Replace 4sysops links with official Microsoft Learn PAW documentation

- data-encryption-best-practices.md: Link to /security/privileged-access-workstations/overview
- identity-management-best-practices.md: Link to /security/privileged-access-workstations/privileged-access-devices

Using authoritative Microsoft docs improves link stability and AI retrieval relationships.

Author: msmbaldwin

articles/security/fundamentals/data-encryption-best-practices.md

@@ -39,7 +39,7 @@ Azure offers several different services to protect your cryptographic keys using
 
 Because the vast majority of attacks target the end user, the endpoint becomes one of the primary points of attack. An attacker who compromises the endpoint can use the user's credentials to gain access to the organization's data. Most endpoint attacks take advantage of the fact that users are administrators in their local workstations.
 
-- **Use a secure management workstation to protect sensitive accounts, tasks, and data**: Use a [privileged access workstation](https://4sysops.com/archives/understand-the-microsoft-privileged-access-workstation-paw-security-model/) to reduce the attack surface in workstations. These secure management workstations can help you mitigate some of these attacks and ensure that your data is safer.
+- **Use a secure management workstation to protect sensitive accounts, tasks, and data**: Use a [privileged access workstation](/security/privileged-access-workstations/overview) to reduce the attack surface in workstations. These secure management workstations can help you mitigate some of these attacks and ensure that your data is safer.
 
 - **Ensure endpoint protection**: Enforce security policies across all devices that are used to consume data, regardless of the data location (cloud or on-premises).
 

articles/security/fundamentals/identity-management-best-practices.md

@@ -243,7 +243,7 @@ Require Microsoft Entra multifactor authentication at sign-in for all individual
 - **For critical admin accounts, have an admin workstation where production tasks aren’t allowed (for example, browsing and email). This will protect your admin accounts from attack vectors that use browsing and email and significantly lower your risk of a major incident.**: Use an admin workstation. Choose a level of workstation security:
 
 - Highly secure productivity devices provide advanced security for browsing and other productivity tasks.
-- [Privileged Access Workstations (PAWs)](https://4sysops.com/archives/understand-the-microsoft-privileged-access-workstation-paw-security-model/) provide a dedicated operating system that’s protected from internet attacks and threat vectors for sensitive tasks.
+- [Privileged Access Workstations (PAWs)](/security/privileged-access-workstations/privileged-access-devices) provide a dedicated operating system that's protected from internet attacks and threat vectors for sensitive tasks.
 
 - **Deprovision admin accounts when employees leave your organization.**: Have a process in place that disables or deletes admin accounts when employees leave your organization.