updates policy links

Author: davidsmatlak

articles/governance/policy/concepts/policy-for-kubernetes.md

@@ -303,8 +303,8 @@ definitions. There are sample definition files available to assign in [Azure Pol
 
 Azure Policy for Kubernetes also support custom definition creation at the component-level for both Azure Kubernetes Service clusters and Azure Arc-enabled Kubernetes clusters. Constraint template and mutation template samples are available in the [Gatekeeper community library](https://github.com/open-policy-agent/gatekeeper-library/tree/master). [Azure Policy's Visual Studio Code Extension](../how-to/extension-for-vscode.md#create-policy-definition-from-a-constraint-template-or-mutation-template) can be used to help translate an existing constraint template or mutation template to a custom Azure Policy policy definition.
 
-With a [Resource Provider mode](./definition-structure.md#resource-provider-modes) of
-`Microsoft.Kubernetes.Data`, the effects [audit](./effects.md#audit), [deny](./effects.md#deny), [disabled](./effects.md#disabled), and [mutate](./effects.md#mutate-preview) are used to manage your Kubernetes clusters.
+With a [Resource Provider mode](./definition-structure-basics.md#resource-provider-modes) of
+`Microsoft.Kubernetes.Data`, the effects [audit](./effect-audit.md), [deny](./effects.md#deny), [disabled](./effects.md#disabled), and [mutate](./effects.md#mutate-preview) are used to manage your Kubernetes clusters.
 
 _Audit_ and _deny_ must provide `details` properties
 specific to working with
@@ -618,9 +618,9 @@ Security improvements.
 Introducing CEL and VAP. Common Expression Language (CEL) is a Kubernetes-native expression language that can be used to declare validation rules of a policy. Validating Admission Policy (VAP) feature provides in-tree policy evaluation, reduces admission request latency, and improves reliability and availability. The supported validation actions include Deny, Warn, and Audit. Custom policy authoring for CEL/VAP is allowed, and existing users won't need to convert their Rego to CEL as they will both be supported and be used to enforce policies. To use CEL and VAP, users need to enroll in the feature flag `AKS-AzurePolicyK8sNativeValidation` in the `Microsoft.ContainerService` namespace. For more information, view the [Gatekeeper Documentation](https://open-policy-agent.github.io/gatekeeper/website/docs/validating-admission-policy/).
 
 Security improvements.
-- Released September 2024 
+- Released September 2024
 - Kubernetes 1.27+ (VAP generation is only supported on 1.30+)
-- Gatekeeper 3.17.1 
+- Gatekeeper 3.17.1
 
 #### 1.7.0
 
@@ -759,8 +759,8 @@ aligns with how the add-on was installed:
   - Maximum number of Non-compliant records per policy per cluster: **500**
   - Maximum number of Non-compliant records per subscription: **1 million**
   - Installations of Gatekeeper outside of the Azure Policy Add-on aren't supported. Uninstall any components installed by a previous Gatekeeper installation before enabling the Azure Policy Add-on.
-  - [Reasons for non-compliance](../how-to/determine-non-compliance.md#compliance-reasons) aren't available for the Microsoft.Kubernetes.Data [Resource Provider mode](./definition-structure.md#resource-provider-modes). Use [Component details](../how-to/determine-non-compliance.md#component-details-for-resource-provider-modes).
- - Component-level [exemptions](./exemption-structure.md) aren't supported for [Resource Provider modes](./definition-structure.md#resource-provider-modes). Parameters support is available  in Azure Policy definitions to exclude and include particular namespaces.
+  - [Reasons for non-compliance](../how-to/determine-non-compliance.md#compliance-reasons) aren't available for the Microsoft.Kubernetes.Data [Resource Provider mode](./definition-structure-basics.md#resource-provider-modes). Use [Component details](../how-to/determine-non-compliance.md#component-details-for-resource-provider-modes).
+ - Component-level [exemptions](./exemption-structure.md) aren't supported for [Resource Provider modes](./definition-structure-basics.md#resource-provider-modes). Parameters support is available  in Azure Policy definitions to exclude and include particular namespaces.
  - Using the `metadata.gatekeeper.sh/requires-sync-data` annotation in a constraint template to configure the [replication of data](https://open-policy-agent.github.io/gatekeeper/website/docs/sync) from your cluster into the OPA cache is currently only allowed for built-in policies. The reason is because it can dramatically increase the Gatekeeper pods resource usage if not used carefully.
 
 ### Configuring the Gatekeeper Config

articles/governance/policy/samples/index.md

@@ -86,5 +86,5 @@ Azure Government:
 ## Next steps
 
 - See the built-ins on the [Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-count-operator.md

@@ -6,11 +6,11 @@ ms.topic: sample
 ---
 # Azure Policy pattern: the count operator
 
-The [count](../concepts/definition-structure.md#count) operator evaluates members of a \[\*\] alias.
+The [count](../concepts/definition-structure-policy-rule.md#count) operator evaluates members of a \[\*\] alias.
 
 ## Sample policy definition
 
-This policy definition [audits](../concepts/effects.md#audit) Network Security Groups configured to
+This policy definition [audits](../concepts/effect-audit.md) Network Security Groups configured to
 allow inbound Remote Desktop Protocol (RDP) traffic.
 
 :::code language="json" source="~/policy-templates/patterns/pattern-count-operator.json":::
@@ -20,7 +20,7 @@ allow inbound Remote Desktop Protocol (RDP) traffic.
 The core components of the **count** operator are _field_, _where_, and the condition. Each is
 highlighted in the following snippet.
 
-- _field_ tells count which [alias](../concepts/definition-structure.md#aliases) to evaluate members
+- _field_ tells count which [alias](../concepts/definition-structure-alias.md) to evaluate members
   of. Here, we're looking at the **securityRules\[\*\]** alias _array_ of the network security
   group.
 - _where_ uses the policy language to define which _array_ members meet the criteria. In this
@@ -34,5 +34,5 @@ highlighted in the following snippet.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-deploy-resources.md

@@ -6,10 +6,10 @@ ms.topic: sample
 ---
 # Azure Policy pattern: deploy resources
 
-The [deployIfNotExists](../concepts/effects.md#deployifnotexists) effect makes it possible to deploy
+The [deployIfNotExists](../concepts/effect-deploy-if-not-exists.md) effect makes it possible to deploy
 an [Azure Resource Manager template](/azure/azure-resource-manager/templates/overview) (ARM
 template) when creating or updating a resource that isn't compliant. This approach can be preferred
-to using the [deny](../concepts/effects.md#deny) effect as it lets resources continue to be created,
+to using the [deny](../concepts/effect-deny.md) effect as it lets resources continue to be created,
 but ensures the changes are made to make them compliant.
 
 ## Sample policy definition
@@ -71,5 +71,5 @@ three core components:
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-effect-details.md

@@ -6,14 +6,14 @@ ms.topic: sample
 ---
 # Azure Policy pattern: effects
 
-Azure Policy has many [effects](../concepts/effects.md) that determine how the service reacts to
+Azure Policy has many [effects](../concepts/effect-basics.md) that determine how the service reacts to
 non-compliant resources. Some effects are simple and require no additional properties in the policy
 definition while others require several properties.
 
 ## Sample 1: Simple effect
 
 This policy definition checks to see whether the tag defined in parameter **tagName** exists on the
-evaluated resource. If the tag doesn't yet exist, the [modify](../concepts/effects.md#modify) effect
+evaluated resource. If the tag doesn't yet exist, the [modify](../concepts/effect-modify.md) effect
 is triggered to add the tag with the value in parameter **tagValue**.
 
 :::code language="json" source="~/policy-templates/patterns/pattern-effect-details-1.json":::
@@ -31,7 +31,7 @@ the _add_ **operation** and the parameters are used to set the tag and its value
 
 This policy definition audits each virtual machine for when an extension, defined in parameters
 **publisher** and **type**, doesn't exist. It uses
-[auditIfNotExists](../concepts/effects.md#auditifnotexists) to check a resource related to the
+[auditIfNotExists](../concepts/effect-audit.mdifnotexists) to check a resource related to the
 virtual machine to see whether an instance exists that matches the defined parameters. This example
 checks the **extensions** type.
 
@@ -43,12 +43,12 @@ checks the **extensions** type.
 
 An **auditIfNotExists** effect requires the **policyRule.then.details** block to define both a
 **type** and the **existenceCondition** to look for. The **existenceCondition** uses policy language
-elements, such as [logical operators](../concepts/definition-structure.md#logical-operators), to
+elements, such as [logical operators](../concepts/definition-structure-policy-rule.md#logical-operators), to
 determine whether a matching related resource exists. In this example, the values checked against
-each [alias](../concepts/definition-structure.md#aliases) are defined in parameters.
+each [alias](../concepts/definition-structure-alias.md) are defined in parameters.
 
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-fields.md

@@ -6,15 +6,15 @@ ms.topic: sample
 ---
 # Azure Policy pattern: field properties
 
-The [field](../concepts/definition-structure.md#fields) operator evaluates the specified property or
-[alias](../concepts/definition-structure.md#aliases) to a provided value for a given
-[condition](../concepts/definition-structure.md#conditions).
+The [field](../concepts/definition-structure-policy-rule.md#fields) operator evaluates the specified property or
+[alias](../concepts/definition-structure-alias.md) to a provided value for a given
+[condition](../concepts/definition-structure-policy-rule.md#conditions).
 
 ## Sample policy definition
 
 This policy definition enables you to define allowed regions that meet your organization's
 geo-location requirements. The allowed resources are defined in parameter **listOfAllowedLocations**
-(_array_). Resources that match the definition are [denied](../concepts/effects.md#deny).
+(_array_). Resources that match the definition are [denied](../concepts/effect-deny.md).
 
 :::code language="json" source="~/policy-templates/patterns/pattern-fields.json":::
 
@@ -23,7 +23,7 @@ geo-location requirements. The allowed resources are defined in parameter **list
 :::code language="json" source="~/policy-templates/patterns/pattern-fields.json" range="18-36" highlight="3,7,11":::
 
 The **field** operator is used three times within the
-[logical operator](../concepts/definition-structure.md#logical-operators) **allOf**.
+[logical operator](../concepts/definition-structure-policy-rule.md#logical-operators) **allOf**.
 
 - The first use evaluates the `location` property with the **notIn** condition to the
   **listOfAllowedLocations** parameter. **notIn** works as it expects an _array_ and the parameter
@@ -42,5 +42,5 @@ creation or update is blocked by Azure Policy.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-group-with-initiative.md

@@ -42,5 +42,5 @@ passthrough of values improves reuse.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-logical-operators.md

@@ -8,14 +8,14 @@ ms.topic: sample
 
 A policy definition can contain several conditional statements. You might need each statement to be
 true or only need some of them to be true. To support these needs, the language has
-[logical operators](../concepts/definition-structure.md#logical-operators) for **not**, **allOf**,
+[logical operators](../concepts/definition-structure-policy-rule.md#logical-operators) for **not**, **allOf**,
 and **anyOf**. They're optional and can be nested to create complex scenarios.
 
 ## Sample 1: One logical operator
 
 This policy definition evaluates [Azure Cosmos DB](/azure/cosmos-db/introduction) accounts to
 see whether automatic failovers and multiple write locations are configured. When they aren't, the
-[audit](../concepts/effects.md#audit) triggers and creates a log entry when the non-compliant
+[audit](../concepts/effect-audit.md) triggers and creates a log entry when the non-compliant
 resource is created or updated.
 
 :::code language="json" source="~/policy-templates/patterns/pattern-logical-operators-1.json":::
@@ -30,7 +30,7 @@ Only when all of these conditions evaluate to true does the **audit** effect tri
 ## Sample 2: Multiple logical operators
 
 This policy definition evaluates resources for a naming pattern. If a resource doesn't match, it's
-[denied](../concepts/effects.md#deny).
+[denied](../concepts/effect-deny.md).
 
 :::code language="json" source="~/policy-templates/patterns/pattern-logical-operators-2.json":::
 
@@ -62,5 +62,5 @@ conditions in the **anyOf** are true, the policy effect triggers.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-parameters.md

@@ -7,7 +7,7 @@ ms.topic: sample
 # Azure Policy pattern: parameters
 
 A policy definition can be made dynamic to reduce the number of policy definitions that are needed
-by using [parameters](../concepts/definition-structure.md#parameters). The parameter is defined
+by using [parameters](../concepts/definition-structure-parameters.md). The parameter is defined
 during policy assignment. Parameters have a set of pre-defined properties that describe the
 parameter and how it's used.
 
@@ -39,7 +39,7 @@ used to define the field that is evaluated, which is a tag with the value of **t
 
 This policy definition uses a single parameter, **listOfBandwidthinMbps**, to check if the Express
 Route Circuit resource has configured the bandwidth setting to one of the approved values. If it
-doesn't match, the creation or update to the resource is [denied](../concepts/effects.md#deny).
+doesn't match, the creation or update to the resource is [denied](../concepts/effect-deny.md).
 
 :::code language="json" source="~/policy-templates/patterns/pattern-parameters-2.json":::
 
@@ -51,7 +51,7 @@ In this portion of the policy definition, the **listOfBandwidthinMbps** paramete
 _array_ and a description is provided for its use. As an _array_, it has multiple values to match.
 
 The parameter is then used in the **policyRule.if** block. As an _array_ parameter, an _array_
-[condition](../concepts/definition-structure.md#conditions)'s **in** or **notIn** must be used.
+[condition](../concepts/definition-structure-policy-rule.md#conditions)'s **in** or **notIn** must be used.
 Here, it's used against the **serviceProvider.bandwidthInMbps** alias as one of the defined values.
 
 :::code language="json" source="~/policy-templates/patterns/pattern-parameters-2.json" range="21-24" highlight="3":::
@@ -79,5 +79,5 @@ The parameter is then used in the **policyRule.then** block for the _effect_.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).

articles/governance/policy/samples/pattern-tags.md

@@ -9,7 +9,7 @@ ms.topic: sample
 [Tags](/azure/azure-resource-manager/management/tag-resources) are an important part of
 managing, organizing, and governing your Azure resources. Azure Policy makes it possible to
 configure tags on your new and existing resources at scale with the
-[modify](../concepts/effects.md#modify) effect and
+[modify](../concepts/effect-modify.md) effect and
 [remediation tasks](../how-to/remediate-resources.md).
 
 ## Sample 1: Parameterize tags
@@ -31,7 +31,7 @@ for any number of tag name and tag value combinations, but only maintain a singl
 
 In this sample, **mode** is set to _All_ since it targets a resource group. In most cases, **mode**
 should be set to _Indexed_ when working with tags. For more information, see
-[modes](../concepts/definition-structure.md#resource-manager-modes).
+[modes](../concepts/definition-structure-basics.md#resource-manager-modes).
 
 :::code language="json" source="~/policy-templates/patterns/pattern-tags-1.json" range="26-36" highlight="7-8":::
 
@@ -58,7 +58,7 @@ the parent resource group.
 
 In this sample, **mode** is set to _Indexed_ since it doesn't target a resource group or
 subscription even though it gets the value from a resource group. For more information, see
-[modes](../concepts/definition-structure.md#resource-manager-modes).
+[modes](../concepts/definition-structure-basics.md#mode).
 
 :::code language="json" source="~/policy-templates/patterns/pattern-tags-2.json" range="19-29" highlight="3-4,7-8":::
 
@@ -78,5 +78,5 @@ update existing resources.
 ## Next steps
 
 - Review other [patterns and built-in definitions](./index.md).
-- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
-- Review [Understanding policy effects](../concepts/effects.md).
+- Review the [Azure Policy definition structure](../concepts/definition-structure-basics.md).
+- Review [Understanding policy effects](../concepts/effect-basics.md).