Rename files, Fix links

windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md

@@ -94,8 +94,8 @@ In Windows 10 and Windows 11, cloud experience host is an application used while
 
 ### Related to cloud experience host
 
-- [Windows Hello for Business](./hello-identity-verification.md)
-- [Managed Windows Hello in organization](./hello-manage-in-organization.md)
+- [Windows Hello for Business](hello-identity-verification.md)
+- [Managed Windows Hello in organization](hello-manage-in-organization.md)
 
 ### More information on cloud experience host
 

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md

@@ -203,7 +203,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 1. Repeat this procedure on all your domain controllers
 
 > [!NOTE]
-> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](./hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers.
+> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers.
 
 > [!IMPORTANT]
 > If you are not using automatic certificate enrollment, create a calendar reminder to alert you two months before the certificate expiration date. Send the reminder to multiple people in the organization to ensure more than one or two people know when these certificates expire.

windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md

@@ -101,7 +101,7 @@ To configure the cloud Kerberos trust policy:
     > [!IMPORTANT]
     > *Tenant ID* in the OMA-URI must be replaced with the tenant ID for your Azure AD tenant. See [How to find your Azure AD tenant ID][AZ-3] for instructions on looking up your tenant ID.
 
-    :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="./images/hello-cloud-trust-intune.png" lightbox="./images/hello-cloud-trust-intune-large.png":::
+    :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="images/hello-cloud-trust-intune.png" lightbox="images/hello-cloud-trust-intune-large.png":::
 
 1. Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
@@ -147,7 +147,7 @@ The Windows Hello for Business provisioning process begins immediately after a u
 You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs** > **Microsoft** > **Windows**.\
 This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4].
 
-:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="./images/cloud-trust-prereq-check.png" lightbox="./images/cloud-trust-prereq-check.png":::
+:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="images/cloud-trust-prereq-check.png" lightbox="images/cloud-trust-prereq-check.png":::
 
 The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust isn't being enforced by policy or if the device is Azure AD joined.
 

windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md

@@ -72,7 +72,7 @@ It's suggested to create a security group (for example, *Windows Hello for Busin
 The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
 
 > [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
+> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
 
 ### Enable Windows Hello for Business group policy setting
 
@@ -162,4 +162,4 @@ The following process occurs after a user signs in, to enroll in Windows Hello f
 [MEM-3]: /mem/intune/configuration/custom-settings-configure
 [MEM-4]: /windows/client-management/mdm/passportforwork-csp
 [MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
-[MEM-6]: /mem/intune/protect/identity-protection-configure
+[MEM-6]: /mem/intune/protect/identity-protection-configure

windows/security/identity-protection/hello-for-business/hello-planning-guide.md

@@ -81,7 +81,7 @@ It's fundamentally important to understand which deployment model to use for a s
 A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust.
 
 > [!NOTE]
-> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](./hello-hybrid-cloud-kerberos-trust.md).
+> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](hello-hybrid-cloud-kerberos-trust.md).
 
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 

windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md

@@ -3,4 +3,4 @@ ms.date: 12/08/2022
 ms.topic: include
 ---
 
-[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices")
+[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md)