Merge pull request #250988 from rwestMSFT/rw-0911-fix-markdown-links

[SCOPED] Fix malformed Markdown links

Author: Court72

articles/active-directory-b2c/partner-cloudflare.md

@@ -42,7 +42,7 @@ After a custom domain for Azure AD B2C is configured using Azure Front Door, [te
 
 ## Create a Cloudflare account
 
-On cloudflare.com, you can [create an account](https://dash.cloudflare.com/sign-up). To enable WAF, on [Application Services]([https://www.cloudflare.com/plans/](https://www.cloudflare.com/plans/#price-matrix) select **Pro**, which is required.
+On cloudflare.com, you can [create an account](https://dash.cloudflare.com/sign-up). To enable WAF, on [Application Services](https://www.cloudflare.com/plans/#price-matrix), select **Pro**, which is required.
 
 ### Configure DNS
 

articles/active-directory/app-provisioning/insufficient-access-rights-error-troubleshooting.md

@@ -75,7 +75,7 @@ Reference articles that explain the reason in detail:
 
 If option 1 is not feasible and doesn't work as expected, then ask Cx to check with their AD admin and security administrators, if they are allowed to modify the default permissions of the ```AdminSDHolder``` container. This [article](https://go.microsoft.com/fwlink/?linkid=2240198) that explains the importance of the ```AdminSDHolder``` container. Once Cx gets internal approval to update the ```AdminSDHolder``` container permissions, there are two ways to update the permissions.
 
-*    Using ```ADSIEdit``` as described in this [article](https://petri.com/active-directory-security-understanding-adminsdholder-object ).
+*    Using ```ADSIEdit``` as described in this [article](https://petri.com/active-directory-security-understanding-adminsdholder-object).
 *    Using ```DSACLS``` command-line script. Here's an example script that could be used as a starting point and Cx can tweak it as per their requirements.
 
 ```powershell

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -53,9 +53,9 @@ The **core** user schema only requires three attributes (all other attributes ar
 - `userName`, a unique identifier for the user (generally maps to the Azure AD user principal name)
 - `meta`, *read-only* metadata maintained by the service provider
 
-In addition to the **core** user schema, the SCIM standard defines an **enterprise** user extension with a model for extending the user schema to meet your application’s needs. 
+In addition to the **core** user schema, the SCIM standard defines an **enterprise** user extension with a model for extending the user schema to meet your application's needs. 
 
-For example, if your application requires both a user's email and user’s manager, use the **core** schema to collect the user’s email and the **enterprise** user schema to collect the user’s manager.
+For example, if your application requires both a user's email and user's manager, use the **core** schema to collect the user's email and the **enterprise** user schema to collect the user's manager.
 
 To design your schema, follow these steps:
 
@@ -72,7 +72,7 @@ The following table lists an example of required attributes:
 |loginName|userName|userPrincipalName|
 |firstName|name.givenName|givenName|
 |lastName|name.familyName|surName|
-|workMail|emails[type eq “work”].value|Mail|
+|workMail|emails[type eq "work"].value|Mail|
 |manager|manager|manager|
 |tag|`urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:tag`|extensionAttribute1|
 |status|active|isSoftDeleted (computed value not stored on user)|
@@ -933,7 +933,7 @@ The open source .NET Core [reference code example](https://aka.ms/SCIMReferenceC
 
 The solution is composed of two projects, _Microsoft.SCIM_ and _Microsoft.SCIM.WebHostSample_.
 
-The _Microsoft.SCIM_ project is the library that defines the components of the web service that conforms to the SCIM specification. It declares the interface _Microsoft.SCIM.IProvider_, requests are translated into calls to the provider’s methods, which would be programmed to operate on an identity store.
+The _Microsoft.SCIM_ project is the library that defines the components of the web service that conforms to the SCIM specification. It declares the interface _Microsoft.SCIM.IProvider_, requests are translated into calls to the provider's methods, which would be programmed to operate on an identity store.
 
 ![Breakdown: A request translated into calls to the provider's methods](media/use-scim-to-provision-users-and-groups/scim-figure-3.png)
 
@@ -992,7 +992,7 @@ Requests from Azure AD Provisioning Service include an OAuth 2.0 bearer token. A
 
 
 
-In the sample code, requests are authenticated using the Microsoft.AspNetCore.Authentication.JwtBearer package. The following code enforces that requests to any of the service’s endpoints are authenticated using the bearer token issued by Azure AD for a specified tenant:
+In the sample code, requests are authenticated using the Microsoft.AspNetCore.Authentication.JwtBearer package. The following code enforces that requests to any of the service's endpoints are authenticated using the bearer token issued by Azure AD for a specified tenant:
 
 ```csharp
 public void ConfigureServices(IServiceCollection services)
@@ -1031,7 +1031,7 @@ A bearer token is also required to use of the provided [Postman tests](https://g
 
 For more information on multiple environments in ASP.NET Core, see [Use multiple environments in ASP.NET Core](/aspnet/core/fundamentals/environments).
 
-The following code enforces that requests to any of the service’s endpoints are authenticated using a bearer token signed with a custom key:
+The following code enforces that requests to any of the service's endpoints are authenticated using a bearer token signed with a custom key:
 
 ```csharp
 public void ConfigureServices(IServiceCollection services)
@@ -1105,7 +1105,7 @@ GET https://.../scim/Users?filter=externalId eq jyoung HTTP/1.1
  Authorization: Bearer ...
 ```
 
-In the sample code, the request is translated into a call to the QueryAsync method of the service’s provider. Here's the signature of that method: 
+In the sample code, the request is translated into a call to the QueryAsync method of the service's provider. Here's the signature of that method: 
 
 ```csharp
 // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
@@ -1161,7 +1161,7 @@ Content-type: application/scim+json
    "manager":null}
 ```
 
-In the sample code, the request is translated into a call to the CreateAsync method of the service’s provider. Here's the signature of that method: 
+In the sample code, the request is translated into a call to the CreateAsync method of the service's provider. Here's the signature of that method: 
 
 ```csharp
 // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
@@ -1184,7 +1184,7 @@ GET ~/scim/Users/54D382A4-2050-4C03-94D1-E769F1D15682 HTTP/1.1
 Authorization: Bearer ...
 ```
 
-In the sample code, the request is translated into a call to the RetrieveAsync method of the service’s provider. Here's the signature of that method: 
+In the sample code, the request is translated into a call to the RetrieveAsync method of the service's provider. Here's the signature of that method: 
 
 ```csharp
 // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
@@ -1205,7 +1205,7 @@ In the example of a request, to retrieve the current state of a user, the values
 ***Example 4. Query the value of a reference attribute to be updated*** 
 
 Azure AD checks the current attribute value in the identity store before updating it. However, only the manager attribute is the checked first for users. Here's an example of a request to determine whether the manager attribute of a user object currently has a certain value: 
-In the sample code, the request is translated into a call to the QueryAsync method of the service’s provider. The value of the properties of the object provided as the value of the parameters argument are as follows: 
+In the sample code, the request is translated into a call to the QueryAsync method of the service's provider. The value of the properties of the object provided as the value of the parameters argument are as follows: 
 
 * parameters.AlternateFilters.Count: 2
 * parameters.AlternateFilters.ElementAt(x).AttributePath: "ID"
@@ -1243,7 +1243,7 @@ Content-type: application/scim+json
               "value":"2819c223-7f76-453a-919d-413861904646"}]}]}
 ```
 
-In the sample code, the request is translated into a call to the UpdateAsync method of the service’s provider. Here's the signature of that method: 
+In the sample code, the request is translated into a call to the UpdateAsync method of the service's provider. Here's the signature of that method: 
 
 ```csharp
 // System.Threading.Tasks.Tasks and 
@@ -1278,7 +1278,7 @@ DELETE ~/scim/Users/54D382A4-2050-4C03-94D1-E769F1D15682 HTTP/1.1
 Authorization: Bearer ...
 ```
 
-In the sample code, the request is translated into a call to the DeleteAsync method of the service’s provider. Here's the signature of that method: 
+In the sample code, the request is translated into a call to the DeleteAsync method of the service's provider. Here's the signature of that method: 
 
 ```csharp
 // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
@@ -1434,8 +1434,7 @@ To help drive awareness and demand of our joint integration, we recommend you up
 > * Craft a blog post or press release that describes the joint integration, the benefits and how to get started. [Example: Imprivata and Azure AD Press Release](https://www.imprivata.com/company/press/imprivata-introduces-iam-cloud-platform-healthcare-supported-microsoft) 
 > * Leverage your social media like Twitter, Facebook or LinkedIn to promote the integration to your customers. Be sure to include @AzureAD so we can retweet your post. [Example: Imprivata Twitter Post](https://twitter.com/azuread/status/1123964502909779968)
 > * Create or update your marketing pages/website (e.g. integration page, partner page, pricing page, etc.) to include the availability of the joint integration. [Example: Pingboard integration Page](https://pingboard.com/org-chart-for), [Smartsheet integration page](https://www.smartsheet.com/marketplace/apps/microsoft-azure-ad), [Monday.com pricing page](https://monday.com/pricing/) 
-> * Create a help center article or technical documentation on how customers can get started. [Example: Envoy + Microsoft Azure AD integration.](https://envoy.help/en/articles/3453335-microsoft-azure-active-directory-integration/
-) 
+> * Create a help center article or technical documentation on how customers can get started. [Example: Envoy + Microsoft Azure AD integration.](https://envoy.help/en/articles/3453335-microsoft-azure-active-directory-integration/) 
 > * Alert customers of the new integration through your customer communication (monthly newsletters, email campaigns, product release notes). 
 
 ## Next steps

articles/active-directory/architecture/2-secure-access-current-state.md

@@ -85,7 +85,7 @@ Investigate access to your sensitive apps for awareness about external access. S
 If your email and network plans are enabled, you can investigate content sharing through email or unauthorized software as a service (SaaS) apps. 
 
 * Identify, prevent, and monitor accidental sharing
-  * [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide&preserve-view=true )
+  * [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide&preserve-view=true)
 * Identify unauthorized apps
   * [Microsoft Defender for Cloud Apps overview](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 

articles/active-directory/architecture/6-secure-access-entitlement-managment.md

@@ -102,11 +102,11 @@ Learn more: [Plan a Microsoft Entra access reviews deployment](../governance/dep
 
 ## Using entitlement management automation
 
-* [Working with the Azure AD entitlement management API](/graph/api/resources/entitlementmanagement-overview?view=graph-rest-1.0&preserve-view=true )
-* [accessPackage resource type](/graph/api/resources/accesspackage?view=graph-rest-1.0&preserve-view=true )
-* [Azure AD access reviews](/graph/api/resources/accessreviewsv2-overview?view=graph-rest-1.0&preserve-view=true )
-* [connectedOrganization resource type](/graph/api/resources/connectedorganization?view=graph-rest-1.0&preserve-view=true )
-* [entitlementManagementSettings resource type](/graph/api/resources/entitlementmanagementsettings?view=graph-rest-1.0&preserve-view=true )
+* [Working with the Azure AD entitlement management API](/graph/api/resources/entitlementmanagement-overview?view=graph-rest-1.0&preserve-view=true)
+* [accessPackage resource type](/graph/api/resources/accesspackage?view=graph-rest-1.0&preserve-view=true)
+* [Azure AD access reviews](/graph/api/resources/accessreviewsv2-overview?view=graph-rest-1.0&preserve-view=true)
+* [connectedOrganization resource type](/graph/api/resources/connectedorganization?view=graph-rest-1.0&preserve-view=true)
+* [entitlementManagementSettings resource type](/graph/api/resources/entitlementmanagementsettings?view=graph-rest-1.0&preserve-view=true)
 
 ## External access governance recommendations 
 

articles/active-directory/authentication/how-to-migrate-mfa-server-to-mfa-with-federation.md

@@ -175,7 +175,7 @@ This section covers final steps before migrating user MFA settings.
 
 ### Set federatedIdpMfaBehavior to enforceMfaByFederatedIdp
 
-For federated domains, MFA may be enforced by Azure AD Conditional Access or by the on-premises federation provider. Each federated domain has a Microsoft Graph PowerShell security setting named **federatedIdpMfaBehavior**. You can set **federatedIdpMfaBehavior** to `enforceMfaByFederatedIdp` so Azure AD accepts MFA that's performed by the federated identity provider. If the federated identity provider didn't perform MFA, Azure AD redirects the request to the federated identity provider to perform MFA. For more information, see [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true ).
+For federated domains, MFA may be enforced by Azure AD Conditional Access or by the on-premises federation provider. Each federated domain has a Microsoft Graph PowerShell security setting named **federatedIdpMfaBehavior**. You can set **federatedIdpMfaBehavior** to `enforceMfaByFederatedIdp` so Azure AD accepts MFA that's performed by the federated identity provider. If the federated identity provider didn't perform MFA, Azure AD redirects the request to the federated identity provider to perform MFA. For more information, see [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true).
 
    >[!NOTE]
    > The **federatedIdpMfaBehavior** setting is a new version of the **SupportsMfa** property of the [New-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration) cmdlet. 

articles/active-directory/develop/quickstart-v2-aspnet-core-webapp-calls-graph.md

@@ -62,7 +62,7 @@ ms.custom: devx-track-csharp, aaddev, "scenarios:getting-started", "languages:as
 > 
 > ### How the sample works
 > 
-> ![Shows how the sample app generated by this quickstart works](./configure-app-multi-instancing.md aspnetcorewebapp-intro.svg)
+> :::image type="content" source="media/quickstart-v2-aspnet-core-webapp/aspnetcorewebapp-intro.svg" alt-text="Diagram that how the sample app generated by this quickstart works.":::
 > 
 > ### Startup class
 > 

articles/active-directory/enterprise-users/signin-account-support.md

@@ -27,7 +27,7 @@ You can tell if the sign-in page your organization uses supports Microsoft accou
 
 ![Difference between account sign-in pages](./media/signin-account-support/ui-prompt.png)
 
-[Additional sign-in options work only for personal Microsoft accounts](https://azure.microsoft.com/updates/microsoft-account-signin-options/ ) but can't be used for signing in to work or school account resources.
+[Additional sign-in options work only for personal Microsoft accounts](https://azure.microsoft.com/updates/microsoft-account-signin-options/) but can't be used for signing in to work or school account resources.
 
 ## Next steps
 

articles/active-directory/external-identities/direct-federation.md

@@ -286,7 +286,7 @@ To remove a configuration for an IdP in the Microsoft Entra admin center:
 
 1. Select **OK** to confirm deletion.
 
-You can also remove federation using the Microsoft Graph API [samlOrWsFedExternalDomainFederation](/graph/api/resources/samlorwsfedexternaldomainfederation?view=graph-rest-beta&preserve-view=true ) resource type.
+You can also remove federation using the Microsoft Graph API [samlOrWsFedExternalDomainFederation](/graph/api/resources/samlorwsfedexternaldomainfederation?view=graph-rest-beta&preserve-view=true) resource type.
 
 ## Next steps
 

articles/active-directory/fundamentals/faq.yml

@@ -28,8 +28,7 @@ sections:
       - question: |
           Why do I get "No subscriptions found" when I try to access Azure AD in the Azure portal?
         answer: |
-          To access the Azure portal, each user needs permissions with an Azure subscription. If you don't have a paid Microsoft 365 or Azure AD subscription, you will need to activate a free [Azure account](https://azure.microsoft.com/free/
-          ) or a paid subscription.
+          To access the Azure portal, each user needs permissions with an Azure subscription. If you don't have a paid Microsoft 365 or Azure AD subscription, you will need to activate a free [Azure account](https://azure.microsoft.com/free/) or a paid subscription.
           
           For more information, see: