diff --git a/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
index 553f49874f..84cdd96dc6 100644
--- a/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -25,7 +25,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
--   [Add the test devices to the GPO membership groups](#to-add-test-devices-to-the-gpo-membership-group)
+-   [Add the test devices to the GPO membership groups](#to-add-test-devices-to-the-gpo-membership-groups)
 
 -   [Refresh Group Policy on the devices in each membership group](#to-refresh-group-policy-on-a-device)
 
diff --git a/windows/keep-secure/advanced-security-audit-policy-settings.md b/windows/keep-secure/advanced-security-audit-policy-settings.md
index c0dd8cf99f..dd4bf9d8d5 100644
--- a/windows/keep-secure/advanced-security-audit-policy-settings.md
+++ b/windows/keep-secure/advanced-security-audit-policy-settings.md
@@ -27,7 +27,7 @@ You can access these audit policy settings through the Local Security Policy sna
 These advanced audit policy settings allow you to select only the behaviors that you want to monitor. You can exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because security audit policies can be applied by using domain Group Policy Objects, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
 Audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** are available in the following categories:
 
-**Account Logon**
+## Account Logon
 
 Configuring policy settings in this category can help you document attempts to authenticate account data on a domain controller or on a local Security Accounts Manager (SAM). Unlike Logon and Logoff policy settings and events, which track attempts to access a particular computer, settings and events in this category focus on the account database that is used. This category includes the following subcategories:
 
@@ -36,7 +36,7 @@ Configuring policy settings in this category can help you document attempts to a
 -   [Audit Kerberos Service Ticket Operations](audit-kerberos-service-ticket-operations.md)
 -   [Audit Other Logon/Logoff Events](audit-other-logonlogoff-events.md)
 
-**Account Management**
+## Account Management
 
 The security audit policy settings in this category can be used to monitor changes to user and computer accounts and groups. This category includes the following subcategories:
 
@@ -47,7 +47,7 @@ The security audit policy settings in this category can be used to monitor chang
 -   [Audit Security Group Management](audit-security-group-management.md)
 -   [Audit User Account Management](audit-user-account-management.md)
 
-**Detailed Tracking**
+## Detailed Tracking
 
 Detailed Tracking security policy settings and audit events can be used to monitor the activities of individual applications and users on that computer, and to understand how a computer is being used. This category includes the following subcategories:
 
@@ -57,7 +57,7 @@ Detailed Tracking security policy settings and audit events can be used to monit
 -   [Audit Process Termination](audit-process-termination.md)
 -   [Audit RPC Events](audit-rpc-events.md)
 
-**DS Access**
+## DS Access
 
 DS Access security audit policy settings provide a detailed audit trail of attempts to access and modify objects in Active Directory Domain Services (AD DS). These audit events are logged only on domain controllers. This category includes the following subcategories:
 
@@ -66,7 +66,7 @@ DS Access security audit policy settings provide a detailed audit trail of attem
 -   [Audit Directory Service Changes](audit-directory-service-changes.md)
 -   [Audit Directory Service Replication](audit-directory-service-replication.md)
 
-**Logon/Logoff**
+## Logon/Logoff
 
 Logon/Logoff security policy settings and audit events allow you to track attempts to log on to a computer interactively or over a network. These events are particularly useful for tracking user activity and identifying potential attacks on network resources. This category includes the following subcategories:
 
@@ -82,11 +82,11 @@ Logon/Logoff security policy settings and audit events allow you to track attemp
 -   [Audit Other Logon/Logoff Events](audit-other-logonlogoff-events.md)
 -   [Audit Special Logon](audit-special-logon.md)
 
-**Object Access**
+## Object Access
 
 Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate object Aaccess auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses.
 
-Proving that these audit policies are in effect to an external auditor is more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see [Global Object Access Auditing](#global-object-access).
+Proving that these audit policies are in effect to an external auditor is more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see [Global Object Access Auditing](#global-object-access-auditing).
 
 This category includes the following subcategories:
 
@@ -105,7 +105,7 @@ This category includes the following subcategories:
 -   [Audit SAM](audit-sam.md)
 -   [Audit Central Access Policy Staging](audit-central-access-policy-staging.md)
 
-**Policy Change**
+## Policy Change
 
 Policy Change audit events allow you to track changes to important security policies on a local system or network. Because policies are typically established by administrators to help secure network resources, monitoring changes or attempts to change these policies can be an important aspect of security management for a network. This category includes the following subcategories:
 
@@ -116,7 +116,7 @@ Policy Change audit events allow you to track changes to important security poli
 -   [Audit MPSSVC Rule-Level Policy Change](audit-mpssvc-rule-level-policy-change.md)
 -   [Audit Other Policy Change Events](audit-other-policy-change-events.md)
 
-**Privilege Use**
+## Privilege Use
 
 Permissions on a network are granted for users or computers to complete defined tasks. Privilege Use security policy settings and audit events allow you to track the use of certain permissions on one or more systems. This category includes the following subcategories:
 
@@ -124,7 +124,7 @@ Permissions on a network are granted for users or computers to complete defined
 -   [Audit Sensitive Privilege Use](audit-sensitive-privilege-use.md)
 -   [Audit Other Privilege Use Events](audit-other-privilege-use-events.md)
 
-**System**
+## System
 
 System security policy settings and audit events allow you to track system-level changes to a computer that are not included in other categories and that have potential security implications. This category includes the following subcategories:
 
@@ -134,7 +134,7 @@ System security policy settings and audit events allow you to track system-level
 -   [Audit Security System Extension](audit-security-system-extension.md)
 -   [Audit System Integrity](audit-system-integrity.md)
 
-**Global Object Access**
+## Global Object Access Auditing
 
 Global Object Access Auditing policy settings allow administrators to define computer system access control lists (SACLs) per object type for the file system or for the registry. The specified SACL is then automatically applied to every object of that type.
 Auditors will be able to prove that every resource in the system is protected by an audit policy by viewing the contents of the Global Object Access Auditing policy settings. For example, if auditors see a policy setting called "Track all changes made by group administrators," they know that this policy is in effect.
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index cdde9f9522..300a029cff 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -82,7 +82,7 @@ This URL will match that seen in the Firewall or network activity.</td>
 <td>Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```.</td>
 <td>Variable = URL of the Windows Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
-<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#configure-proxy-and-Internet-connectivity).</td>
+<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>6</td>
@@ -145,7 +145,7 @@ It may take several hours for the endpoint to appear in the portal.</td>
 <td>Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable```.</td>
 <td>Variable = URL of the Windows Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
-<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity).</td>
+<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>17</td>
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index fb34c03d1f..59834fcd44 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -81,7 +81,7 @@ Investigate the details of an alert raised on a specific machine to identify oth
 
 You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas:
 
-- The [Machines view](#Investigate-machines-in-the-Windows-Defender-ATP-Machines-view)
+- The [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
 - The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
 - The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - Any individual alert
diff --git a/windows/keep-secure/local-accounts.md b/windows/keep-secure/local-accounts.md
index 7f8aa3e095..3e50de5cc8 100644
--- a/windows/keep-secure/local-accounts.md
+++ b/windows/keep-secure/local-accounts.md
@@ -81,7 +81,7 @@ The default Administrator account is initially installed differently for Windows
 
 In summary, for Windows Server operating systems, the Administrator account is used to set up the local server only for tasks that require administrative rights. The default Administrator account is set up by using the default settings that are provided on installation. Initially, the Administrator account is not associated with a password. After installation, when you first set up Windows Server, your first task is to set up the Administrator account properties securely. This includes creating a strong password and securing the **Remote control** and **Remote Desktop Services Profile** settings. You can also disable the Administrator account when it is not required.
 
-In comparison, for the Windows client operating systems, the Administrator account has access to the local system only. The default Administrator account is initially disabled by default, and this account is not associated with a password. It is a best practice to leave the Administrator account disabled. The default Administrator account is considered only as a setup and disaster recovery account, and it can be used to join the computer to a domain. When administrator access is required, do not sign in as an administrator. You can sign in to your computer with your local (non-administrator) credentials and use **Run as administrator**. For more information, see [Security considerations](#security-considerations).
+In comparison, for the Windows client operating systems, the Administrator account has access to the local system only. The default Administrator account is initially disabled by default, and this account is not associated with a password. It is a best practice to leave the Administrator account disabled. The default Administrator account is considered only as a setup and disaster recovery account, and it can be used to join the computer to a domain. When administrator access is required, do not sign in as an administrator. You can sign in to your computer with your local (non-administrator) credentials and use **Run as administrator**. 
 
 **Account group membership**
 
diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 0780adf0bf..d927f73825 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -30,8 +30,8 @@ The TPM Services Group Policy settings are located at:
 | [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| X| 
 | [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X|||  
 | [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X|||  
-| [Standard User Individual Lockout Threshold](#individual)| X| X| X| X|||  
-| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||
+| [Standard User Individual Lockout Threshold](#bkmk-individual)| X| X| X| X|||  
+| [Standard User Total Lockout Threshold](#bkmk-total)| X| X| X| X||||
 
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services