Merge pull request #291118 from davidsmatlak/ds-policy-updates-20241126

[BULK] Updates Policy docs links

Author: Jill Grant

articles/governance/policy/assign-policy-portal.md

@@ -58,7 +58,7 @@ In this quickstart, you create a policy assignment with a built-in policy defini
    | Tab name | Options |
    | ---- | ---- |
    | **Parameters** | If the policy definition you selected on the **Basics** tab has parameters, you configure them on the **Parameters** tab. This example doesn't use parameters. |
-   | **Remediation** | You can create a managed identity. For this example, **Create a Managed Identity** is unchecked. <br><br> This box _must_ be checked when a policy or initiative includes a policy with either the [deployIfNotExists](./concepts/effects.md#deployifnotexists) or [modify](./concepts/effects.md#modify) effect. For more information, go to [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [how remediation access control works](./how-to/remediate-resources.md#how-remediation-access-control-works). |
+   | **Remediation** | You can create a managed identity. For this example, **Create a Managed Identity** is unchecked. <br><br> This box _must_ be checked when a policy or initiative includes a policy with either the [deployIfNotExists](./concepts/effect-deploy-if-not-exists.md) or [modify](./concepts/effect-modify.md) effect. For more information, go to [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [how remediation access control works](./how-to/remediate-resources.md#how-remediation-access-control-works). |
 
 1. Select **Next** and on the **Non-compliance messages** tab create a **Non-compliance message** like _Virtual machines should use managed disks_.
 

articles/governance/policy/concepts/assignment-structure.md

@@ -275,7 +275,7 @@ One override can be used to replace the effect of many policies by specifying mu
 
 The `enforcementMode` property provides customers the ability to test the outcome of a policy on existing resources without initiating the policy effect or triggering entries in the [Azure Activity log](/azure/azure-monitor/essentials/platform-logs-overview).
 
-This scenario is commonly referred to as _What If_ and aligns to safe deployment practices. `enforcementMode` is different from the [Disabled](./effects.md#disabled) effect, as that effect prevents resource evaluation from happening at all.
+This scenario is commonly referred to as _What If_ and aligns to safe deployment practices. `enforcementMode` is different from the [Disabled](./effect-disabled.md) effect, as that effect prevents resource evaluation from happening at all.
 
 This property has the following values:
 
@@ -284,7 +284,7 @@ This property has the following values:
 |Enabled |Default |string |Yes |Yes |The policy effect is enforced during resource creation or update. |
 |Disabled |DoNotEnforce |string |Yes |No | The policy effect isn't enforced during resource creation or update. |
 
-If `enforcementMode` isn't specified in a policy or initiative definition, the value _Default_ is used. [Remediation tasks](../how-to/remediate-resources.md) can be started for [deployIfNotExists](./effects.md#deployifnotexists) policies, even when `enforcementMode` is set to _DoNotEnforce_.
+If `enforcementMode` isn't specified in a policy or initiative definition, the value _Default_ is used. [Remediation tasks](../how-to/remediate-resources.md) can be started for [deployIfNotExists](./effect-deploy-if-not-exists.md) policies, even when `enforcementMode` is set to _DoNotEnforce_.
 
 ## Excluded scopes
 

articles/governance/policy/concepts/definition-structure-alias.md

@@ -30,7 +30,7 @@ The list of aliases is always growing. To find which aliases Azure Policy suppor
   ```
 
   > [!NOTE]
-  > To find aliases that can be used with the [modify](./effects.md#modify) effect, use the
+  > To find aliases that can be used with the [modify](./effect-modify.md) effect, use the
   > following command in Azure PowerShell **4.6.0** or higher:
   >
   > ```azurepowershell-interactive
@@ -83,7 +83,7 @@ For more information and examples, see [Referencing array resource properties](.
 - For more information about policy definition structure, go to [basics](./definition-structure-basics.md), [parameters](./definition-structure-parameters.md), and [policy rule](./definition-structure-policy-rule.md).
 - For initiatives, go to [initiative definition structure](./initiative-definition-structure.md).
 - Review examples at [Azure Policy samples](../samples/index.md).
-- Review [Understanding policy effects](effects.md).
+- Review [Understanding policy effects](effect-basics.md).
 - Understand how to [programmatically create policies](../how-to/programmatically-create.md).
 - Learn how to [get compliance data](../how-to/get-compliance-data.md).
 - Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md).

articles/governance/policy/concepts/definition-structure-parameters.md

@@ -193,7 +193,7 @@ The non _resource type_ allowed values for `strongType` are:
 - For more information about policy definition structure, go to [basics](./definition-structure-basics.md), [policy rule](./definition-structure-policy-rule.md), and [alias](./definition-structure-alias.md).
 - For initiatives, go to [initiative definition structure](./initiative-definition-structure.md).
 - Review examples at [Azure Policy samples](../samples/index.md).
-- Review [Understanding policy effects](effects.md).
+- Review [Understanding policy effects](effect-basics.md).
 - Understand how to [programmatically create policies](../how-to/programmatically-create.md).
 - Learn how to [get compliance data](../how-to/get-compliance-data.md).
 - Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md).

articles/governance/policy/concepts/definition-structure-policy-rule.md

@@ -633,7 +633,7 @@ The following functions are only available in policy rules:
 - `field(fieldName)`
   - `fieldName`: [Required] string - Name of the [field](./definition-structure-policy-rule.md#fields) to retrieve
   - Returns the value of that field from the resource that is being evaluated by the If condition.
-  - `field` is primarily used with `auditIfNotExists` and `deployIfNotExists` to reference fields on the resource that are being evaluated. An example of this use can be seen in the [DeployIfNotExists example](effects.md#deployifnotexists-example).
+  - `field` is primarily used with `auditIfNotExists` and `deployIfNotExists` to reference fields on the resource that are being evaluated. An example of this use can be seen in the [DeployIfNotExists example](effect-deploy-if-not-exists.md#deployifnotexists-example).
 
 - `requestContext().apiVersion`
   - Returns the API version of the request that triggered policy evaluation (example: `2021-09-01`). This value is the API version that was used in the PUT/PATCH request for evaluations on resource creation/update. The latest API version is always used during compliance evaluation on existing resources.
@@ -727,7 +727,7 @@ The length of the string created by the `concat()` function depends on the value
 - For more information about policy definition structure, go to [basics](./definition-structure-basics.md), [parameters](./definition-structure-parameters.md), and [alias](./definition-structure-alias.md).
 - For initiatives, go to [initiative definition structure](./initiative-definition-structure.md).
 - Review examples at [Azure Policy samples](../samples/index.md).
-- Review [Understanding policy effects](effects.md).
+- Review [Understanding policy effects](effect-basics.md).
 - Understand how to [programmatically create policies](../how-to/programmatically-create.md).
 - Learn how to [get compliance data](../how-to/get-compliance-data.md).
 - Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md).

articles/governance/policy/concepts/effect-add-to-network-group.md

@@ -7,7 +7,7 @@ ms.topic: conceptual
 
 # Azure Policy definitions addToNetworkGroup effect
 
-The `addToNetworkGroup` effect is used in Azure Virtual Network Manager to define dynamic network group membership. This effect is specific to `Microsoft.Network.Data` [policy mode](./definition-structure.md#resource-provider-modes) definitions only.
+The `addToNetworkGroup` effect is used in Azure Virtual Network Manager to define dynamic network group membership. This effect is specific to `Microsoft.Network.Data` [policy mode](./definition-structure-basics.md#resource-provider-modes) definitions only.
 
 With network groups, your policy definition includes your conditional expression for matching virtual networks meeting your criteria, and specifies the destination network group where any matching resources are placed. The `addToNetworkGroup` effect is used to place resources in the destination network group.
 

articles/governance/policy/concepts/effect-basics.md

@@ -36,7 +36,7 @@ The following list is some general guidance around interchangeable effects:
 
 ## Order of evaluation
 
-Azure Policy's first evaluation is for requests to create or update a resource. Azure Policy creates a list of all assignments that apply to the resource and then evaluates the resource against each definition. For a [Resource Manager mode](./definition-structure.md#resource-manager-modes), Azure Policy processes several of the effects before handing the request to the appropriate Resource Provider. This order prevents unnecessary processing by a Resource Provider when a resource doesn't meet the designed governance controls of Azure Policy. With a [Resource Provider mode](./definition-structure.md#resource-provider-modes), the Resource Provider manages the evaluation and outcome and reports the results back to Azure Policy.
+Azure Policy's first evaluation is for requests to create or update a resource. Azure Policy creates a list of all assignments that apply to the resource and then evaluates the resource against each definition. For a [Resource Manager mode](./definition-structure-basics.md#resource-manager-modes), Azure Policy processes several of the effects before handing the request to the appropriate Resource Provider. This order prevents unnecessary processing by a Resource Provider when a resource doesn't meet the designed governance controls of Azure Policy. With a [Resource Provider mode](./definition-structure-basics.md#resource-provider-modes), the Resource Provider manages the evaluation and outcome and reports the results back to Azure Policy.
 
 - `disabled` is checked first to determine whether the policy rule should be evaluated.
 - `append` and `modify` are then evaluated. Since either could alter the request, a change made might prevent an audit or deny effect from triggering. These effects are only available with a Resource Manager mode.

articles/governance/policy/concepts/effect-deny-action.md

@@ -38,7 +38,7 @@ The `details` property of the `denyAction` effect has all the subproperties that
   - Supported action names are: `delete`.
 - `cascadeBehaviors` (optional)
   - An _object_ that defines which behavior is followed when a resource is implicitly deleted when a resource group is removed.
-  - Only supported in policy definitions with [mode](./definition-structure.md#resource-manager-modes) set to `indexed`.
+  - Only supported in policy definitions with [mode](./definition-structure-basics.md#resource-manager-modes) set to `indexed`.
   - Allowed values are `allow` or `deny`.
   - Default value is `deny`.
 

articles/governance/policy/concepts/effect-modify.md

@@ -7,13 +7,13 @@ ms.topic: conceptual
 
 # Azure Policy definitions modify effect
 
-The `modify` effect is used to add, update, or remove properties or tags on a subscription or resource during creation or update. Existing non-compliant resources can also be remediated with a [remediation task](../how-to/remediate-resources.md). Policy assignments with effect set as Modify require a [managed identity](../how-to/remediate-resources.md) to do remediation. A common example using `modify` effect is updating tags on resources such as 'costCenter'. 
+The `modify` effect is used to add, update, or remove properties or tags on a subscription or resource during creation or update. Existing non-compliant resources can also be remediated with a [remediation task](../how-to/remediate-resources.md). Policy assignments with effect set as Modify require a [managed identity](../how-to/remediate-resources.md) to do remediation. A common example using `modify` effect is updating tags on resources such as 'costCenter'.
 
 There are some nuances in modification behavior for resource properties. Learn more about scenarios when modification is [skipped](#skipped-modification).
 
 A single `modify` rule can have any number of operations. Supported operations are:
 
-- _Add_, _replace_, or _remove_ resource tags. Only tags can be removed. For tags, a Modify policy should have [mode](./definition-structure.md#resource-manager-modes) set to `indexed` unless the target resource is a resource group.
+- _Add_, _replace_, or _remove_ resource tags. Only tags can be removed. For tags, a Modify policy should have [mode](./definition-structure-basics.md#resource-manager-modes) set to `indexed` unless the target resource is a resource group.
 - _Add_ or _replace_ the value of managed identity type (`identity.type`) of virtual machines and Virtual Machine Scale Sets. You can only modify the `identity.type` for virtual machines or Virtual Machine Scale Sets.
 - _Add_ or _replace_ the values of certain aliases.
   - Use `Get-AzPolicyAlias | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.DefaultMetadata.Attributes -eq 'Modifiable' }` in Azure PowerShell **4.6.0** or higher to get a list of aliases that can be used with `modify`.
@@ -26,7 +26,7 @@ A single `modify` rule can have any number of operations. Supported operations a
 
 ## Modify evaluation
 
-Modify evaluates before the request gets processed by a Resource Provider during the creation or updating of a resource. The `modify` operations are applied to the request content when the `if` condition of the policy rule is met. Each `modify` operation can specify a condition that determines when it's applied. 
+Modify evaluates before the request gets processed by a Resource Provider during the creation or updating of a resource. The `modify` operations are applied to the request content when the `if` condition of the policy rule is met. Each `modify` operation can specify a condition that determines when it's applied.
 
 When an alias is specified, more checks are performed to ensure that the `modify` operation doesn't change the request content in a way that causes the resource provider to reject it:
 
@@ -55,7 +55,7 @@ Modification of resource properties depends on the API request and the updated r
 
 Imagine you apply a policy that modifies tags on a virtual machine (VM). Every time the VM is updated, such as during resizing or disk changes, the tags are updated accordingly regardless of the contents of the VM payload. This is because tags are independent of the VM properties.
 
-However, if you apply a policy that modifies properties on a VM, modification is dependent on the resource payload. If you attempt to modify properties that are not included in the update payload, the modification will not take place. For instance, this can happen when patching the `assessmentMode` property of a VM (alias `Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.assessmentMode`). The property is "nested", so if its parent properties are not included in the request, this omission is assumed to be intentional and modification is skipped. For modification to take place, the resource payload should contain this context. 
+However, if you apply a policy that modifies properties on a VM, modification is dependent on the resource payload. If you attempt to modify properties that are not included in the update payload, the modification will not take place. For instance, this can happen when patching the `assessmentMode` property of a VM (alias `Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.assessmentMode`). The property is "nested", so if its parent properties are not included in the request, this omission is assumed to be intentional and modification is skipped. For modification to take place, the resource payload should contain this context.
 
 ## Modify properties
 
@@ -75,7 +75,7 @@ The `details` property of the `modify` effect has all the subproperties that def
   - An array of all tag operations to be completed on matching resources.
   - Properties:
     - `operation` (required)
-      - Defines what action to take on a matching resource. Options are: `addOrReplace`, `Add`, and `Remove`. 
+      - Defines what action to take on a matching resource. Options are: `addOrReplace`, `Add`, and `Remove`.
       - `Add` behaves similar to the [append](./effect-append.md) effect.
       - `Remove` is only supported for resource tags.
     - `field` (required)
@@ -84,7 +84,7 @@ The `details` property of the `modify` effect has all the subproperties that def
       - The value to set the tag to.
       - This property is required if `operation` is _addOrReplace_ or _Add_.
     - `condition` (optional)
-      - A string containing an Azure Policy language expression with [Policy functions](./definition-structure.md#policy-functions) that evaluates to _true_ or _false_.
+      - A string containing an Azure Policy language expression with [Policy functions](./definition-structure-policy-rule.md#policy-functions) that evaluates to _true_ or _false_.
       - Doesn't support the following Policy functions: `field()`, `resourceGroup()`,
         `subscription()`.
 
@@ -202,4 +202,4 @@ Example 3: Ensure that a storage account doesn't allow blob public access, the `
 - Understand how to [programmatically create policies](../how-to/programmatically-create.md).
 - Learn how to [get compliance data](../how-to/get-compliance-data.md).
 - Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md).
-- Review [Azure management groups](../../management-groups/overview.md).
+- Review [Azure management groups](../../management-groups/overview.md).

articles/governance/policy/concepts/effect-mutate.md

@@ -7,7 +7,7 @@ ms.topic: conceptual
 
 # Azure Policy definitions mutate (preview) effect
 
-Mutation is used in Azure Policy for Kubernetes to remediate Azure Kubernetes Service (AKS) cluster components, like pods. This effect is specific to _Microsoft.Kubernetes.Data_ [policy mode](./definition-structure.md#resource-provider-modes) definitions only.
+Mutation is used in Azure Policy for Kubernetes to remediate Azure Kubernetes Service (AKS) cluster components, like pods. This effect is specific to _Microsoft.Kubernetes.Data_ [policy mode](./definition-structure-basics.md#resource-provider-modes) definitions only.
 
 To learn more, go to [Understand Azure Policy for Kubernetes clusters](./policy-for-kubernetes.md).