LinkFix: memdocs-pr (2022-01)

Author: v-chmccl

memdocs/intune/fundamentals/whats-new.md

@@ -292,7 +292,7 @@ A device with a safeguard hold appears as a device with an error in the report.
 
 Microsoft occasionally places safeguard holds to block installation of an update on a device when something detected on that device is known to result in a poor post-update experience. For example, software or drivers are common reasons to place a safeguard hold. The hold remains in place until the underlying issue is resolved, and the update is safe to install.
 
-To learn more about active safeguard holds and expectations for their resolution, go to the Windows release health dashboard at [https://aka.ms/WindowsReleaseHealth](https://aka.ms/WindowsReleaseHealth).  
+To learn more about active safeguard holds and expectations for their resolution, go to the Windows release health dashboard at [https://aka.ms/WindowsReleaseHealth](/windows/release-health/).  
 
 #### Improvements for managing Windows Updates for pre-release builds<!-- 9231846 -->
 We've improved the experience of using [Update rings for Windows 10 and later](../protect/windows-10-update-rings.md) to manage  Windows updates for pre-release builds. The improvements include the following: 
@@ -2408,4 +2408,4 @@ For previous months, see the [What's New archive](whats-new-archive.md).
 
 ## Notices
 
-[!INCLUDE [Intune notices](../includes/intune-notices.md)]
+[!INCLUDE [Intune notices](../includes/intune-notices.md)]

memdocs/intune/protect/encrypt-devices.md

@@ -181,7 +181,7 @@ All BitLocker recovery key accesses are audited. For more information on Audit L
 
 When you’ve configured the tenant attach scenario, Microsoft Endpoint Manager can display recovery key data for tenant attached devices.
 
-- To support the display of recovery keys for tenant attached devices, your Configuration Manager sites must run version 2107 or later. For sites that run 2107, you must install an update rollup to support Azure AD joined devices:. See [KB11121541](/mem/configmgr/hotfix/2107/11121541).
+- To support the display of recovery keys for tenant attached devices, your Configuration Manager sites must run version 2107 or later. For sites that run 2107, you must install an update rollup to support Azure AD joined devices:. See [KB11121541](../../configmgr/hotfix/2107/11121541.md).
 
 - To view the recovery keys, your Intune account must have the Intune RBAC permissions to view BitLocker keys, and must be associated with an on-premises user that has the related permissions for Configuration Manager of Collection Role, with Read Permission > Read BitLocker Recovery Key Permission. For more information, see [Configure role-based administration for Configuration Manager](/configmgr/core/servers/deploy/configure/configure-role-based-administration).
 
@@ -221,4 +221,4 @@ For information about BitLocker deployments and requirements, see the [BitLocker
 - [Manage FileVault policy](../protect/encrypt-devices-filevault.md)  
 - [Monitor disk encryption](../protect/encryption-monitor.md)
 - [Troubleshooting BitLocker policy](/troubleshoot/mem/intune/troubleshoot-bitlocker-policies)
-- [Known issues for Enforcing BitLocker policies with Intune](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
+- [Known issues for Enforcing BitLocker policies with Intune](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)

memdocs/intune/protect/includes/security-config-mgt-prerequisites.md

@@ -82,7 +82,7 @@ The following diagram is a conceptual representation of the Microsoft Defender f
 
 Microsoft Endpoint Manager includes several methods and policy types to manage the configuration of Defender for Endpoint on devices.
 
-When your device protection needs extend beyond managing Defender for Endpoint, see [Device protection overview](/mem/intune/protect/device-protect) to learn about additional capabilities provided by Microsoft Endpoint Manager to help protect devices, including *device compliance*, *managed apps*, *app protection policies*, and integration with third-party compliance and *mobile threat defense* partners.
+When your device protection needs extend beyond managing Defender for Endpoint, see [Device protection overview](../device-protect.md) to learn about additional capabilities provided by Microsoft Endpoint Manager to help protect devices, including *device compliance*, *managed apps*, *app protection policies*, and integration with third-party compliance and *mobile threat defense* partners.
 
 The following table can help you understand which policies that can configure MDE settings are supported by devices that are managed by the different scenarios. When you deploy a policy that’s supported for both *MDE security configuration* and *Microsoft Endpoint Manager*, a single instance of that policy can be processed by devices that run MDE only and devices that are managed by either Intune or Configuration Manager.
 
@@ -100,12 +100,12 @@ The following table can help you understand which policies that can configure MD
 
 **Endpoint security policies** are discrete groups of settings intended for use by security admins who focus on protecting devices in your organization.
 
-- **Antivirus** policies manage the security configurations found in Microsoft Defender for Endpoint. See  [antivirus](/mem/intune/protect/endpoint-security-antivirus-policy) policy for endpoint security.
-- **Attack surface reduction** policies focus on minimizing the places where your organization is vulnerable to cyberthreats and attacks. For more information, see [Overview of attack surface reduction](/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) in the Windows Threat protection documentation, and [attack surface reduction](/mem/intune/protect/endpoint-security-asr-policy) policy for endpoint security.
-- **Endpoint detection and response** (EDR) policies manage the Defender for Endpoint capabilities that provide advanced attack detections that are near real-time and actionable. Based on EDR configurations, security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. See [endpoint detection and response](/mem/intune/protect/endpoint-security-edr-policy) policy for endpoint security.
-- **Firewall** policies focus on the Defender firewall on your devices. See [firewall](/mem/intune/protect/endpoint-security-firewall-policy) policy for endpoint security.
-- **Firewall Rules** configure granular rules for Firewalls, including specific ports, protocols, applications, and networks. See [firewall](/mem/intune/protect/endpoint-security-firewall-policy) policy for endpoint security.
-- **Security baselines** include preconfigured security settings that define the Microsoft recommended security posture for different products like Defender, Edge, or Windows. The default recommendations are from the relevant product teams and enable you to quickly deploy that recommended secure configuration to devices. While settings are preconfigured in each baseline, you can create customized instances of them to establish your organization’s security expectations. See [security baselines](/mem/intune/protect/security-baselines) for Intune.
+- **Antivirus** policies manage the security configurations found in Microsoft Defender for Endpoint. See  [antivirus](../endpoint-security-antivirus-policy.md) policy for endpoint security.
+- **Attack surface reduction** policies focus on minimizing the places where your organization is vulnerable to cyberthreats and attacks. For more information, see [Overview of attack surface reduction](/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) in the Windows Threat protection documentation, and [attack surface reduction](../endpoint-security-asr-policy.md) policy for endpoint security.
+- **Endpoint detection and response** (EDR) policies manage the Defender for Endpoint capabilities that provide advanced attack detections that are near real-time and actionable. Based on EDR configurations, security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. See [endpoint detection and response](../endpoint-security-edr-policy.md) policy for endpoint security.
+- **Firewall** policies focus on the Defender firewall on your devices. See [firewall](../endpoint-security-firewall-policy.md) policy for endpoint security.
+- **Firewall Rules** configure granular rules for Firewalls, including specific ports, protocols, applications, and networks. See [firewall](../endpoint-security-firewall-policy.md) policy for endpoint security.
+- **Security baselines** include preconfigured security settings that define the Microsoft recommended security posture for different products like Defender, Edge, or Windows. The default recommendations are from the relevant product teams and enable you to quickly deploy that recommended secure configuration to devices. While settings are preconfigured in each baseline, you can create customized instances of them to establish your organization’s security expectations. See [security baselines](../security-baselines.md) for Intune.
 
 ## Configure your tenant to support Microsoft Defender for Endpoint Security Configuration Management
 
@@ -145,7 +145,7 @@ Devices that you manage with Intune are not supported for this scenario.
 
 ## Co-existence with Microsoft Endpoint Configuration Manager
 
-When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](/mem/configmgr/tenant-attach/endpoint-security-get-started). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
+When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](../../../configmgr/tenant-attach/endpoint-security-get-started.md). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
 
 ## Create Azure AD Groups
 
@@ -164,7 +164,7 @@ To identify devices that have enrolled with Microsoft Defender for Endpoint but
    - **MDEJoined** - Added to devices that are joined to the directory as part of this scenario.
    - **MDEManaged** - Added to devices that are actively using the security management scenario. This tag is removed from the device if Defender for Endpoint stops managing the security configuration.
 
-You can create groups for these devices [in Azure AD](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) or [from within the Microsoft Endpoint Manager admin center](/mem/intune/fundamentals/groups-add).
+You can create groups for these devices [in Azure AD](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) or [from within the Microsoft Endpoint Manager admin center](../../fundamentals/groups-add.md).
 
 ## Deploy policy
 
@@ -215,7 +215,7 @@ After creating one or more Azure AD groups that contain devices managed by Micro
 
    When your done configuring settings, select **Next**.
 
-7. On the **Assignments** page, select the Azure AD groups that will receive this profile. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+7. On the **Assignments** page, select the Azure AD groups that will receive this profile. For more information on assigning profiles, see [Assign user and device profiles](../../configuration/device-profile-assign.md).
 
    Select **Next** to continue.
 
@@ -229,4 +229,4 @@ After creating one or more Azure AD groups that contain devices managed by Micro
 
 9. Wait for the policy to be assigned and view a success indication that policy was applied.
 
-10. You can validate that settings have applied locally on the client by using the [Get-MpPreference](/powershell/module/defender/get-mppreference#examples) command utility.
+10. You can validate that settings have applied locally on the client by using the [Get-MpPreference](/powershell/module/defender/get-mppreference#examples) command utility.

memdocs/intune/protect/mde-security-integration.md

@@ -60,7 +60,7 @@ When you select a policy, you'll see information about the device check-in statu
 
 ### Co-existence with Microsoft Endpoint Configuration Manager
 
-When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](/mem/configmgr/tenant-attach/endpoint-security-get-started). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
+When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](../../configmgr/tenant-attach/endpoint-security-get-started.md). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
 
 ### Active Directory joined devices
 
@@ -90,4 +90,4 @@ Due to the limited scope of Server core installations, these are not supported b
 
 ## Next steps
 
-[Monitor Defender for Endpoint](../protect/advanced-threat-protection-monitor.md)  
+[Monitor Defender for Endpoint](../protect/advanced-threat-protection-monitor.md)

memdocs/intune/protect/security-baseline-settings-windows-365.md

@@ -1166,7 +1166,7 @@ Audit settings configure the events that are generated for the conditions of the
 
 - **Block drive redirection**  
   Baseline default: *Enabled*  
-  <!-- Not devined in UI. Possibly CSP [RemoteDesktopServices/DoNotAllowDriveRedirection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-remotedesktopservices#remotedesktopservices-donotallowdriveredirection) -->
+  <!-- Not devined in UI. Possibly CSP [RemoteDesktopServices/DoNotAllowDriveRedirection](/windows/client-management/mdm/policy-csp-remotedesktopservices#remotedesktopservices-donotallowdriveredirection) -->
 
 - **Block password saving**  
   Baseline default: *Enabled*  

memdocs/intune/protect/toc.yml

@@ -65,7 +65,7 @@ items:
       - name: PowerShell script for custom settings
         href: compliance-custom-script.md    
     - name: Location-based compliance
-      href: use-network-locations.md
+      href: ./create-compliance-policy.md
     - name: Actions for noncompliance
       href: actions-for-noncompliance.md
     - name: Monitor device compliance
@@ -417,4 +417,4 @@ items:
   - name: Prevent unauthorized access
     href: data-outside-protect.md
   - name: Prevent data leaks on non-managed devices
-    href: data-leak-prevention.md
+    href: data-leak-prevention.md

windows-365/enterprise/encryption.md

@@ -47,7 +47,7 @@ The following Windows 365 Enterprise and Business objects are automatically encr
   - Snapshots
   - Images
 
-Windows 365 as a service treats all data stored on Windows 365 disks as customer content. For more information, see [Privacy and personal data in Windows 365](/windows-365/enterprise/privacy-personal-data).
+Windows 365 as a service treats all data stored on Windows 365 disks as customer content. For more information, see [Privacy and personal data in Windows 365](./privacy-personal-data.md).
 
 ## Encryption of data in transit
 
@@ -66,4 +66,4 @@ TLS 1.2 is used for all connections started from Windows 365 to the Azure Virtua
 
 For more information about the cryptographic modules underlying Azure managed disks, see [Cryptography API: Next Generation](/windows/desktop/seccng/cng-portal).
 
-For more information on network connectivity and encryption of the RDP remoting connection, see [Understanding Azure Virtual Desktop network connectivity](/azure/virtual-desktop/network-connectivity).
+For more information on network connectivity and encryption of the RDP remoting connection, see [Understanding Azure Virtual Desktop network connectivity](/azure/virtual-desktop/network-connectivity).