updated relative links

windows/security/docfx.json

@@ -71,10 +71,12 @@
     "fileMetadata": {
       "author":{
         "identity-protection/**/*.md": "paolomatarazzo",
+        "network-security/**/*.md": "paolomatarazzo",
         "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
       },
       "ms.author":{
         "identity-protection/**/*.md": "paoloma",
+        "network-security/**/*.md": "paoloma",
         "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
       },
       "appliesto":{

windows/security/operating-system-security/network-security/vpn/vpn-authentication.md

@@ -74,7 +74,7 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration. 
 
 >[!NOTE]
->To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../hello-for-business/hello-identity-verification.md)
+>To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/hello-identity-verification.md).
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 

windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md

@@ -1,7 +1,7 @@
 ---
-title: VPN and conditional access (Windows 10 and Windows 11)
+title: VPN and conditional access
-description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
+description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.date: 09/23/2021
+ms.date: 05/23/2023
 ms.topic: conceptual
 ---
 
@@ -15,30 +15,25 @@ The VPN client is now able to integrate with the cloud-based Conditional Access
 Conditional Access Platform components used for Device Compliance include the following cloud-based services:
 
 - [Conditional Access Framework](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
-
 - [Azure AD Connect Health](/azure/active-directory/connect-health/active-directory-aadconnect-health)
-
+- [Windows Health Attestation Service](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
-- [Windows Health Attestation Service](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
-
 - Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA. 
 See also [Always On VPN deployment for Windows Server and Windows 10](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy).
-
 - Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When the client reconnects and determines that the certificate has expired, the client will again check with Azure AD for health validation before a new certificate is issued.
-
 - [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
-
+  - Antivirus status
-    - Antivirus status
+  - Auto-update status and update compliance
-    - Auto-update status and update compliance
+  - Password policy compliance
-    - Password policy compliance
+  - Encryption compliance
-    - Encryption compliance
+  - Device health attestation state (validated against attestation service after query)
-    - Device health attestation state (validated against attestation service after query)
 
 The following client-side components are also required:
+
 - [HealthAttestation Configuration Service Provider (CSP)](/windows/client-management/mdm/healthattestation-csp)
 - [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) DeviceCompliance node settings
 - Trusted Platform Module (TPM)
 
-## VPN device compliance 
+## VPN device compliance
 
 At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section.
 
@@ -47,7 +42,7 @@ Server-side infrastructure requirements to support VPN device compliance include
 - The VPN server should be configured for certificate authentication.
 - The VPN server should trust the tenant-specific Azure AD CA.
 - For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO).
-   
+
 After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node.
 
 Two client-side configuration service providers are leveraged for VPN device compliance.
@@ -90,14 +85,12 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien
 
 - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview)
 - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
-- [Control the health of Windows 10-based devices](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
+- [Control the health of Windows devices](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-- Control the health of Windows 11-based devices
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4)
 
-
 ## Related topics
 - [VPN technical guide](vpn-guide.md)
 - [VPN connection types](vpn-connection-type.md)

windows/security/operating-system-security/network-security/vpn/vpn-guide.md

@@ -14,7 +14,7 @@ To create a Windows 10 VPN device configuration profile see: [Windows 10 and Win
 > [!NOTE]
 > This guide does not explain server deployment.
 
-[!INCLUDE [virtual-private-network-vpn](../../../../includes/licensing/virtual-private-network-vpn.md)]
+[!INCLUDE [virtual-private-network-vpn](../../../../../includes/licensing/virtual-private-network-vpn.md)]
 
 ## In this guide
 

windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md

@@ -23,7 +23,7 @@ Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Serv
 
 The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
-[!INCLUDE [windows-firewall](../../../../includes/licensing/windows-firewall.md)]
+[!INCLUDE [windows-firewall](../../../../../includes/licensing/windows-firewall.md)]
 
 ## Feature description
 

windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md

@@ -1,6 +1,6 @@
 ---
 title: Control the health of Windows devices
-description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
+description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
 ms.prod: windows-client
 ms.date: 10/13/2017
 ms.localizationpriority: medium
@@ -17,7 +17,7 @@ ms.topic: conceptual
 
 -   Windows 10
 
-This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
+This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
 
 ## Introduction