Fix blocking issues

Author: AbbyMSFT

defender-for-identity/advanced-configurations.md

@@ -13,7 +13,7 @@ ms.reviewer: rlitinsky
 Defender for Identity uses specific Windows event log entries to enhance detections and provide extra information about the users performing specific actions, such as NTLM sign-ins and security group modifications. 
 This article describes how to configure the advanced audit policy settings to avoid gaps in the event logs and incomplete Defender for Identity coverage.
 
-Defender for Identity generates health issues when it detects incorrect windows event auditing configurations. For more information, see [Microsoft Defender for Identity health alerts](../health-alerts.md).
+Defender for Identity generates health issues when it detects incorrect windows event auditing configurations. For more information, see [Microsoft Defender for Identity health issues](health-alerts.md).
 
 Defender for Identity sensor v3.x supports automatic Windows event auditing on your domain controllers. This feature applies the required Windows event auditing settings to new sensors and fixes misconfigurations on existing ones.
 
@@ -48,13 +48,9 @@ To turn off automatic windows auditing:
 1. In the **General** section, select **Advanced features**.
 1. Turn off **Automatic Windows auditing configuration**.​
 
+## See also
 
-
-- [Event collection with Microsoft Defender for Identity](event-collection-overview.md)
+- [Event collection with Microsoft Defender for Identity](deploy/event-collection-overview.md)
 - [Windows security auditing](/windows/security/threat-protection/auditing/security-auditing-overview)
 - [Advanced security audit policies](/windows/security/threat-protection/auditing/advanced-security-auditing)
 
-## Next step
-
-> [!div class="step-by-step"]
-> [What are Defender for Identity roles and permissions?](../role-groups.md)

defender-for-identity/deploy/configure-windows-event-collection.md

@@ -170,7 +170,7 @@ When a Defender for Identity sensor parses Windows event 8004, Defender for Iden
 
 To configure NTLM auditing:
 
-1. After you configure your initial Advanced Audit Policy settings (In the [Defender portal](#configure-advanced-audit-policy-settings-from-the-ui) or [using PowerShell](#configure-advanced-audit-policy-settings-by-using-powershell)), open **Group Policy Management**. Then go to **Default Domain Controllers Policy** > **Local Policies** > **Security Options**.
+1. After you configure your initial Advanced Audit Policy settings in the [Defender portal](#configure-advanced-audit-policy-settings-from-the-ui) or [using PowerShell](#configure-advanced-audit-policy-settings-by-using-powershell), open **Group Policy Management**. Then go to **Default Domain Controllers Policy** > **Local Policies** > **Security Options**.
 
 1. Configure the specified security policies as follows:
 
@@ -188,7 +188,7 @@ For example, to configure **Outgoing NTLM traffic to remote servers**, under **S
 
 To collect events for object changes, such as for event 4662, you must also configure object auditing on the user, group, computer, and other objects. The following procedure describes how to enable auditing in the Active Directory domain.
 
-Review and audit your policies (in the [Defender portal](#configure-advanced-audit-policy-settings-from-the-ui) or [using PowerShell](#configure-advanced-audit-policy-settings-by-using-powershell)) before you enable event collection, to ensure that the domain controllers are properly configured to record the necessary events. If this auditing is configured properly, it should have a minimal effect on server performance.
+To ensure that the domain controllers are properly configured to record the necessary events, review and audit your policies in the [Defender portal](#configure-advanced-audit-policy-settings-from-the-ui) or [using PowerShell](#configure-advanced-audit-policy-settings-by-using-powershell) before you enable event collection. If auditing is configured properly, it has minimal effect on server performance.
 
 To configure domain object auditing: