enabling the IP ranges in an AKS cluster.
 - Azure Machine Learning does not support attaching an AKS cluster cross subscription. If you have an AKS cluster in a different subscription, you must first [connect it to Azure-Arc](../azure-arc/kubernetes/quickstart-connect-cluster.md) and specify in the same subscription as your Azure Machine Learning workspace.
 - Azure Machine Learning does not guarantee support for all preview stage features in AKS. For example, [Azure AD pod identity](../aks/use-azure-ad-pod-identity.md) is not supported.
