more bookmark fixes

articles/active-directory/develop/reference-aadsts-error-codes.md

@@ -136,7 +136,7 @@ Looking for info about the AADSTS error codes that are returned from the Azure A
 | AADSTS54000 | MinorUserBlockedLegalAgeGroupRule |
 | AADSTS65001 | DelegationDoesNotExist - The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. |
 | AADSTS65004 | UserDeclinedConsent - User declined to consent to access the app. Have the user retry the sign-in and consent to the app|
-| AADSTS65005 | MisconfiguredApplication - The app required resource access list does not contain apps discoverable by the resource or The client app has requested access to resource, which was not specified in its required resource access list or Graph service returned bad request or resource not found. If the app supports SAML, you may have configured the app with the wrong Identifier (Entity). Try out the resolution listed for SAML using the link below: [https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#no-resource-in-requiredresourceaccess-list](https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-list) |
+| AADSTS65005 | MisconfiguredApplication - The app required resource access list does not contain apps discoverable by the resource or The client app has requested access to resource, which was not specified in its required resource access list or Graph service returned bad request or resource not found. If the app supports SAML, you may have configured the app with the wrong Identifier (Entity). Try out the resolution listed for SAML using the link below: [https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#no-resource-in-requiredresourceaccess-list](https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav) |
 | AADSTS67003 | ActorNotValidServiceIdentity |
 | AADSTS70000 | InvalidGrant - Authentication failed. The refresh token is not valid. Error may be due to the following reasons:<ul><li>Token binding header is empty</li><li>Token binding hash does not match</li></ul> |
 | AADSTS70001 | UnauthorizedClient - The application is disabled. |

articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md

@@ -48,7 +48,7 @@ This article is split into four sections:
 * **[User and group schema reference](#user-and-group-schema-reference)** - Describes the user and group schema supported by the Azure AD SCIM implementation for non-gallery apps. 
 
 ## Provisioning users and groups to applications that support SCIM
-Azure AD can be configured to automatically provision assigned users and groups to applications that implement a specific profile of the [SCIM 2.0 protocol](https://tools.ietf.org/html/rfc7644). The specifics of the profile are documented in [Understanding the Azure AD SCIM implementation](#implementing-a-scim-endpoint-that-works-with-azure-ad-user-provisioning).
+Azure AD can be configured to automatically provision assigned users and groups to applications that implement a specific profile of the [SCIM 2.0 protocol](https://tools.ietf.org/html/rfc7644). The specifics of the profile are documented in Understanding the Azure AD SCIM implementation.
 
 Check with your application provider, or your application provider's documentation for statements of compatibility with these requirements.
 

articles/active-directory/reports-monitoring/reference-sign-ins-error-codes.md

@@ -135,7 +135,7 @@ You can also programmatically access the sign-in data using the [reporting API](
 |53004|User needs to complete Multi-factor authentication registration process before accessing this content. User should register for multi-factor authentication.|
 |65001|Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.|
 |65004|User declined to consent to access the app. Have the user retry the sign-in and consent to the app|
-|65005|The application required resource access list does not contain applications discoverable by the resource or The client application has requested access to resource, which was not specified in its required resource access list or Graph service returned bad request or resource not found. If the application supports SAML, you may have configured the application with the wrong Identifier (Entity). Try out the resolution listed for SAML using the link below: [https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-list](https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-list)|
+|65005|The application required resource access list does not contain applications discoverable by the resource or The client application has requested access to resource, which was not specified in its required resource access list or Graph service returned bad request or resource not found. If the application supports SAML, you may have configured the application with the wrong Identifier (Entity). Try out the resolution listed for SAML using the link below: [https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav#no-resource-in-requiredresourceaccess-list](https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery?/?WT.mc_id=DMC_AAD_Manage_Apps_Troubleshooting_Nav)|
 |70000|Invalid grant due to the following reasons:<ul><li>Requested SAML 2.0 assertion has invalid Subject Confirmation Method</li><li>App OnBehalfOf flow is not supported on V2</li><li>Primary refresh token is not signed with session key</li><li>Invalid external refresh token</li><li>The access grant was obtained for a different tenant.</li></ul>|
 |70001|The application named X was not found in the tenant named Y. This can happen if the application with identifier X has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have misconfigured the Identifier value for the application or sent your authentication request to the wrong tenant.|
 |70002|The application returned invalid client credentials. Contact the application owner.|

articles/active-directory/saas-apps/answerhub-tutorial.md

@@ -76,7 +76,7 @@ To configure and test Azure AD single sign-on with AnswerHub, you need to comple
 2. [Configure AnswerHub single sign-on](#configure-answerhub-single-sign-on) to set up the single sign-on settings on the application side.
 3. [Create an Azure AD test user](#create-an-azure-ad-test-user) named Britta Simon.
 4. [Assign the Azure AD test user](#assign-the-azure-ad-test-user) to enable Britta Simon to use Azure AD single sign-on.
-5. [Create an AnswerHub test user](#create-answerhub-test-user) that corresponds to and is linked to the Azure AD test user.
+5. Create an AnswerHub test user that corresponds to and is linked to the Azure AD test user.
 6. [Test single sign-on](#test-single-sign-on) to verify that the configuration works.
 
 ### Configure Azure AD single sign-on

articles/aks/troubleshooting.md

@@ -85,4 +85,4 @@ This error occurs when clusters enter a failed state for multiple reasons. Follo
 Cluster operations are limited when active upgrade operations are occurring or an upgrade was attempted, but subsequently failed. To diagnose the issue run `az aks show -g myResourceGroup -n myAKSCluster -o table` to retrieve detailed status on your cluster. Based on the result:
 
 * If cluster is actively upgrading, wait until the operation terminates. If it succeeded, try the previously failed operation again.
-* If cluster has failed upgrade, follow steps outlined [above](#im-receiving-errors-when-trying-to-upgrade-or-scale-that-state-my-cluster-is-being-currently-being-upgraded-or-has-failed-upgrade-directed-from-httpsakamsaks-pending-upgrade)
+* If cluster has failed upgrade, follow steps outlined above

articles/automation/automation-hybrid-runbook-worker.md

@@ -95,7 +95,7 @@ For the Hybrid Runbook Worker to connect to and register with Azure Monitor logs
 
 [!INCLUDE [azure-monitor-log-analytics-rebrand](../../includes/azure-monitor-log-analytics-rebrand.md)]
 
-If you use a proxy server for communication between the agent and the Azure Monitor service, ensure that the appropriate resources are accessible. If you use a firewall to restrict access to the internet, you must configure your firewall to permit access. If you use the Log Analytics gateway as a proxy, ensure it is configured for hybrid workers. For instructions on how to do this, see [Configure the Log Analytics gateway for Automation Hybrid Workers](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway#configure-for-automation-hybrid-workers).
+If you use a proxy server for communication between the agent and the Azure Monitor service, ensure that the appropriate resources are accessible. If you use a firewall to restrict access to the internet, you must configure your firewall to permit access. If you use the Log Analytics gateway as a proxy, ensure it is configured for hybrid workers. For instructions on how to do this, see [Configure the Log Analytics gateway for Automation Hybrid Workers](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
 
 The following port and URLs are required for the Hybrid Runbook Worker role to communicate with Automation:
 

articles/azure-app-configuration/quickstart-aspnet-core-app.md

@@ -86,7 +86,7 @@ You will add the [Secret Manager tool](https://docs.microsoft.com/aspnet/core/se
 
     Secret Manager will only be used for testing the web app locally. When the app is deployed (for example, to [Azure App Service](https://azure.microsoft.com/services/app-service/web)), you will use an application setting (for example, **Connection Strings** in App Service) instead of storing the connection string with Secret Manager.
 
-    This secret is a accessed with the configuration API. A colon (:) works in the configuration name with the configuration API on all supported platforms, see [Configuration by environment](https://docs.microsoft.com/aspnet/core/fundamentals/configuration/index?tabs=basicconfiguration&view=aspnetcore-2.0#configuration-by-environment).
+    This secret is a accessed with the configuration API. A colon (:) works in the configuration name with the configuration API on all supported platforms, see [Configuration by environment](https://docs.microsoft.com/aspnet/core/fundamentals/configuration/index?tabs=basicconfiguration&view=aspnetcore-2.0).
 
 4. Open *Program.cs* and update the `CreateWebHostBuilder` method to use App Configuration by calling the `config.AddAzureAppConfiguration()` method.
 

articles/azure-app-configuration/scripts/cli-create-service.md

@@ -71,8 +71,8 @@ This script uses the following commands to create a new resource group and an ap
 | Command | Notes |
 |---|---|
 | [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
-| [az appconfig create](/cli/azure/ext/appconfig/appconfig#ext-appconfig-az-appconfig-create) | Creates an app configuration store resource. |
-| [az appconfig key list](/cli/azure/ext/appconfig/appconfig/kv#ext-appconfig-az-appconfig-kv-list) | List the keys stored in an app configuration store. |
+| [az appconfig create](/cli/azure/ext/appconfig/appconfig) | Creates an app configuration store resource. |
+| [az appconfig key list](/cli/azure/ext/appconfig/appconfig/kv) | List the keys stored in an app configuration store. |
 
 ## Next steps
 

articles/azure-app-configuration/scripts/cli-export.md

@@ -48,7 +48,7 @@ This script uses the following commands to export an app configuration store. Ea
 
 | Command | Notes |
 |---|---|
-| [az appconfig export](/cli/azure/ext/appconfig/appconfig#ext-appconfig-az-appconfig-export) | Exports from an app configuration store resource. |
+| [az appconfig export](/cli/azure/ext/appconfig/appconfig) | Exports from an app configuration store resource. |
 
 ## Next steps
 

articles/azure-app-configuration/scripts/cli-work-with-keys.md

@@ -66,9 +66,9 @@ This script uses the following commands to operate on key-values in an app confi
 
 | Command | Notes |
 |---|---|
-| [az appconfig kv set](/cli/azure/ext/appconfig/appconfig#ext-appconfig-az-appconfig-kv-set) | Creates or updates a key-value. |
-| [az appconfig kv list](/cli/azure/ext/appconfig/appconfig#ext-appconfig-az-appconfig-kv-list) | Lists key-values in an app configuration store. |
-| [az appconfig kv delete](/cli/azure/ext/appconfig/appconfig#ext-appconfig-az-appconfig-kv-delete) | Deletes a key-value. |
+| [az appconfig kv set](/cli/azure/ext/appconfig/appconfig) | Creates or updates a key-value. |
+| [az appconfig kv list](/cli/azure/ext/appconfig/appconfig) | Lists key-values in an app configuration store. |
+| [az appconfig kv delete](/cli/azure/ext/appconfig/appconfig) | Deletes a key-value. |
 
 ## Next steps
 

articles/azure-monitor/platform/manage-access.md

@@ -148,7 +148,7 @@ To configure the access mode in an Azure Resource Manager template, set the **en
 
 
 ## Manage accounts and users
-The permissions to the workspace that are applied to a particular user are defined by their [access mode](#access-mode) and the [access control mode](#access-control-mode) of the workspace. **Workspace permissions** are applied when a user accesses any workspace using **workspace-centric** in [workspace-centric mode](#access-modes). **Resource permissions** are applied when a user accesses a workspace with **Use resource or workspace permissions** [access control mode](#access-control-mode) using [resource-centric mode](#access-modes).
+The permissions to the workspace that are applied to a particular user are defined by their access mode and the [access control mode](#access-control-mode) of the workspace. **Workspace permissions** are applied when a user accesses any workspace using **workspace-centric** in [workspace-centric mode](#access-modes). **Resource permissions** are applied when a user accesses a workspace with **Use resource or workspace permissions** [access control mode](#access-control-mode) using [resource-centric mode](#access-modes).
 
 ### Workspace permissions
 Each workspace can have multiple accounts associated with it, and each account can have access to multiple workspaces. Access is managed via [Azure role-based access](../../role-based-access-control/role-assignments-portal.md). 

articles/azure-stack/azure-stack-add-new-user-aad.md

@@ -21,7 +21,7 @@ ms.lastreviewed: 09/17/2018
 
 # Add a new Azure Stack tenant account in Azure Active Directory
 
-After [deploying the Azure Stack Development Kit](azure-stack-run-powershell-script.md), you'll need a tenant user account so you can explore the tenant portal and test your offers and plans. You can create a tenant account by [using the Azure portal](#create-an-azure-stack-tenant-account-using-the-azure-portal) or by [using PowerShell](#create-an-azure-stack-tenant-account-using-powershell).
+After [deploying the Azure Stack Development Kit](azure-stack-run-powershell-script.md), you'll need a tenant user account so you can explore the tenant portal and test your offers and plans. You can create a tenant account by [using the Azure portal](#create-an-azure-stack-tenant-account-using-the-azure-portal) or by using PowerShell.
 
 ## Create an Azure Stack tenant account using the Azure portal
 
@@ -81,4 +81,4 @@ If you don't have an Azure subscription, you can't use the Azure portal to add a
 
 ## Next steps
 
-[Add Azure Stack users in AD FS](azure-stack-add-users-adfs.md)
+[Add Azure Stack users in AD FS](azure-stack-add-users-adfs.md)

articles/backup/backup-azure-monitoring-use-azuremonitor.md

@@ -249,7 +249,7 @@ Here the resource is the RS vault itself and hence you need to repeat the same a
 
 ***All alerts created from activity logs and LA workspaces can be viewed in Azure Monitor in the 'Alerts' pane to the left.***
 
-While the notification via Activity logs can be used, ***Azure Backup service highly recommends to [use LA for monitoring at scale](#monitoring-at-scale) and NOT activity logs for the following reasons***.
+While the notification via Activity logs can be used, ***Azure Backup service highly recommends to use LA for monitoring at scale and NOT activity logs for the following reasons***.
 
 - **Limited Scenarios:** Applicable only for Azure VM backups and should be repeated for every RS vault.
 - **Definition fit:** The scheduled backup activity doesn't fit with the latest definition of activity logs and aligns with [diagnostic logs](https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-logs-overview#what-are-azure-monitor-diagnostic-logs). This lead to unexpected impact when the data pumping via activity log channel is changed as pointed below.
@@ -259,4 +259,4 @@ Hence it is highly recommended to use Log Analytic workspace for monitoring and
 
 ## Next steps
 
-- Refer to [Log analytics data model](backup-azure-log-analytics-data-model.md) to create custom queries.
+- Refer to [Log analytics data model](backup-azure-log-analytics-data-model.md) to create custom queries.

articles/cognitive-services/LUIS/luis-concept-patterns.md

@@ -56,7 +56,7 @@ Entities in patterns are surrounded by curly brackets, `{}`. Patterns can includ
 
 Pattern syntax supports the following syntax:
 
-|Function|Syntax|[Nesting level](#nesting-syntax)|Example|
+|Function|Syntax|Nesting level|Example|
 |--|--|--|--|
 |entity| {} - curly brackets|2|Where is form {entity-name}?|
 |optional|[] - square brackets<BR><BR>There is a limit of 3 on nesting levels of any combination of optional and grouping |2|The question mark is optional [?]|

articles/hdinsight/hadoop/apache-hadoop-visual-studio-tools-get-started.md

@@ -107,7 +107,7 @@ After opening a container, you can use the following buttons to upload, delete,
 ## Run interactive Apache Hive queries
 [Apache Hive](https://hive.apache.org) is a data warehouse infrastructure that's built on Hadoop. Hive is used for data summarization, queries, and analysis. You can use Data Lake Tools for Visual Studio to run Hive queries from Visual Studio. For more information about Hive, see [Use Apache Hive with HDInsight](hdinsight-use-hive.md).
 
-[Interactive Query](../interactive-query/apache-interactive-query-get-started.md) uses [Hive on LLAP](https://cwiki.apache.org/confluence/display/Hive/LLAP) in Apache Hive 2.1. Interactive Query brings interactivity to complex data warehouse-style queries on large, stored datasets. Running Hive queries on Interactive Query is much faster compared to traditional Hive batch jobs. For more information, see [Run Apache Hive batch jobs](#run-hive-batch-jobs).
+[Interactive Query](../interactive-query/apache-interactive-query-get-started.md) uses [Hive on LLAP](https://cwiki.apache.org/confluence/display/Hive/LLAP) in Apache Hive 2.1. Interactive Query brings interactivity to complex data warehouse-style queries on large, stored datasets. Running Hive queries on Interactive Query is much faster compared to traditional Hive batch jobs. For more information, see Run Apache Hive batch jobs.
 
 > [!NOTE]  
 > You can run interactive Hive queries only when you connect to an [HDInsight Interactive Query](../interactive-query/apache-interactive-query-get-started.md) cluster.