Merge pull request #18943 from MicrosoftDocs/autoheal-0-20251015055113

aditisrivastava07 · web-flow · commit 7758997abbf5 · 2025-10-15T21:03:57.000+05:30
[Validation Auto Healing] [Merge by 2025-10-20]
diff --git a/intune/configmgr/develop/adminservice/faq.yml b/intune/configmgr/develop/adminservice/faq.yml
@@ -52,12 +52,12 @@ sections:
           
           - Control access to the web service with the certificate trust. If a device doesn't trust the certificate chain, a user on that device can't query the administration service.
           
-          - Add additional security layers. For example, [Azure App Proxy](/azure/active-directory/manage-apps/application-proxy).
+          - Add additional security layers. For example, [Azure App Proxy](/entra/identity/app-proxy/).
           
       - question: |
           Can I use it with Conditional Access?
         answer: |
-          Yes, and that configuration is easiest if you use [Azure App Proxy](/azure/active-directory/manage-apps/application-proxy).
+          Yes, and that configuration is easiest if you use [Azure App Proxy](/entra/identity/app-proxy/).
           
   - name: Miscellaneous
     questions:
diff --git a/intune/configmgr/protect/deploy-use/introduction-to-certificate-profiles.md b/intune/configmgr/protect/deploy-use/introduction-to-certificate-profiles.md
@@ -59,7 +59,7 @@ There are three types of certificate profiles:
 
 ## Requirements
 
-To deploy certificate profiles that use SCEP, install the certificate registration point on a site system server. Also install a policy module for NDES, the Configuration Manager Policy Module, on a server that runs Windows Server 2012 R2 or later. This server requires the Active Directory Certificate Services role. It also requires a working NDES that's accessible to the devices that require the certificates. If your devices need to enroll for certificates from the internet, then your NDES server must be accessible from the internet. For example, to safely enable traffic to the NDES server from the internet, you can use [Azure Application Proxy](/azure/active-directory/manage-apps/application-proxy).
+To deploy certificate profiles that use SCEP, install the certificate registration point on a site system server. Also install a policy module for NDES, the Configuration Manager Policy Module, on a server that runs Windows Server 2012 R2 or later. This server requires the Active Directory Certificate Services role. It also requires a working NDES that's accessible to the devices that require the certificates. If your devices need to enroll for certificates from the internet, then your NDES server must be accessible from the internet. For example, to safely enable traffic to the NDES server from the internet, you can use [Azure Application Proxy](/entra/identity/app-proxy/).
 
 PFX certificates also require a certificate registration point. Also specify the certificate authority (CA) for the certificate and the relevant access credentials. You can specify either Microsoft or Entrust as certificate authorities.
 
diff --git a/intune/intune-service/apps/manage-microsoft-edge.md b/intune/intune-service/apps/manage-microsoft-edge.md
@@ -662,7 +662,7 @@ You can use Microsoft Edge for iOS and Android and [Microsoft Entra application
 Before you start:
 
 - Set up your internal applications through Microsoft Entra application proxy.
-  - To configure Application Proxy and publish applications, see the [setup documentation](/azure/active-directory/manage-apps/application-proxy).
+  - To configure Application Proxy and publish applications, see the [setup documentation](/entra/identity/app-proxy/).
   - Ensure that the user is assigned to the Microsoft Entra application proxy app, even if the app is configured with Passthrough preauthentication type.
 - The Microsoft Edge for iOS and Android app must have an [Intune app protection policy](app-protection-policy.md) assigned.
 - Microsoft apps must have an app protection policy that has **Restrict web content transfer with other apps** data transfer setting set to **Microsoft Edge**.
diff --git a/intune/intune-service/protect/conditional-access-intune-common-ways-use.md b/intune/intune-service/protect/conditional-access-intune-common-ways-use.md
@@ -24,7 +24,7 @@ The information in this article can help you understand how to use the Intune mo
 
 ## Device-based Conditional Access
 
-Intune and Microsoft Entra ID work together to make sure only managed and compliant devices can access your organization's email, Microsoft 365 services, Software as a service (SaaS) apps, and [on-premises apps](/azure/active-directory/active-directory-application-proxy-get-started). Additionally, you can set a policy in Microsoft Entra ID to only enable domain-joined computers or mobile devices that are enrolled in Intune to access Microsoft 365 services.
+Intune and Microsoft Entra ID work together to make sure only managed and compliant devices can access your organization's email, Microsoft 365 services, Software as a service (SaaS) apps, and [on-premises apps](/entra/identity/app-proxy/). Additionally, you can set a policy in Microsoft Entra ID to only enable domain-joined computers or mobile devices that are enrolled in Intune to access Microsoft 365 services.
 
 With Intune, you deploy device compliance policies to determine if a device meets your expected configuration and security requirements. The compliance policy evaluation determines the device's compliance status, which is reported to both Intune and Microsoft Entra ID. It's in Microsoft Entra ID that Conditional Access policies can use a device's compliance status to make decisions on whether to allow or block access to your organization's resources from that device.
 
