Merge pull request #307319 from jenniferf-skc/ARBACYmltoMD-4

[Bulk Update] for role-assignments-portal yml to generic link for YML to Markdown conversion

Author: JamesJBarnett

articles/service-bus-messaging/authenticate-application.md

@@ -101,7 +101,7 @@ The application needs a client secret to prove its identity when requesting a to
 If your application is a console application, you must register a native application and add API permissions for **Microsoft.ServiceBus** to the **required permissions** set. Native applications also need a **redirect-uri** in Microsoft Entra ID, which serves as an identifier; the URI doesn't need to be a network destination. Use `https://servicebus.microsoft.com` for this example, because the sample code already uses that URI.
 
 ## Assign Azure roles using the Azure portal  
-Assign one of the [Service Bus roles](#azure-built-in-roles-for-azure-service-bus) to the application's service principal at the desired scope (entity, Service Bus namespace, resource group, Azure subscription). For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+Assign one of the [Service Bus roles](#azure-built-in-roles-for-azure-service-bus) to the application's service principal at the desired scope (entity, Service Bus namespace, resource group, Azure subscription). For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 
 Once you define the role and its scope, you can test this behavior with the [sample on GitHub](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/servicebus/Azure.Messaging.ServiceBus/samples/Sample00_AuthenticateClient.md#authenticate-with-azureidentity).
 

articles/service-bus-messaging/includes/service-bus-trusted-services.md

@@ -20,7 +20,7 @@ When you enable the **Allow trusted Microsoft services to bypass this fir
 | --------------- | ------------------------- | 
 | Azure Event Grid | Allows Azure Event Grid to send events to queues or topics in your Service Bus namespace. You also need to do the following steps: <ul><li>Enable system-assigned identity for a topic or a domain</li><li>Add the identity to the Azure Service Bus Data Sender role on the Service Bus namespace</li><li>Then, configure the event subscription that uses a Service Bus queue or topic as an endpoint to use the system-assigned identity.</li></ul> <p>For more information, see [Event delivery with a managed identity](../../event-grid/managed-service-identity.md)</p>|
 | Azure Stream Analytics | Allows an Azure Stream Analytics job to output data to Service Bus [queues]( ../../stream-analytics/service-bus-queues-output.md) to [topics]( ../../stream-analytics/service-bus-topics-output.md). <p>**Important**: The Stream Analytics job should be configured to use a **managed identity** to access the Service Bus namespace. Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace. </p>|
-| Azure IoT Hub | Allows an IoT hub to send messages to queues or topics in your Service Bus namespace. You also need to do the following steps: <ul><li>[Enable system-assigned or user assigned managed identity for your IoT hub](../../iot-hub/iot-hub-managed-identity.md).</li><li>[Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace](../../role-based-access-control/role-assignments-portal.yml).</li><li>[Configure the IoT Hub that uses a Service Bus entity as an endpoint to use the identity-based authentication](../../iot-hub/iot-hub-managed-identity.md#configure-message-routing-with-managed-identities).</li></ul> |
+| Azure IoT Hub | Allows an IoT hub to send messages to queues or topics in your Service Bus namespace. You also need to do the following steps: <ul><li>[Enable system-assigned or user assigned managed identity for your IoT hub](../../iot-hub/iot-hub-managed-identity.md).</li><li>[Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace](/azure/role-based-access-control/role-assignments-portal).</li><li>[Configure the IoT Hub that uses a Service Bus entity as an endpoint to use the identity-based authentication](../../iot-hub/iot-hub-managed-identity.md#configure-message-routing-with-managed-identities).</li></ul> |
 | Azure API Management | <p>The API Management service allows you to send messages to a Service Bus queue/topic in your Service Bus Namespace.</p><ul><li>You can trigger custom workflows by sending messages to your Service Bus queue/topic when an API is invoked by using the [send-request policy](../../api-management/api-management-sample-send-request.md).</li><li>You can also treat a Service Bus queue/topic as your backend in an API. For a sample policy, see [Authenticate using a managed identity to access a Service Bus queue or topic](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Authenticate%20using%20Managed%20Identity%20to%20access%20Service%20Bus.xml). You also need to do the following steps:<ol><li>Enable system-assigned identity on the API Management instance. For instructions, see [Use managed identities in Azure API Management](../../api-management/api-management-howto-use-managed-service-identity.md).</li><li>Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace</li></ol></li></ul> | 
 | Azure IoT Central | <p>Allows IoT Central to export data to Service Bus queues or topics in your Service Bus namespace. You also need to do the following steps:</p><ul><li>Enable system-assigned identity for your IoT Central application</li><li>Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace. </li><li>Then, configure the Service Bus [export destination on your IoT Central application](../../iot-central/core/howto-export-data.md) to use identity-based authentication. </li>
 | Azure Digital Twins | Allows Azure Digital Twins to egress data to Service Bus topics in your Service Bus namespace. You also need to do the following steps: <p><ul><li>Enable system-assigned identity for your Azure Digital Twins instance.</li><li>Add the identity to the **Azure Service Bus Data Sender** role on the Service Bus namespace.</li><li>Then, configure an Azure Digital Twins endpoint or Azure Digital Twins data history connection that uses the system-assigned identity to authenticate. For more information about configuring endpoints and event routes to Service Bus resources from Azure Digital Twins, see [Route Azure Digital Twins events](../../digital-twins/concepts-route-events.md) and [Create endpoints in Azure Digital Twins](../../digital-twins/how-to-create-endpoints.md). </li></ul> |

articles/service-bus-messaging/service-bus-dotnet-multi-tier-app-using-service-bus-queues.md

@@ -78,7 +78,7 @@ The following sections discuss the code that implements this architecture.
 In this tutorial, you'll use Microsoft Entra authentication to create `ServiceBusClient` and `ServiceBusAdministrationClient` objects. You'll also use `DefaultAzureCredential` and to use it, you need to do the following steps to test the application locally in a development environment.
 
 1. [Register an application in the Microsoft Entra ID](../active-directory/develop/quickstart-register-app.md).
-1. [Add the application to the `Service Bus Data Owner` role](../role-based-access-control/role-assignments-portal.yml).
+1. [Add the application to the `Service Bus Data Owner` role](/azure/role-based-access-control/role-assignments-portal).
 1. Set the `AZURE-CLIENT-ID`, `AZURE-TENANT-ID`, AND `AZURE-CLIENT-SECRET` environment variables. For instructions, see [this article](/dotnet/api/overview/azure/identity-readme#environment-variables).
 
 For a list of Service Bus built-in roles, see [Azure built-in roles for Service Bus](service-bus-managed-service-identity.md#azure-built-in-roles-for-azure-service-bus).

articles/service-bus-messaging/service-bus-managed-service-identity.md

@@ -13,7 +13,7 @@ Here are the high-level steps to use a managed identity to access a Service Bus
 1. Enable managed identity for your client app or environment. For example, enable managed identity for your Azure App Service app, Azure Functions app, or a virtual machine in which your app is running. Here are the articles that help you with this step:
     - [Configure managed identities for App Service and Azure Functions](../app-service/overview-managed-identity.md)
     - [Configure managed identities for Azure resources on a virtual machine (VM)](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md)    
-1. Assign Azure Service Bus Data Owner, Azure Service Bus Data Sender, or Azure Service Bus Data Receiver role to the managed identity at the appropriate scope (Azure subscription, resource group, Service Bus namespace, or Service Bus queue or topic). For instructions to assign a role to a managed identity, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+1. Assign Azure Service Bus Data Owner, Azure Service Bus Data Sender, or Azure Service Bus Data Receiver role to the managed identity at the appropriate scope (Azure subscription, resource group, Service Bus namespace, or Service Bus queue or topic). For instructions to assign a role to a managed identity, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 1. In your application, use the managed identity and the endpoint to Service Bus namespace to connect to the namespace. 
 
     For example, in .NET, you use the [ServiceBusClient](/dotnet/api/azure.messaging.servicebus.servicebusclient.-ctor#azure-messaging-servicebus-servicebusclient-ctor(system-string-azure-core-tokencredential)) constructor that takes `TokenCredential` and `fullyQualifiedNamespace` (a string, for example: `cotosons.servicebus.windows.net`) parameters to connect to Service Bus using the managed identity. You pass in [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential), which derives from `TokenCredential` and uses the managed identity. In `DefaultAzureCredentialOptions`, set the `ManagedIdentityClientId` to the ID of client's managed identity.
@@ -43,7 +43,7 @@ Azure provides the following Azure built-in roles for authorizing access to a Se
 - [Azure Service Bus Data Sender](../role-based-access-control/built-in-roles.md#azure-service-bus-data-sender): Use this role to allow sending messages to Service Bus queues and topics.
 - [Azure Service Bus Data Receiver](../role-based-access-control/built-in-roles.md#azure-service-bus-data-receiver): Use this role to allow receiving messages from Service Bus queues and subscriptions. 
 
-To assign a role to a managed identity in the Azure portal, use the **Access control (IAM)** page. Navigate to this page by selecting **Access control (IAM)** on the **Service Bus Namespace** page or **Service Bus queue** page, or **Service Bus topic** page. For step-by-step instructions for assigning a role, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml). 
+To assign a role to a managed identity in the Azure portal, use the **Access control (IAM)** page. Navigate to this page by selecting **Access control (IAM)** on the **Service Bus Namespace** page or **Service Bus queue** page, or **Service Bus topic** page. For step-by-step instructions for assigning a role, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal). 
 
 ## Resource scope 
 Before you assign an Azure role to a managed identity, determine the scope of access that the managed identity should have. Best practices dictate that it's always best to grant only the narrowest possible scope.

articles/site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints.md

@@ -216,7 +216,7 @@ following role permissions depending on the type of storage account:
   - [Classic Storage Account Contributor](../role-based-access-control/built-in-roles.md#classic-storage-account-contributor)
   - [Classic Storage Account Key Operator Service Role](../role-based-access-control/built-in-roles.md#classic-storage-account-key-operator-service-role)
 
-The following steps describe how to add a role assignment to your storage accounts, one at a time. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+The following steps describe how to add a role assignment to your storage accounts, one at a time. For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 
 1. In the Azure portal, navigate to the cache storage account you created.
 

articles/site-recovery/hybrid-how-to-enable-replication-private-endpoints.md

@@ -207,7 +207,7 @@ following role permissions, depending on the type of storage account.
   - [Classic Storage Account Contributor](../role-based-access-control/built-in-roles.md#classic-storage-account-contributor)
   - [Classic Storage Account Key Operator Service Role](../role-based-access-control/built-in-roles.md#classic-storage-account-key-operator-service-role)
 
-The following steps describe how to add a role assignment to your storage account. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+The following steps describe how to add a role assignment to your storage account. For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 
 1. Go to the storage account.
 

articles/site-recovery/physical-azure-disaster-recovery.md

@@ -55,7 +55,7 @@ Get a Microsoft [Azure account](https://azure.microsoft.com/).
 Make sure your Azure account has permissions for replication of VMs to Azure.
 
 - Review the [permissions](site-recovery-role-based-linked-access-control.md#permissions-required-to-enable-replication-for-new-virtual-machines) you need to replicate machines to Azure.
-- Verify and modify [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.yml) permissions.
+- Verify and modify [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal) permissions.
 
 
 

articles/site-recovery/region-move-cross-geos.md

@@ -48,7 +48,7 @@ This tutorial shows you how to move Azure virtual machines between Azure Governm
 Make sure your Azure account has permissions for replication of virtual machines to Azure.
 
 - Review the [permissions](site-recovery-role-based-linked-access-control.md#permissions-required-to-enable-replication-for-new-virtual-machines) you need to replicate machines to Azure.
-- Verify and modify [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.yml) permissions. 
+- Verify and modify [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal) permissions. 
 
 ### Set up an Azure network
 

articles/site-recovery/site-recovery-role-based-linked-access-control.md

@@ -70,7 +70,7 @@ Consider using the 'Virtual Machine Contributor' and 'Classic Virtual Machine Co
 
 ## Next steps
 
-- [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.yml): Get started with Azure RBAC in the Azure portal.
+- [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal): Get started with Azure RBAC in the Azure portal.
 - Learn how to manage access with:
     - [PowerShell](../role-based-access-control/role-assignments-powershell.md)
     - [Azure CLI](../role-based-access-control/role-assignments-cli.md)

articles/site-recovery/vmware-azure-multi-tenant-csp-disaster-recovery.md

@@ -76,7 +76,7 @@ You can add a new user to the tenant subscription through the CSP portal as foll
 
 1. After you've created a new user, go back to the Azure portal. 
 
-The following steps describe how to assign a role to a user. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+The following steps describe how to assign a role to a user. For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 
 1. In the **Subscription** page, select the relevant subscription.