update

Author: openpublishbuild

articles/cost-management-billing/costs/cost-allocation-introduction.md

@@ -13,7 +13,7 @@ ms.reviewer: vikdesai
 
 # Introduction to cost allocation
 
-Cost allocation, as defined by the [FinOps Foundation](/cloud-computing/finops/capabilities-allocation), is the set of practices to divide up a consolidated invoice. Or, to bill the people responsible for its various component parts. It's the process of assigning costs to different groups within an organization based on their consumption of resources and application of benefits. By providing visibility into costs to groups who are responsible for it, cost allocation helps organizations track and optimize their spending, improve budgeting and forecasting, and increase accountability and transparency.
+Cost allocation, as defined by the [FinOps Foundation](/cloud-computing/finops/framework/understand/allocation), is the set of practices to divide up a consolidated invoice. Or, to bill the people responsible for its various component parts. It's the process of assigning costs to different groups within an organization based on their consumption of resources and application of benefits. By providing visibility into costs to groups who are responsible for it, cost allocation helps organizations track and optimize their spending, improve budgeting and forecasting, and increase accountability and transparency.
 
 This article introduces you to different Azure tools and features to enable you to allocate costs effectively and efficiently.
 

articles/cost-management-billing/index.yml

@@ -41,7 +41,7 @@ highlightedContent:
       url: costs/understand-work-scopes.md
     - title: What is FinOps?
       itemType: concept
-      url: /cloud-computing/finops/overview-finops
+      url: /cloud-computing/finops/overview
 
 productDirectory:
   title: Cost Management

articles/security/fundamentals/iaas.md

@@ -24,7 +24,7 @@ In most infrastructure as a service (IaaS) scenarios, [Azure virtual machines (V
 To protect your VMs, ensure that only authorized users can set up new VMs and access existing VMs.
 
 > [!NOTE]
-> To improve the security of Linux VMs on Azure, you can integrate with Microsoft Entra authentication. When you use [Microsoft Entra authentication for Linux VMs](/entra/identity/devices/howto-vm-sign-in-azure-ad-linux.md), you centrally control and enforce policies that allow or deny access to the VMs.
+> To improve the security of Linux VMs on Azure, you can integrate with Microsoft Entra authentication. When you use [Microsoft Entra authentication for Linux VMs](/entra/identity/devices/howto-vm-sign-in-azure-ad-linux), you centrally control and enforce policies that allow or deny access to the VMs.
 
 **Best practice**: Control VM access.
 **Detail**: Use [Azure policies](../../governance/policy/overview.md) to establish conventions for resources in your organization and create customized policies. Apply these policies to resources, such as [resource groups](../../azure-resource-manager/management/overview.md). VMs that belong to a resource group inherit its policies.

articles/security/fundamentals/isolation-choices.md

@@ -27,7 +27,7 @@ Each Microsoft Entra directory is distinct and separate from other Microsoft Ent
 
 ### Azure tenancy
 
-Azure tenancy (Azure Subscription) refers to a customer and billing relationship and a unique [tenant](/entra/identity-platform/quickstart-create-new-tenant.md) in [Microsoft Entra ID](/entra/fundamentals/active-directory-whatis.md). Microsoft Entra ID and its [Azure role-based access control](../../role-based-access-control/overview.md) provide tenant level isolation in Microsoft Azure. Each Azure subscription is associated with one Microsoft Entra directory.
+Azure tenancy (Azure Subscription) refers to a customer and billing relationship and a unique [tenant](/entra/identity-platform/quickstart-create-new-tenant) in [Microsoft Entra ID](/entra/fundamentals/active-directory-whatis.md). Microsoft Entra ID and its [Azure role-based access control](../../role-based-access-control/overview.md) provide tenant level isolation in Microsoft Azure. Each Azure subscription is associated with one Microsoft Entra directory.
 
 Users, groups, and applications from that directory can manage resources in the Azure subscription. You can assign these access rights by using the Azure portal, Azure command-line tools, and Azure Management APIs. Security boundaries logically isolate a Microsoft Entra tenant so that no customer can access or compromise co-tenants, either maliciously or accidentally. Microsoft Entra ID runs on "bare metal" servers isolated on a segregated network segment, where host-level packet filtering and Windows Firewall block unwanted connections and traffic.
 
@@ -43,7 +43,7 @@ Users, groups, and applications from that directory can manage resources in the
 
 - Microsoft Entra users have no access to physical assets or locations, and therefore they can't bypass the logical Azure RBAC policy checks stated following.
 
-For diagnostics and maintenance needs, use an operational model that employs a just-in-time privilege elevation system. Microsoft Entra Privileged Identity Management (PIM) introduces the concept of an eligible admin. [Eligible admins](/entra/id-governance/privileged-identity-management/pim-configure.md) are users that need privileged access now and then, but not every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
+For diagnostics and maintenance needs, use an operational model that employs a just-in-time privilege elevation system. Microsoft Entra Privileged Identity Management (PIM) introduces the concept of an eligible admin. [Eligible admins](/entra/id-governance/privileged-identity-management/pim-configure) are users that need privileged access now and then, but not every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
 
 ![Microsoft Entra Privileged Identity Management](./media/isolation-choices/azure-isolation-fig2.png)
 
@@ -77,11 +77,11 @@ Some other capabilities for Microsoft Entra ID include:
 
 - Microsoft Entra ID provides Identity as a Service through federation by using [Active Directory Federation Services](/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs), synchronization, and replication with on-premises directories.
 
-- [Microsoft Entra multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks.md) requires users to verify sign-ins by using a mobile app, phone call, or text message. It can be used with Microsoft Entra ID to help secure on-premises resources by using the Multi-Factor Authentication Server, and also with custom applications and directories by using the SDK.
+- [Microsoft Entra multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks) requires users to verify sign-ins by using a mobile app, phone call, or text message. It can be used with Microsoft Entra ID to help secure on-premises resources by using the Multi-Factor Authentication Server, and also with custom applications and directories by using the SDK.
 
 - [Microsoft Entra Domain Services](https://azure.microsoft.com/products/microsoft-entra-ds/) lets you join Azure virtual machines to an Active Directory domain without deploying domain controllers. You can sign in to these virtual machines with your corporate Active Directory credentials and administer domain-joined virtual machines by using Group Policy to enforce security baselines on all your Azure virtual machines.
 
-- [Microsoft Entra External ID](/entra/external-id/external-identities-overview.md) provides a highly available global-identity management service for consumer-facing applications that scales to hundreds of millions of identities. It can be integrated across mobile and web platforms. Your consumers can sign in to all your applications through customizable experiences by using their existing social accounts or by creating credentials.
+- [Microsoft Entra External ID](/entra/external-id/external-identities-overview) provides a highly available global-identity management service for consumer-facing applications that scales to hundreds of millions of identities. It can be integrated across mobile and web platforms. Your consumers can sign in to all your applications through customizable experiences by using their existing social accounts or by creating credentials.
 
 ### Isolation from Microsoft administrators and data deletion
 

articles/security/fundamentals/operational-checklist.md

@@ -30,7 +30,7 @@ This checklist is intended to help enterprises think through various operational
 | [<br>Security Roles & Access Controls](/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide)|<ul><li>Use [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal) to provide user-specific that used to assign permissions to users, groups, and applications at a certain scope.</li></ul> |
 | [<br>Data Protection & Storage](../../storage/blobs/security-recommendations.md)|<ul><li>Use Management Plane Security to secure your Storage Account using [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal).</li><li>Data Plane Security to Securing Access to your Data using [Shared Access Signatures (SAS)](../../storage/common/storage-sas-overview.md) and Stored Access Policies.</li><li>Use Transport-Level Encryption – Using HTTPS and the encryption used by [SMB (Server message block protocols) 3.0](/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview) for [Azure File Shares](../../storage/files/storage-dotnet-how-to-use-files.md).</li><li>Use [Client-side encryption](../../storage/common/storage-client-side-encryption.md) to secure data that you send to storage accounts when you require sole control of encryption keys. </li><li>Use [Storage Service Encryption (SSE)](../../storage/common/storage-service-encryption.md)  to automatically encrypt data in Azure Storage, and [Azure Disk Encryption for Linux VMs](/azure/virtual-machines/linux/disk-encryption-overview) and [Azure Disk Encryption for Windows VMs](/azure/virtual-machines/linux/disk-encryption-overview) to encrypt virtual machine disk files for the OS and data disks.</li><li>Use Azure [Storage Analytics](/rest/api/storageservices/storage-analytics) to monitor authorization type; like with Blob Storage, you can see if users have used a Shared Access Signature or the storage account keys.</li><li>Use [Cross-Origin Resource Sharing (CORS)](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services) to access storage resources from different domains.</li></ul> |
 |[<br>Security Policies & Recommendations](/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide#security-policies-and-recommendations)|<ul><li>Use [Microsoft Defender for Cloud](/azure/defender-for-cloud/integration-defender-for-endpoint) to deploy endpoint solutions.</li><li>Add a [web application firewall (WAF)](../../web-application-firewall/overview.md) to secure web applications.</li><li>Use [Azure Firewall](../../firewall/overview.md) to increase your security protections. </li><li>Apply security contact details for your Azure subscription. The [Microsoft Security Response Center (MSRC)](https://technet.microsoft.com/security/dn528958.aspx) contacts you if it discovers that your customer data has been accessed by an unlawful or unauthorized party.</li></ul> |
-| [<br>Identity & Access Management](identity-management-best-practices.md)|<ul><li>[Synchronize your on-premises directory with your cloud directory using Microsoft Entra ID](/entra/identity/hybrid/whatis-hybrid-identity.md).</li><li>Use [single sign-on](/entra/identity/enterprise-apps/what-is-single-sign-on.md) to enable users to access their SaaS applications based on their organizational account in Azure AD.</li><li>Use the [Password Reset Registration Activity](/entra/identity/authentication/howto-sspr-reporting.md) report to monitor the users that are registering.</li><li>Enable [multi-factor authentication (MFA)](/entra/identity/authentication/concept-mfa-howitworks.md) for users.</li><li>Developers to use secure identity capabilities for apps like [Microsoft Security Development Lifecycle (SDL)](https://www.microsoft.com/download/details.aspx?id=12379).</li><li>Actively monitor for suspicious activities by using Microsoft Entra ID P1 or P2 anomaly reports and [Microsoft Entra ID Protection capability](/entra/id-protection/overview-identity-protection.md).</li></ul> |
+| [<br>Identity & Access Management](identity-management-best-practices.md)|<ul><li>[Synchronize your on-premises directory with your cloud directory using Microsoft Entra ID](/entra/identity/hybrid/whatis-hybrid-identity).</li><li>Use [single sign-on](/entra/identity/enterprise-apps/what-is-single-sign-on) to enable users to access their SaaS applications based on their organizational account in Azure AD.</li><li>Use the [Password Reset Registration Activity](/entra/identity/authentication/howto-sspr-reporting) report to monitor the users that are registering.</li><li>Enable [multi-factor authentication (MFA)](/entra/identity/authentication/concept-mfa-howitworks) for users.</li><li>Developers to use secure identity capabilities for apps like [Microsoft Security Development Lifecycle (SDL)](https://www.microsoft.com/download/details.aspx?id=12379).</li><li>Actively monitor for suspicious activities by using Microsoft Entra ID P1 or P2 anomaly reports and [Microsoft Entra ID Protection capability](/entra/id-protection/overview-identity-protection).</li></ul> |
 |[<br>Ongoing Security Monitoring](/azure/defender-for-cloud/defender-for-cloud-introduction)|<ul><li>Use Malware Assessment Solution [Azure Monitor logs](/azure/azure-monitor/logs/log-query-overview) to report on the status of antimalware protection in your infrastructure.</li><li>Use [Update Management](../../automation/update-management/overview.md) to determine the overall exposure to potential security problems, and whether or how critical these updates are for your environment.</li><li>The [Microsoft Entra admin center](https://entra.microsoft.com) provides visibility into the integrity and security of your organization's directory. |
 | [<br>Microsoft Defender for Cloud detection capabilities](../../security-center/security-center-alerts-overview.md#detect-threats)|<ul><li>Use [Cloud Security Posture Management (CSPM)](/azure/defender-for-cloud/concept-cloud-security-posture-management) for hardening guidance that helps you efficiently and effectively improve your security.</li><li>Use [alerts](/azure/defender-for-cloud/alerts-overview) to be notified when threats are identified in your cloud, hybrid, or on-premises environment. </li><li>Use [security policies, initiatives, and recommendations](/azure/defender-for-cloud/security-policy-concept) to improve your security posture.</li></ul> |
 

articles/security/fundamentals/operational-overview.md

@@ -48,21 +48,21 @@ For more information, see the [Azure Backup components table](../../backup/backu
 
 ## Microsoft Entra ID
 
-[Microsoft Entra ID](/entra/identity/enterprise-apps/what-is-application-management.md) is a comprehensive identity service that:
+[Microsoft Entra ID](/entra/identity/enterprise-apps/what-is-application-management) is a comprehensive identity service that:
 
 -	Enables identity and access management (IAM) as a cloud service.
 -	Provides central access management, single sign-on (SSO), and reporting.
 -	Supports integrated access management for [thousands of applications](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.AzureActiveDirectory) in the Azure Marketplace, including Salesforce, Google Apps, Box, and Concur.
 
 Microsoft Entra ID also includes a full suite of [identity management capabilities](./identity-management-overview.md), including these:
 
-- [Multi-factor authentication](/entra/identity/authentication/concept-mfa-howitworks.md)
+- [Multi-factor authentication](/entra/identity/authentication/concept-mfa-howitworks)
 - [Self-service password management](/shows/azure/how-to-configure-self-service-password-reset-users-in-windows-azure-ad)
 - [Self-service group management](https://support.microsoft.com/account-billing/reset-your-work-or-school-password-using-security-info-23dde81f-08bb-4776-ba72-e6b72b9dda9e)
-- [Privileged account management](/entra/id-governance/privileged-identity-management/pim-configure.md)
+- [Privileged account management](/entra/id-governance/privileged-identity-management/pim-configure)
 - [Azure role-based access control (Azure RBAC)](../../role-based-access-control/overview.md)
-- [Application usage monitoring](/entra/identity/hybrid/whatis-hybrid-identity.md)
-- [Rich auditing](/entra/identity/monitoring-health/concept-audit-logs.md)
+- [Application usage monitoring](/entra/identity/hybrid/whatis-hybrid-identity)
+- [Rich auditing](/entra/identity/monitoring-health/concept-audit-logs)
 - [Security monitoring and alerting](../../security-center/security-center-managing-and-responding-alerts.md)
 
 With Microsoft Entra ID, all applications that you publish for your partners and customers (business or consumer) have the same identity and access management capabilities. This enables you to significantly reduce your operational costs.