Fix links

.vscode/settings.json

@@ -6,7 +6,6 @@
         "remediate",
         "unmonitored"
     ],
-    "workbench.colorTheme": "Tomorrow Night Blue",
     "markdownlint.config": {
         "MD028": false,
         "MD025": {

ATADocs/ATA-versions.md

@@ -27,14 +27,14 @@ ms.suite: ems
 
 [!INCLUDE [Banner for top of topics](includes/banner.md)]
 
-Microsoft ATA support is defined by the Microsoft Lifecycle Policy for [ATA 1.x](https://support.microsoft.com/lifecycle/search?alpha=Advanced%20Threat%20Analytics%201.X), with mainstream support ending on January 12, 2021.
+Microsoft ATA support is defined by the Microsoft Lifecycle Policy for [ATA 1.x](/lifecycle/products/?alpha=Advanced%20Threat%20Analytics%201.X), with mainstream support ending on January 12, 2021.
 
 ATA updates are supported for 12 months from their general availability (GA) release date, or 6 months after a newer update is available.
 
 > [!NOTE]
 > **Support lifecycle**
 >
-> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/microsoft-security-and/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
+> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
 
 ## Version History
 

ATADocs/ata-database-management.md

@@ -33,11 +33,11 @@ If you need to move, backup or restore the ATA database, use these procedures fo
 
 ## Backing up the ATA database
 
-Refer to the [relevant MongoDB documentation](https://docs.mongodb.org/manual/administration/backup/).
+Refer to the [relevant MongoDB documentation](https://www.mongodb.com/docs/manual/core/backups/).
 
 ## Restoring the ATA database
 
-Refer to the [relevant MongoDB documentation](https://docs.mongodb.org/manual/administration/backup/).
+Refer to the [relevant MongoDB documentation](https://www.mongodb.com/docs/manual/core/backups/).
 
 ## Moving the ATA database to another drive
 

ATADocs/ata-privacy-compliance.md

@@ -93,4 +93,4 @@ To disable data collection:
 
 ## Additional resources
 
-- For information about ATA trust and compliance, see the [Service Trust portal](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted) and the [Microsoft 365 Enterprise GDPR Compliance site](/microsoft-365/compliance/gdpr).
+- For information about ATA trust and compliance, see the [Service Trust portal](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted) and the [Microsoft 365 Enterprise GDPR Compliance site](/compliance/regulatory/gdpr).

ATADocs/ata-update-1.5-migration-guide.md

@@ -71,7 +71,7 @@ Follow these steps to update to ATA version 1.5:
 
     - If the ATA Center is running as a virtual machine and you want to take a checkpoint, shut down the virtual machine first.
 
-    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://docs.mongodb.org/manual/core/backups/).
+    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://www.mongodb.com/docs/manual/core/backups/).
 
 1. Run the update file, Microsoft ATA Center Update.exe, and follow the instructions on the screen to install the update.
 

ATADocs/ata-update-1.6-migration-guide.md

@@ -74,7 +74,7 @@ In this version of, the same installation file (Microsoft ATA Center Setup.exe)
 
     - If the ATA Center is running as a virtual machine and you want to take a checkpoint, shut down the virtual machine first.
 
-    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://docs.mongodb.org/manual/core/backups/).
+    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://www.mongodb.com/docs/manual/core/backups/).
 
 1. Run the installation file, Microsoft ATA Center Setup.exe, and follow the instructions on the screen to install the update.
 

ATADocs/ata-update-1.7-migration-guide.md

@@ -62,7 +62,7 @@ In this version of, the same installation file (Microsoft ATA Center Setup.exe)
 
     - If the ATA Center is running as a virtual machine and you want to take a checkpoint, shut down the virtual machine first.
 
-    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://docs.mongodb.org/manual/core/backups/).
+    - If the ATA Center is running on a physical server, follow the recommended procedure to [back up MongoDB](https://www.mongodb.com/docs/manual/core/backups/).
 
 1. Run the installation file, **Microsoft ATA Center Setup.exe**, and follow the instructions on the screen to install the update.
 

ATADocs/configure-event-collection.md

@@ -59,7 +59,7 @@ After adding the **Network Service** to the **Event Log Readers** group, reboot
 1. From a command prompt type *gpedit.msc*.
 1. Expand **Computer Configuration > Administrative Templates > Windows Components > Event Forwarding**
 
-    ![Local policy group editor image.](media/wef%201%20local%20group%20policy%20editor.png)
+    ![Local policy group editor image.](media/wef-1-local-group-policy-editor.png)
 
 1. Double-click **Configure target Subscription Manager**.
 
@@ -70,7 +70,7 @@ After adding the **Network Service** to the **Event Log Readers** group, reboot
 
         *(For example: Server=`http://atagateway9.contoso.com:5985/wsman/SubscriptionManager/WEC,Refresh=10`)*
 
-        ![Configure target subscription image.](media/wef%202%20config%20target%20sub%20manager.png)
+        ![Configure target subscription image.](media/wef-2-config-target-sub-manager.png)
 
    4.  Click **OK**.
    5.  From an elevated command prompt type *gpupdate /force*. 
@@ -86,20 +86,20 @@ After adding the **Network Service** to the **Event Log Readers** group, reboot
     3. Select **Source computer initiated** and click **Select Computers Groups**.
         1. Click **Add Domain Computer**.
         2. Enter the name of the domain controller in the **Enter the object name to select** field. Then click **Check Names** and click **OK**.  
-          ![Event Viewer image.](media/wef3%20event%20viewer.png)  
+          ![Event Viewer image.](media/wef-3-event-viewer.png)  
         3. Click **OK**.
     4. Click **Select Events**.
         1. Click **By log** and select **Security**.
         2. In the **Includes/Excludes Event ID** field type the event number and click **OK**. For example, type 4776, like in the following sample.
 
-        ![Query filter image.](media/wef%204%20query%20filter.png)
+        ![Query filter image.](media/wef-4-query-filter.png)
 
-    5. Right-click the created subscription and select **Runtime Status** to see if there are any issues with the status. 
+    5. Right-click the created subscription and select **Runtime Status** to see if there are any issues with the status.
     6. After a few minutes, check to see that the events you set to be forwarded is showing up in the Forwarded Events on the ATA Gateway.
 
 
 For more information, see: [Configure the computers to forward and collect events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11))
 
 ## See Also
 - [Install ATA](install-ata-step1.md)
-- [Check out the ATA forum!](https://social.technet.microsoft.com/Forums/security/home?forum=mata)
+- [Check out the ATA forum!](https://social.technet.microsoft.com/Forums/security/home?forum=mata)

ATADocs/install-ata-step1.md

@@ -32,7 +32,7 @@ ms.suite: ems
 > [!NOTE]
 > **Support lifecycle**
 >
-> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/microsoft-security-and/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
+> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
 
 > [!div class="step-by-step"]
 > [Step 2 »](install-ata-step2.md)
@@ -51,7 +51,7 @@ After you have verified that the server meets the requirements, you can proceed
 
 Perform the following steps on the ATA Center server.
 
-1. Download ATA from the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx) or from the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/) or from [MSDN](/powerapps/developer/common-data-service/org-service/subscribe-sdk-assembly-updates-using-nuget).
+1. Download ATA from the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx) or from the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/) or from [MSDN](/power-apps/developer/data-platform/org-service/subscribe-sdk-assembly-updates-using-nuget).
 
 1. Log in to the computer on to which you are installing the ATA Center as a user who is a member of the local administrators group.
 

ATADocs/install-ata-step6.md

@@ -144,7 +144,7 @@ Error Code: 0x0
 
 #### QRadar
 
-QRadar enables event collection via an agent. If the data is gathered using an agent, the time format is gathered without millisecond data. Because ATA necessitates millisecond data, it is necessary to set QRadar to use agentless Windows event collection. For more information, see [https://www-01.ibm.com/support/docview.wss?uid=swg21700170](https://www-01.ibm.com/support/docview.wss?uid=swg21700170 "QRadar: Agentless Windows Events Collection using the MSRPC Protocol").
+QRadar enables event collection via an agent. If the data is gathered using an agent, the time format is gathered without millisecond data. Because ATA necessitates millisecond data, it is necessary to set QRadar to use agentless Windows event collection. For more information, see [https://www-01.ibm.com/support/docview.wss?uid=swg21700170](https://www.ibm.com/support/pages/qradar-agentless-windows-events-collection-using-msrpc-protocol-msrpc-faq "QRadar: Agentless Windows Events Collection using the MSRPC Protocol").
 
 ```
 <13>Feb 11 00:00:00 %IPADDRESS% AgentDevice=WindowsLog AgentLogFile=Security Source=Microsoft-Windows-Security-Auditing Computer=%FQDN% User= Domain= EventID=4776 EventIDCode=4776 EventType=8 EventCategory=14336 RecordNumber=1961417 TimeGenerated=1456144380009 TimeWritten=1456144380009 Message=The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: Administrator Source Workstation: HOSTNAME Error Code: 0x0
@@ -178,4 +178,4 @@ Make sure to have \t between the key=value pairs.
 - [ATA sizing tool](https://aka.ms/atasizingtool)
 - [Check out the ATA forum!](https://social.technet.microsoft.com/Forums/security/home?forum=mata)
 - [Configure event collection](configure-event-collection.md)
-- [ATA prerequisites](ata-prerequisites.md)
+- [ATA prerequisites](ata-prerequisites.md)

ATADocs/install-ata-step7.md

@@ -65,7 +65,7 @@ Check the attack time line to view detected suspicious activities and search for
 
 ATA starts scanning for suspicious activities immediately. Some activities, such as some of the suspicious behavior activities, is not available until ATA has had time to build behavioral profiles (minimum of three weeks).
 
-To check that ATA is up and running and catching breaches in your network, you can check out the [ATA attack simulation playbook](/enterprise-mobility-security/solutions/ata-attack-simulation-playbook).
+To check that ATA is up and running and catching breaches in your network, you can check out the [ATA attack simulation playbook](/samples/browse/?redirectedfrom=TechNet-Gallery).
 
 > [!div class="step-by-step"]
 > [« Step 7](vpn-integration-install-step.md)
@@ -77,4 +77,4 @@ To check that ATA is up and running and catching breaches in your network, you c
 - [ATA sizing tool](https://aka.ms/atasizingtool)
 - [Check out the ATA forum!](https://social.technet.microsoft.com/Forums/security/home?forum=mata)
 - [Configure event collection](configure-event-collection.md)
-- [ATA prerequisites](ata-prerequisites.md)
+- [ATA prerequisites](ata-prerequisites.md)

ATADocs/suspicious-activity-guide.md

@@ -427,7 +427,7 @@ Attackers who compromise administrative credentials or use a zero-day exploit ca
 
 1. Restrict remote access to domain controllers from non-Tier 0 machines.
 
-1. Implement [privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access) to allow only hardened machines to connect to domain controllers for admins.
+1. Implement [privileged access](/security/compass/overview) to allow only hardened machines to connect to domain controllers for admins.
 
 ## Sensitive account credentials exposed & Services exposing account credentials
 
@@ -468,7 +468,7 @@ In this detection, an alert is triggered when many authentication failures using
 
 **Remediation**
 
-[Complex and long passwords](/windows/device-security/security-policy-settings/password-policy) provide the necessary first level of security against brute-force attacks.
+[Complex and long passwords](/windows/security/threat-protection/security-policy-settings/password-policy) provide the necessary first level of security against brute-force attacks.
 
 ## Suspicious service creation <a name="suspicious-service-creation"></a>
 
@@ -537,7 +537,7 @@ To determine whether the activity is a WannaCry attack, perform the following st
 
 Apply the latest patches to all of your machines, and check all security updates are applied.
 
-1. [Disable SMBv1](https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/)
+1. [Disable SMBv1](https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858)
 
 1. [Remove WannaCry](https://support.microsoft.com/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo)
 

ATADocs/troubleshooting-ata-known-errors.md

@@ -56,7 +56,7 @@ This section details possible errors in the deployments of ATA and the steps req
 > |System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required|The ATA Gateway communication with the ATA Center is being disrupted by a proxy server.|Disable the proxy on the ATA Gateway machine. <br></br>Note that proxy settings may be per-account.|
 > |System.IO.DirectoryNotFoundException: The system cannot find the path specified. (Exception from HRESULT: 0x80070003)|One or more of the services needed to operate ATA did not start.|Start the following services: <br></br>Performance Logs and Alerts (PLA), Task Scheduler (Schedule).|
 > |System.Net.WebException: The remote server returned an error: (403) Forbidden|The ATA Gateway or Lightweight Gateway was forbidden from establishing an HTTP connection because the ATA Center is not trusted.|Add the NetBIOS name and FQDN of the ATA Center to the trusted websites list and clear the cache on Internet Explorer (or the name of the ATA Center as specified in the configuration if the configured is different than the NetBIOS/FQDN).|
-> |System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=StopNetEventSessionRequest]|The ATA Gateway or ATA Lightweight Gateway can't stop and start the ETW session that collects network traffic due to a WMI issue|Follow the instructions in [WMI: Rebuilding the WMI Repository](https://blogs.technet.microsoft.com/askperf/2009/04/13/wmi-rebuilding-the-wmi-repository/) to fix the WMI issue|
+> |System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=StopNetEventSessionRequest]|The ATA Gateway or ATA Lightweight Gateway can't stop and start the ETW session that collects network traffic due to a WMI issue|Follow the instructions in [WMI: Rebuilding the WMI Repository](https://techcommunity.microsoft.com/t5/ask-the-performance-team/bg-p/AskPerf) to fix the WMI issue|
 > |System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions|Another application is using port 514 on the ATA Gateway|Use `netstat -o` to establish which process is using that port.|
 
 ## Deployment errors

ATADocs/what-is-ata.md

@@ -34,7 +34,7 @@ Advanced Threat Analytics (ATA) is an on-premises platform that helps protect yo
 > [!NOTE]
 > **Support lifecycle**
 >
-> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/microsoft-security-and/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
+> The final release of ATA is [generally available](https://support.microsoft.com/help/4568997/update-3-for-microsoft-advanced-threat-analytics-1-9). ATA Mainstream Support ended on January 12, 2021. Extended Support will continue until January 2026. For more information, read [our blog](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/end-of-mainstream-support-for-advanced-threat-analytics-january/ba-p/1539181).
 
 ## How ATA works