Rename files, Fix links

windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md

@@ -72,7 +72,7 @@ Pre-boot authentication with a PIN can mitigate an attack vector for devices tha
 
 On the other hand, Pre-boot authentication-prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization's support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation.
 
-To address these issues, [BitLocker Network Unlock](./bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.
+To address these issues, [BitLocker Network Unlock](bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.
 
 ### Protecting Thunderbolt and other DMA ports
 
@@ -92,7 +92,7 @@ If kernel DMA protection isn't enabled, follow these steps to protect Thunderbol
 
     - MDM: [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy
 
-    - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.)
+    - Group Policy: [Disable new DMA devices when this computer is locked](bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.)
 
 For Thunderbolt v1 and v2 (DisplayPort Connector), refer to the **Thunderbolt Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). For SBP-2 and 1394 (also known as Firewire), refer to the **SBP-2 Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d).
 
@@ -166,7 +166,7 @@ Mitigation:
 > [!IMPORTANT]
 > These settings are **not configured** by default.
 
-For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](./bitlocker-group-policy-settings.md) is:
+For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](bitlocker-group-policy-settings.md) is:
 
 - *Computer Configuration* > *Policies* > *Administrative Templates* > *Windows Components* > *BitLocker Drive Encryption* > *Operating System Drives* > **Allow enhanced PINs for startup**
 
@@ -178,6 +178,6 @@ For secure administrative workstations, Microsoft recommends a TPM with PIN prot
 ## Related articles
 
 - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d)
-- [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md)
+- [BitLocker Group Policy settings](bitlocker-group-policy-settings.md)
 - [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp)
 - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)

windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md

@@ -112,7 +112,7 @@ Requiring a PIN at startup is a useful security feature because it acts as a sec
 
 Windows 11 and Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices don't require a PIN for startup: They're designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
 
-For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md).
+For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](bitlocker-countermeasures.md).
 
 ## Configure Network Unlock
 

windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md

@@ -15,7 +15,7 @@ Though much Windows [BitLocker documentation](index.md) has been published, cust
 
 ## Managing domain-joined computers and moving to cloud  
 
-Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md).
+Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](bitlocker-group-policy-settings.md).
 
 Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
 
@@ -92,7 +92,7 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi
 - [BitLocker: FAQs](bitlocker-frequently-asked-questions.yml)
 - [Microsoft BitLocker Administration and Management (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/)
 - [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption)
-- [BitLocker Group Policy Reference](./bitlocker-group-policy-settings.md)
+- [BitLocker Group Policy Reference](bitlocker-group-policy-settings.md)
 - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune/)
 *(Overview)*
 - [Configuration Settings Providers](/windows/client-management/mdm/policy-configuration-service-provider)

windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md

@@ -331,17 +331,17 @@ It can also be configured using mobile device management (MDM), including in Int
 
 **`<LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryMessage</LocURI>`**
 
-![Custom URL.](./images/bl-intune-custom-url.png)
+![Custom URL.](images/bl-intune-custom-url.png)
 
 Example of a customized recovery screen:
 
-![Customized BitLocker Recovery Screen.](./images/bl-password-hint1.png)
+![Customized BitLocker Recovery Screen.](images/bl-password-hint1.png)
 
 ### BitLocker recovery key hints
 
 BitLocker metadata has been enhanced starting in Windows 10, version 1903, to include information about when and where the BitLocker recovery key was backed up. This information isn't exposed through the UI or any public API. It's used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. The hints apply to both the boot manager recovery screen and the WinRE unlock screen.
 
-![Customized BitLocker recovery screen.](./images/bl-password-hint2.png)
+![Customized BitLocker recovery screen.](images/bl-password-hint2.png)
 
 > [!IMPORTANT]
 > It is not recommend to print recovery keys or saving them to a file. Instead, use Active Directory backup or a cloud-based backup. Cloud-based backup includes Azure Active Directory (Azure AD) and Microsoft account.
@@ -378,7 +378,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** The hints for the Microsoft account and custom URL are displayed.
 
-![Example 1 of Customized BitLocker recovery screen.](./images/rp-example1.png)
+![Example 1 of Customized BitLocker recovery screen.](images/rp-example1.png)
 
 #### Example 2 (single recovery key with single backup)
 
@@ -392,7 +392,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the custom URL is displayed.
 
-![Example 2 of customized BitLocker recovery screen.](./images/rp-example2.png)
+![Example 2 of customized BitLocker recovery screen.](images/rp-example2.png)
 
 #### Example 3 (single recovery key with multiple backups)
 
@@ -406,7 +406,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the Microsoft Account hint is displayed.
 
-![Example 3 of customized BitLocker recovery screen.](./images/rp-example3.png)
+![Example 3 of customized BitLocker recovery screen.](images/rp-example3.png)
 
 #### Example 4  (multiple recovery passwords)
 
@@ -435,7 +435,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the hint for a successfully backed up key is displayed, even if it isn't the most recent key.
 
-![Example 4 of customized BitLocker recovery screen.](./images/rp-example4.png)
+![Example 4 of customized BitLocker recovery screen.](images/rp-example4.png)
 
 #### Example 5  (multiple recovery passwords)
 
@@ -461,7 +461,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** The hint for the most recent key is displayed.
 
-![Example 5 of customized BitLocker recovery screen.](./images/rp-example5.png)
+![Example 5 of customized BitLocker recovery screen.](images/rp-example5.png)
 
 ## Using additional recovery information
 

windows/security/operating-system-security/data-protection/bitlocker/index.md

@@ -79,7 +79,7 @@ When installing the BitLocker optional component on a server, the Enhanced Stora
 | [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This article describes the function, location, and effect of each group policy setting that is used to manage BitLocker. |
 | [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This article describes the BCD settings that are used by BitLocker.|
 | [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This article describes how to recover BitLocker keys from AD DS. |
-| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. |
+| [Protect BitLocker from pre-boot attacks](bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. |
 | [Troubleshoot BitLocker](/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
 | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This article describes how to protect CSVs and SANs with BitLocker.|
 | [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This article describes how to use BitLocker with Windows IoT Core |