Merge pull request #1195 from DCtheGeek/dmc-links-ws-remains-3

Links: Windows Server - Remaining - 3

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-choose-where-to-install-hgs.md

@@ -17,7 +17,7 @@ The default installation will set up a new forest dedicated for HGS and configur
 This option is recommended because the environment is self-contained and known to be secure when it is created.
 
 The only technical requirement for installing HGS in an existing forest is that it be added to the root domain; non-root domains are not supported. But there are also operational requirements and security-related best practices for using an existing forest.
-Suitable forests are purposely built to serve one sensitive function, such as the forest used by [Privileged Access Management for AD DS](https://docs.microsoft.com/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services) or an [Enhanced Security Administrative Environment (ESAE) forest](https://technet.microsoft.com/windows-server-docs/security/securing-privileged-access/securing-privileged-access-reference-material#ESAE_BM).
+Suitable forests are purposely built to serve one sensitive function, such as the forest used by [Privileged Access Management for AD DS](/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services) or an [Enhanced Security Administrative Environment (ESAE) forest](../../identity/securing-privileged-access/securing-privileged-access-reference-material.md#esae-administrative-forest-design-approach).
 Such forests usually exhibit the following characteristics:
 
 - They have few admins (separate from fabric admins)
@@ -32,6 +32,4 @@ Fabric forests are also unsuitable because HGS needs to be isolated from fabric
 Choose the installation option that best suits your environment:
 
 - [Install HGS in its own dedicated forest](guarded-fabric-install-hgs-default.md)
-- [Install HGS in an existing bastion forest](guarded-fabric-install-hgs-in-a-bastion-forest.md)
-
-
+- [Install HGS in an existing bastion forest](guarded-fabric-install-hgs-in-a-bastion-forest.md)

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-configure-additional-hgs-nodes.md

@@ -110,7 +110,7 @@ If you want to secure HGS endpoints with an SSL certificate, you must configure
 SSL certificates *are not* replicated by HGS and do not need to use the same keys for every node (i.e. you can have different SSL certs for each node).
 
 When requesting an SSL cert, ensure the cluster fully qualified domain name (as shown in the output of `Get-HgsServer`) is either the subject common name of the cert, or included as a subject alternative DNS name.
-When you've obtained a certificate from your certificate authority, you can configure HGS to use it with [Set-HgsServer](https://technet.microsoft.com/itpro/powershell/windows/hgsserver/set-hgsserver).
+When you've obtained a certificate from your certificate authority, you can configure HGS to use it with [Set-HgsServer](/powershell/module/hgsserver/set-hgsserver?view=win10-ps).
 
 ```powershell
 $sslPassword = Read-Host -AsSecureString -Prompt "SSL Certificate Password"
@@ -138,4 +138,4 @@ To decommission an HGS node:
    If HGS is deployed in a bastion forest (default), that's the only step.
    You can optionally unjoin the machine from the domain and remove the gMSA account from Active Directory.
 
-2. If HGS created its own domain, you should also [uninstall HGS](guarded-fabric-manage-hgs.md#clearing-the-hgs-configuration) to unjoin the domain and demote the domain controller.
+2. If HGS created its own domain, you should also [uninstall HGS](guarded-fabric-manage-hgs.md#clearing-the-hgs-configuration) to unjoin the domain and demote the domain controller.

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-confirm-hosts-can-attest-successfully.md

@@ -32,7 +32,7 @@ A fabric administrator needs to confirm that Hyper-V hosts can run as guarded ho
 
         To configure a fallback HGS server, repeat this command and specify the fallback URLs for the Key Protection and Attestation services. For more information, see [Fallback configuration](guarded-fabric-manage-branch-office.md#fallback-configuration).
 
-    - **Through VMM**: If you are using System Center 2016 - Virtual Machine Manager (VMM), you can configure Attestation and Key Protection URLs in VMM. For details, see [Configure global HGS settings](https://technet.microsoft.com/system-center-docs/vmm/scenario/guarded-hosts#configure-global-hgs-settings) in **Provision guarded hosts in VMM**.
+    - **Through VMM**: If you are using System Center 2016 - Virtual Machine Manager (VMM), you can configure Attestation and Key Protection URLs in VMM. For details, see [Configure global HGS settings](/system-center/vmm/guarded-deploy-host?view=sc-vmm-2019#configure-global-hgs-settings) in **Provision guarded hosts in VMM**.
 
     >**Notes**
     > - If the HGS administrator [enabled HTTPS on the HGS server](guarded-fabric-configure-hgs-https.md), begin the URLs with `https://`.
@@ -66,4 +66,4 @@ A fabric administrator needs to confirm that Hyper-V hosts can run as guarded ho
 ## Additional References
 
 - [Deploy the Host Guardian Service (HGS)](guarded-fabric-deploying-hgs-overview.md)
-- [Deploy shielded VMs](guarded-fabric-configuration-scenarios-for-shielded-vms-overview.md)
+- [Deploy shielded VMs](guarded-fabric-configuration-scenarios-for-shielded-vms-overview.md)

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-create-a-linux-shielded-vm-template.md

@@ -63,7 +63,7 @@ These steps will walk you through the bare minimum requirements to get a Linux V
     You can do this by clicking "Connect to Server..." in the Actions pane or by right clicking on Hyper-V Manager and choosing "Connect to Server..."
     Provide the DNS name for your Hyper-V server and, if necessary, the credentials needed to connect to it.
 
-5.  Using Hyper-V Manager, [configure an external switch](https://docs.microsoft.com/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines) on your virtualization server so the Linux VM can access the Internet to obtain updates.
+5.  Using Hyper-V Manager, [configure an external switch](../../virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines.md) on your virtualization server so the Linux VM can access the Internet to obtain updates.
 
 6.  Next, create a new virtual machine to install the Linux OS onto.
     In the Actions pane, click **New** > **Virtual Machine** to bring up the wizard.
@@ -115,7 +115,7 @@ These steps will walk you through the bare minimum requirements to get a Linux V
 
 13. If you are planning to use System Center Virtual Machine Manager to deploy your VMs, install the VMM guest agent to enable VMM to specialize your OS during VM provisioning.
     Specialization allows each VM to be set up securely with different users and SSH keys, networking configurations, and custom setup steps.
-    Learn how to [obtain and install the VMM guest agent](https://docs.microsoft.com/system-center/vmm/vm-linux#install-the-vmm-guest-agent) in the VMM documentation.
+    Learn how to [obtain and install the VMM guest agent](/system-center/vmm/vm-linux#install-the-vmm-guest-agent) in the VMM documentation.
 
 14. Next, [add the Microsoft Linux Software Repository to your package manager](../../administration/linux-package-repository-for-microsoft-software.md).
 
@@ -185,7 +185,7 @@ The VHDX you provide to the `-Path` parameter will be overwritten with the updat
 
 > [!IMPORTANT]
 > The Remote Server Administration Tools available on Windows Server 2016 or Windows 10 cannot be used to prepare a Linux shielded VM template disk.
-> Only use the [Protect-TemplateDisk](https://docs.microsoft.com/powershell/module/shieldedvmtemplate/protect-templatedisk?view=win10-ps) cmdlet available on Windows Server, version 1709 or the Remote Server Administration Tools available on Windows Server 2019 to prepare a Linux shielded VM template disk.
+> Only use the [Protect-TemplateDisk](/powershell/module/shieldedvmtemplate/protect-templatedisk?view=win10-ps) cmdlet available on Windows Server, version 1709 or the Remote Server Administration Tools available on Windows Server 2019 to prepare a Linux shielded VM template disk.
 
 ```powershell
 # Replace "THUMBPRINT" with the thumbprint of your template disk signing certificate in the line below
@@ -205,4 +205,4 @@ To extract the volume signature catalog, run the following command in PowerShell
 
 ```powershell
 Save-VolumeSignatureCatalog -TemplateDiskPath 'C:\temp\MyLinuxTemplate.vhdx' -VolumeSignatureCatalogPath 'C:\temp\MyLinuxTemplate.vsc'
-```
+```

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-create-a-shielded-vm-template.md

@@ -13,7 +13,7 @@ ms.date: 01/29/2019
 >Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2019
 
 
-As with regular VMs, you can create a VM template (for example, a [VM template in Virtual Machine Manager (VMM)](https://technet.microsoft.com/system-center-docs/vmm/manage/manage-library-add-vm-templates)) to make it easy for tenants and administrators to deploy new VMs on the fabric using a template disk. Because shielded VMs are security-sensitive assets, there are additional steps to create a VM template that supports shielding. This topic covers the steps to create a shielded template disk and a VM template in VMM.
+As with regular VMs, you can create a VM template (for example, a [VM template in Virtual Machine Manager (VMM)](/system-center/vmm/library-vm-templates?view=sc-vmm-2019)) to make it easy for tenants and administrators to deploy new VMs on the fabric using a template disk. Because shielded VMs are security-sensitive assets, there are additional steps to create a VM template that supports shielding. This topic covers the steps to create a shielded template disk and a VM template in VMM.
 
 To understand how this topic fits in the overall process of deploying shielded VMs, see [Hosting service provider configuration steps for guarded hosts and shielded VMs](guarded-fabric-configuration-scenarios-for-shielded-vms-overview.md).
 
@@ -133,7 +133,7 @@ After the template is created, tenants can use it to create new virtual machines
 
 ## Prepare and protect the VHDX using PowerShell
 
-As an alternative to running the Template Disk Wizard, you can copy your template disk and certificate to a computer running RSAT and run [Protect-TemplateDisk](https://docs.microsoft.com/powershell/module/shieldedvmtemplate/protect-templatedisk?view=win10-ps
+As an alternative to running the Template Disk Wizard, you can copy your template disk and certificate to a computer running RSAT and run [Protect-TemplateDisk](/powershell/module/shieldedvmtemplate/protect-templatedisk?view=win10-ps
 ) to initiate the signing process.
 The following example uses the name and version information specified by the _TemplateName_ and _Version_ parameters.
 The VHDX you provide to the `-Path` parameter will be overwritten with the updated template disk, so be sure to make a copy before running the command.
@@ -167,4 +167,4 @@ Save-VolumeSignatureCatalog -TemplateDiskPath 'C:\temp\MyLinuxTemplate.vhdx' -Vo
 ## Additional References
 
 - [Hosting service provider configuration steps for guarded hosts and shielded VMs](guarded-fabric-configuration-scenarios-for-shielded-vms-overview.md)
-- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)
+- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-deploying-hgs-overview.md

@@ -32,14 +32,14 @@ The following table breaks down the tasks to deploy a guarded fabric and create
 | 6 - [Create host key (Key)](guarded-fabric-create-host-key.md) and[Collect host information (TPM)](guarded-fabric-tpm-trusted-attestation-capturing-hardware.md) | ![Step 6, create host key and collect host info](../media/Guarded-Fabric-Shielded-VM/guarded-host-collect-info-from-hosts.png) |
 | 7 - [Configure HGS with host information](guarded-fabric-add-host-information-to-hgs.md) | ![Step 7, add host info to HGS](../media/Guarded-Fabric-Shielded-VM/guarded-host-configure-hgs-with-host-info.png) |
 | 8 -  [Confirm hosts can attest](guarded-fabric-confirm-hosts-can-attest-successfully.md) | ![Step 8, confirm host can attest](../media/Guarded-Fabric-Shielded-VM/guarded-host-confirm-hosts-attest.png) |
-| 9 - [Configure VMM (optional)](https://technet.microsoft.com/system-center-docs/vmm/scenario/guarded-overview) | ![Step 9, configure VMM (optional)](../media/Guarded-Fabric-Shielded-VM/guarded-host-configure-vmm.png) |
+| 9 - [Configure VMM (optional)](/system-center/vmm/deploy-guarded-host-fabric?view=sc-vmm-2019) | ![Step 9, configure VMM (optional)](../media/Guarded-Fabric-Shielded-VM/guarded-host-configure-vmm.png) |
 | 10 - [Create template disks](guarded-fabric-create-a-shielded-vm-template.md) | ![Step 10, create template disks](../media/Guarded-Fabric-Shielded-VM/guarded-host-create-template-disk.png) |
 | 11 - [Create a VM shielding helper disk for VMM (optional)](guarded-fabric-vm-shielding-helper-vhd.md) | ![Step 11, create a VM shielding help disk for VMM](../media/Guarded-Fabric-Shielded-VM/guarded-host-create-helper-disk.png) |
 | 12 - [Set up Windows Azure Pack (optional)](guarded-fabric-shielded-vm-windows-azure-pack.md) | ![Step 12, set up Windows Azure Pack (optional)](../media/Guarded-Fabric-Shielded-VM/guarded-host-windows-azure-pack.png) |
 | 13 - [Create shielding data file](guarded-fabric-tenant-creates-shielding-data.md) | ![Step 13, create a shielding data file](../media/Guarded-Fabric-Shielded-VM/guarded-host-shielding-data-file.png) |
 | 14 - [Create shielded VMs using Windows Azure Pack](guarded-fabric-shielded-vm-windows-azure-pack.md) | ![Step 14, create shielded VMs using Windows Azure Pack](../media/Guarded-Fabric-Shielded-VM/guarded-host-shielded-vms.png) |
-| 15 - [Create shielded VMs using VMM](https://technet.microsoft.com/system-center-docs/vmm/scenario/guarded-vms) | ![Step 15, create shielded VMs using VMM](../media/Guarded-Fabric-Shielded-VM/guarded-host-shielded-vms.png) |
+| 15 - [Create shielded VMs using VMM](/system-center/vmm/guarded-deploy-vm?view=sc-vmm-2019) | ![Step 15, create shielded VMs using VMM](../media/Guarded-Fabric-Shielded-VM/guarded-host-shielded-vms.png) |
 
 ## Additional References
 
-- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)
+- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-deployment-overview.md

@@ -13,7 +13,7 @@ ms.date: 01/30/2019
 >Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016
 
 This topic explains what a guarded fabric is, its requirements, and a summary of the deployment process.
-For detailed deployment steps, see [Deploying the Host Guardian Service for guarded hosts and shielded VMs](https://technet.microsoft.com/windows-server-docs/security/guarded-fabric-shielded-vm/guarded-fabric-deploying-hgs-overview).
+For detailed deployment steps, see [Deploying the Host Guardian Service for guarded hosts and shielded VMs](./guarded-fabric-deploying-hgs-overview.md).
 
 Prefer video? See the Microsoft Virtual Academy course [Deploying Shielded VMs and a Guarded Fabric with Windows Server 2016](https://mva.microsoft.com/training-courses/deploying-shielded-vms-and-a-guarded-fabric-with-windows-server-2016-17131?l=WFLef7vUD_4604300474).
 
@@ -67,7 +67,7 @@ Let's imagine this scenario—you have an existing Hyper-V fabric, like Contoso.
 
 ## Step 1: Deploy the Hyper-V hosts running Windows Server 2016
 
-The Hyper-V hosts need to run Windows Server 2016 Datacenter edition or later. If you are upgrading hosts, you can [upgrade](https://technet.microsoft.com/windowsserver/dn527667.aspx) from Standard edition to Datacenter edition.
+The Hyper-V hosts need to run Windows Server 2016 Datacenter edition or later. If you are upgrading hosts, you can [upgrade](../../get-started/installation-and-upgrade.md) from Standard edition to Datacenter edition.
 
 ![Upgrade Hyper-V hosts](../../security/media/Guarded-Fabric-Shielded-VM/guarded-fabric-deployment-step-one-upgrade-hyper-v.png)
 
@@ -154,7 +154,7 @@ The shielding data file also includes the security policy setting for the shield
 
     ![New encryption supported VM](../media/Guarded-Fabric-Shielded-VM/guarded-fabric-new-shielded-vm.png)
 
-You can add optional management pieces like VMM or Windows Azure Pack. If you'd like to create a VM without installing those pieces, see [Step by step – Creating Shielded VMs without VMM](https://blogs.technet.microsoft.com/datacentersecurity/2016/06/06/step-by-step-creating-shielded-vms-without-vmm/).
+You can add optional management pieces like VMM or Windows Azure Pack. If you'd like to create a VM without installing those pieces, see [Step by step – Creating Shielded VMs without VMM](/archive/blogs/datacentersecurity/step-by-step-creating-shielded-vms-without-vmm).
 
 ## Step 6: Create a shielded VM
 
@@ -166,4 +166,4 @@ In Windows Azure Pack, the experience is even easier than creating a regular VM
 ## Next step
 
 > [!div class="nextstepaction"]
-> [HGS Prerequisites](guarded-fabric-prepare-for-hgs.md)
+> [HGS Prerequisites](guarded-fabric-prepare-for-hgs.md)

WindowsServerDocs/security/guarded-fabric-shielded-vm/guarded-fabric-hoster-sets-up-windows-azure-pack.md

@@ -20,7 +20,7 @@ You will complete the following tasks to set up Windows Azure Pack in your envir
 
 1. Complete configuration of System Center 2016 - Virtual Machine Manager (VMM) for your hosting fabric. This includes setting up VM templates and a VM cloud, which will be exposed through Windows Azure Pack:
 
-    [Scenario - Deploy guarded hosts and shielded virtual machines in VMM](https://technet.microsoft.com/system-center-docs/vmm/scenario/guarded-overview)
+    [Scenario - Deploy guarded hosts and shielded virtual machines in VMM](/system-center/vmm/deploy-guarded-host-fabric?view=sc-vmm-2019)
 
 2. Install and configure System Center 2016 - Service Provider Foundation (SPF). This software enables Windows Azure Pack to communicate with your VMM servers:
 
@@ -39,15 +39,15 @@ You will complete the following tasks to set up Windows Azure Pack in your envir
 
 Install and configure Windows Azure Pack (WAP) on the machine where you wish to host the web portal for your tenants. This machine will need to be able to reach the SPF server and be reachable by your tenants.
 
-1.  Reviewing [WAP system requirements](https://technet.microsoft.com/library/dn296442.aspx) and install the [prerequisite software](https://technet.microsoft.com/library/dn469335.aspx).
+1.  Reviewing [WAP system requirements](/previous-versions/azure/windows-server-azure-pack/dn296442(v=technet.10)) and install the [prerequisite software](/previous-versions/azure/windows-server-azure-pack/dn469335(v=technet.10)).
 
 2.  Download and install the [Web Platform Installer](https://www.microsoft.com/web/downloads/platform.aspx). If the machine is not connected to the Internet, follow the [offline installation instructions](https://www.iis.net/learn/install/web-platform-installer/web-platform-installer-v4-command-line-webpicmdexe-rtw-release).
 
 3.  Open the Web Platform Installer and find **Windows Azure Pack: Portal and API Express** under the **Products** tab. Click **Add**, then **Install** at the bottom of the window.
 
 4.  Proceed through the installation. After the installation completes, the configuration site (*https://<wapserver>:30101/*) opens in your web browser. On this website, provide information about your SQL server and finish configuring WAP.
 
-For help setting up Windows Azure Pack, see [Install an express deployment of Windows Azure Pack](https://technet.microsoft.com/dn296439.aspx).
+For help setting up Windows Azure Pack, see [Install an express deployment of Windows Azure Pack](/previous-versions/azure/windows-server-azure-pack/dn296439(v=technet.10)).
 
 > [!NOTE]
 > If you already run Windows Azure Pack in your environment, you may use your existing installation. In order to work with the latest shielded VM features, however, you will need to upgrade your installation to at least Update Rollup 10.
@@ -109,4 +109,4 @@ In order to allow tenants to create VMs in WAP, you must first create a hosting
 ## Additional References
 
 - [Hosting service provider configuration steps for guarded hosts and shielded VMs](guarded-fabric-configuration-scenarios-for-shielded-vms-overview.md)
-- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)
+- [Guarded fabric and shielded VMs](guarded-fabric-and-shielded-vms-top-node.md)