dotnet
diff --git a/‎docfx.json
-4 b/‎docfx.json
-4
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/api-gateways/gateway-patterns.md
-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/api-gateways/gateway-patterns.md
-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/architecting-distributed-cloud-native-applications/different-distributed-architectures.md
-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/architecting-distributed-cloud-native-applications/different-distributed-architectures.md
-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/architecting-distributed-cloud-native-applications/why-choose-distributed-architecture.md
+1-2 b/‎docs/architecture/distributed-cloud-native-apps-containers/architecting-distributed-cloud-native-applications/why-choose-distributed-architecture.md
+1-2
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/azure-entra.md
+1-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/azure-entra.md
+1-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/azure-security.md
+9-9 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/azure-security.md
+9-9
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/identity-server.md
+1-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/identity-server.md
+1-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/identity.md
+1-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-identity/identity.md
+1-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/application-resiliency-patterns.md
-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/application-resiliency-patterns.md
-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/cloud-infrastructure-resiliency-azure.md
-1 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/cloud-infrastructure-resiliency-azure.md
-1
diff --git a/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/cloud-native-resiliency.md
+3-4 b/‎docs/architecture/distributed-cloud-native-apps-containers/cloud-native-resiliency/cloud-native-resiliency.md
+3-4
@@ -312,8 +312,6 @@
                 "docs/azure/**/*.*": "alexwolfmsft",
                 "docs/orleans/**/*.*": "IEvangelist",
                 "docs/architecture/**/**.md": "jamesmontemagno",
-                "docs/architecture/grpc-for-wcf-developers/**/**.md": "JamesNK",
-                "docs/architecture/modernize-desktop/**/**.md": "OliaG",
                 "docs/core/**/**.md": "gewarren",
                 "docs/core/compatibility/**/**.md": "gewarren",
                 "docs/core/deploying/**/**.md": "adegeo",
@@ -401,8 +399,6 @@
                 "_vblang/spec/*.md": "wiwagn",
                 "docs/ai/**/*.*": "alexwolf",
                 "docs/architecture/**/**.md": "jamont",
-                "docs/architecture/grpc-for-wcf-developers/**/**.md": "jamesnk",
-                "docs/architecture/modernize-desktop/**/**.md": "oliag",
                 "docs/azure/**/*.*": "alexwolf",
                 "docs/orleans/**/*.*": "dapine",
                 "docs/core/**/**.md": "dotnetcontent",
 
@@ -1,7 +1,6 @@
 ---
 title: Gateway patterns
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Gateway patterns
-author: 
 ms.date: 04/25/2024
 ---
 
 
@@ -1,7 +1,6 @@
 ---
 title: Different ways to architect distributed applications
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Different ways to architect distributed applications
-author: 
 ms.date: 04/06/2022
 ---
 
 
@@ -1,7 +1,6 @@
 ---
 title: Architecting distributed cloud-native applications
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Architecting distributed cloud-native applications
-author: 
 ms.date: 04/06/2022
 ---
 
@@ -32,5 +31,5 @@ Every application has its own unique requirements, but there are some common pat
 In the rest of this book we'll be focusing specifically on how to design and build distributed cloud-native applications using a microservices based architecture. You'll see how the features built into .NET are designed to help you build and deploy microservices, and how to use containers to package and deploy your services successfully.
 
 >[!div class="step-by-step"]
->[Previous](../introduction-dot-net-aspire/observability-and-dashboard.md)
+>[Previous](../introduction-dotnet-aspire/observability-and-dashboard.md)
 >[Next](different-distributed-architectures.md)
@@ -14,7 +14,7 @@ Microsoft Entra ID also helps customers access internal resources such as apps o
 
 ## References
 
-- [What is Microsoft Entra ID?](https://learn.microsoft.com/en-us/entra/fundamentals/whatis)
+- [What is Microsoft Entra ID?](/entra/fundamentals/whatis)
 
 >[!div class="step-by-step"]
 >[Previous](authentication-authorization.md)
 
@@ -21,7 +21,7 @@ No matter if the advantages outweigh the disadvantages of cloud-native applicati
 - Who should have access to this data?
 - Are there auditing policies in place around the development and release process?
 
-All these questions are part of a process called [Introduction to threat modeling](https://learn.microsoft.com/training/modules/tm-introduction-to-threat-modeling/). This process tries to answer the question of what threats there are to the system, how likely the threats are, and the potential damage from them.
+All these questions are part of a process called [Introduction to threat modeling](/training/modules/tm-introduction-to-threat-modeling/). This process tries to answer the question of what threats there are to the system, how likely the threats are, and the potential damage from them.
 
 Once the list of threats has been established, you need to decide whether they're worth mitigating. Sometimes a threat is so unlikely and expensive to plan for that it isn't worth spending energy on it. For instance, some state level actor could inject changes into the design of a process that is used by millions of devices. Now, instead of running a certain piece of code in [Ring 3](https://en.wikipedia.org/wiki/Protection_ring), that code is run in Ring 0. This process allows an exploit that can bypass the hypervisor and run the attack code on the bare metal machines, allowing attacks on all the virtual machines that are running on that hardware.
 
@@ -63,7 +63,7 @@ This scenario is a perfect example of a seemingly low-value target that can be u
 
 .NET Framework is designed to be secure. It avoids some of the pitfalls of unmanaged code, such as walking off the ends of arrays. Work is actively done to fix security holes as they're discovered. There's even a [bug bounty program](https://www.microsoft.com/msrc/bounty) that pays researchers to find issues in the framework and report them instead of exploiting them.
 
-There are many ways to make .NET code more secure. Following guidelines such as the [Secure coding guidelines for .NET](https://learn.microsoft.com/dotnet/standard/security/secure-coding-guidelines) article is a reasonable step to take to ensure that the code is secure from the ground up. The [OWASP top 10](https://owasp.org/www-project-top-ten/) is another invaluable guide to build secure code.
+There are many ways to make .NET code more secure. Following guidelines such as the [Secure coding guidelines for .NET](/dotnet/standard/security/secure-coding-guidelines) article is a reasonable step to take to ensure that the code is secure from the ground up. The [OWASP top 10](https://owasp.org/www-project-top-ten/) is another invaluable guide to build secure code.
 
 The build process is a good place to put scanning tools to detect problems in source code before they make it into production. Every project has dependencies on some other packages. A tool that can scan for outdated packages will catch problems in a nightly build. Even when building Docker images, it's useful to check and make sure that the base image doesn't have known vulnerabilities. Another thing to check is that nobody has accidentally checked in credentials.
 
@@ -91,11 +91,11 @@ With the network established, internal resources like storage accounts can be se
 
 The nodes in an Azure Kubernetes cluster can participate in a virtual network just like other resources that are more native to Azure. This functionality is called [Azure Container Networking Interface](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md). In effect, it allocates a subnet within the virtual network on which virtual machines and container images are allocated.
 
-Continuing down the path of illustrating the principle of least privilege, not every resource within a virtual network needs to talk to every other resource. For instance, in an application that provides a web API over a storage account and a SQL database, it's unlikely that the database and the storage account need to talk to one another. Any data sharing between them would go through the web application. So, a [network security group (NSG)](https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview) could be used to deny traffic between the two services.
+Continuing down the path of illustrating the principle of least privilege, not every resource within a virtual network needs to talk to every other resource. For instance, in an application that provides a web API over a storage account and a SQL database, it's unlikely that the database and the storage account need to talk to one another. Any data sharing between them would go through the web application. So, a [network security group (NSG)](/azure/virtual-network/network-security-groups-overview) could be used to deny traffic between the two services.
 
-A policy of denying communication between resources can be annoying to implement, especially coming from a background of using Azure without traffic restrictions. On some other clouds, the concept of network security groups is much more prevalent. For instance, the default policy on AWS is that resources can't communicate among themselves until enabled by rules in an NSG. While slower to develop this, a more restrictive environment provides a more secure default. Making use of proper DevOps practices, especially using [Bicep or Terraform](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/infrastructure-as-code) to manage permissions can make controlling the rules easier.
+A policy of denying communication between resources can be annoying to implement, especially coming from a background of using Azure without traffic restrictions. On some other clouds, the concept of network security groups is much more prevalent. For instance, the default policy on AWS is that resources can't communicate among themselves until enabled by rules in an NSG. While slower to develop this, a more restrictive environment provides a more secure default. Making use of proper DevOps practices, especially using [Bicep or Terraform](/azure/cloud-adoption-framework/ready/considerations/infrastructure-as-code) to manage permissions can make controlling the rules easier.
 
-Virtual networks can also be useful when setting up communication between on-premises and cloud resources. A virtual private network can be used to attach the two networks together seamlessly. This approach allows running a virtual network without any sort of gateway for scenarios where all the users are on-site. There are a number of technologies that can be used to establish this network. The simplest is to use a [site-to-site VPN](https://learn.microsoft.com/azure/vpn-gateway/tutorial-site-to-site-portal) that can be established between many routers and Azure. Traffic is encrypted and tunneled over the Internet at the same cost per byte as any other traffic. For scenarios where more bandwidth or more security is desirable, Azure offers a service called [Express Route](https://learn.microsoft.com/azure/expressroute/expressroute-introduction) that uses a private circuit between an on-premises network and Azure. It's more costly and difficult to establish but also more secure.
+Virtual networks can also be useful when setting up communication between on-premises and cloud resources. A virtual private network can be used to attach the two networks together seamlessly. This approach allows running a virtual network without any sort of gateway for scenarios where all the users are on-site. There are a number of technologies that can be used to establish this network. The simplest is to use a [site-to-site VPN](/azure/vpn-gateway/tutorial-site-to-site-portal) that can be established between many routers and Azure. Traffic is encrypted and tunneled over the Internet at the same cost per byte as any other traffic. For scenarios where more bandwidth or more security is desirable, Azure offers a service called [Express Route](/azure/expressroute/expressroute-introduction) that uses a private circuit between an on-premises network and Azure. It's more costly and difficult to establish but also more secure.
 
 ## Role-Based Access Control (RBAC) for restricting access to Azure resources
 
@@ -126,7 +126,7 @@ A security principal can take on many roles or, using a more sartorial analogy,
 
 Built into Azure are also a number of high-level roles such as **Owner**, **Contributor**, **Reader**, and **User Account Administrator**. With the Owner role, a security principal can access all resources and assign permissions to others. A Contributor has the same level of access to all resources but they can't assign permissions. A Reader can only view existing Azure resources and a User Account Administrator can manage access to Azure resources.
 
-More granular built-in roles such as [DNS Zone Contributor](https://learn.microsoft.com/azure/dns/dns-protect-zones-recordsets#azure-role-based-access-control) have rights limited to a single service. Security principals can take on any number of roles.
+More granular built-in roles such as [DNS Zone Contributor](/azure/dns/dns-protect-zones-recordsets#azure-role-based-access-control) have rights limited to a single service. Security principals can take on any number of roles.
 
 ### Scopes
 
@@ -234,15 +234,15 @@ In any application, there are a number of places where data rests on the disk. T
 
 The underpinning of much of Azure is the Azure Storage engine. Virtual machine disks are mounted on top of Azure Storage. Azure Kubernetes Service runs on virtual machines that, themselves, are hosted on Azure Storage. Even serverless technologies, such as Azure Functions Apps and Azure Container Instances, run off a disk that is part of Azure Storage.
 
-If Azure Storage is well encrypted, then it provides a foundation for everything else to also be encrypted. Azure Storage [is encrypted](https://learn.microsoft.com/azure/storage/common/storage-service-encryption) with [FIPS 140-2](https://en.wikipedia.org/wiki/FIPS_140) compliant [256-bit AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). This is a well-regarded encryption technology, having been the subject of extensive academic scrutiny over the last 20 or so years. At present, there's no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES.
+If Azure Storage is well encrypted, then it provides a foundation for everything else to also be encrypted. Azure Storage [is encrypted](/azure/storage/common/storage-service-encryption) with [FIPS 140-2](https://en.wikipedia.org/wiki/FIPS_140) compliant [256-bit AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). This is a well-regarded encryption technology, having been the subject of extensive academic scrutiny over the last 20 or so years. At present, there's no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES.
 
-By default, the keys used for encrypting Azure Storage are managed by Microsoft. There are extensive protections in place to prevent malicious access to these keys. However, users with particular encryption requirements can also [provide their own storage keys](https://learn.microsoft.com/azure/storage/common/customer-managed-keys-overview) that are managed in Azure Key Vault. These keys can be revoked at any time, which would effectively render the contents of the Storage account inaccessible.
+By default, the keys used for encrypting Azure Storage are managed by Microsoft. There are extensive protections in place to prevent malicious access to these keys. However, users with particular encryption requirements can also [provide their own storage keys](/azure/storage/common/customer-managed-keys-overview) that are managed in Azure Key Vault. These keys can be revoked at any time, which would effectively render the contents of the Storage account inaccessible.
 
 Virtual machines use encrypted storage, but it's possible to provide another layer of encryption by using technologies like BitLocker on Windows or DM-Crypt on Linux. These technologies mean that even if the disk image was leaked, it would remain nearly impossible to read it.
 
 ### Azure SQL
 
-Databases hosted on Azure SQL use a technology called [Transparent Data Encryption (TDE)](https://learn.microsoft.com/sql/relational-databases/security/encryption/transparent-data-encryption) to ensure data remains encrypted. It's enabled by default on all newly created SQL databases, but must be enabled manually for legacy databases. TDE executes real-time encryption and decryption of not just the database, but also the backups and transaction logs.
+Databases hosted on Azure SQL use a technology called [Transparent Data Encryption (TDE)](/sql/relational-databases/security/encryption/transparent-data-encryption) to ensure data remains encrypted. It's enabled by default on all newly created SQL databases, but must be enabled manually for legacy databases. TDE executes real-time encryption and decryption of not just the database, but also the backups and transaction logs.
 
 The encryption parameters are stored in the `master` database and, on startup, are read into memory for the remaining operations. This means that the `master` database must remain unencrypted. The actual key is managed by Microsoft. However, users with exacting security requirements may provide their own key in Key Vault in much the same way as is done for Azure Storage. The Key Vault provides for such services as key rotation and revocation.
 
 
@@ -102,7 +102,7 @@ Many cloud-native applications use server-side APIs and rich client single page
 ## References
 
 - [IdentityServer documentation](https://docs.duendesoftware.com/identityserver/v7/)
-- [Application types](https://learn.microsoft.com/en-gb/entra/identity-platform/v2-app-types)
+- [Application types](/en-gb/entra/identity-platform/v2-app-types)
 - [JavaScript OIDC client](https://docs.duendesoftware.com/identityserver/v7/quickstarts/js_clients/)
 
 >[!div class="step-by-step"]
 
@@ -20,7 +20,7 @@ Typically, the STS is only responsible for authenticating the principal. Determi
 
 ## References
 
-- [What is the Microsoft identity platform?](https://learn.microsoft.com/en-us/entra/identity-platform/v2-overview)
+- [What is the Microsoft identity platform?](/entra/identity-platform/v2-overview)
 
 >[!div class="step-by-step"]
 >[Previous](cloud-native-security.md)
 
@@ -1,7 +1,6 @@
 ---
 title: Application resiliency patterns
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Application resiliency patterns
-author: 
 ms.date: 04/17/2024
 ---
 
 
@@ -1,7 +1,6 @@
 ---
 title: Cloud infrastructure resiliency with Azure
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Cloud infrastructure resiliency with Azure
-author: 
 ms.date: 04/06/2022
 ---
 
 
@@ -1,13 +1,12 @@
 ---
 title: Cloud-native resiliency
 description: Architecture for Distributed Cloud-Native Apps with .NET Aspire & Containers | Cloud-native resiliency
-author: 
-ms.date: 17/04/2024
+ms.date: 09/30/2024
 ---
 
 [!INCLUDE [download-alert](../includes/download-alert.md)]
 
-Your cloud-native applications must embrace the partial failures that will inevitably occur. You apps should continue working when limited failures occur and recover quickly from more serious events. In cloud-native applications, where there are multiple microservices and backing services running in different containers and potentially in different locations, failures can be more common, even if you're using platforms with robust Service Level Aggreements (SLAs).
+Your cloud-native applications must embrace the partial failures that will inevitably occur. You apps should continue working when limited failures occur and recover quickly from more serious events. In cloud-native applications, where there are multiple microservices and backing services running in different containers and potentially in different locations, failures can be more common, even if you're using platforms with robust Service Level Agreements (SLAs).
 
 Resiliency is the ability of your system to react to failure and still remain functional. It's not about avoiding failure, but accepting failure and constructing your cloud-native services to recover from them. You want to return to a fully functioning state as quickly as possible.
 
@@ -38,5 +37,5 @@ Cloud platforms can detect and mitigate many of these infrastructure issues. The
 In the following sections, we'll explore defensive techniques that your service and managed cloud resources can use to minimize downtime and disruption caused by these challenges.
 
 >[!div class="step-by-step"]
->[Previous](../chpt8-data-patterns/distributed-data.md)
+>[Previous](../data-patterns/distributed-data.md)
 >[Next](application-resiliency-patterns.md)