Clean up "here" link anchors in articles (#29755)

articles/automations.md

@@ -6,7 +6,7 @@ To learn how to use Fleet's maintenance windows, head to this [article](https://
 
 ## Activity automations
 
-Activity automations are triggered when an activity happens in Fleet (queries, scripts, logins, etc). See a list of all activities [here](https://fleetdm.com/docs/using-fleet/audit-logs).
+Activity automations are triggered when an activity happens in Fleet (queries, scripts, logins, etc). See our [Audit logs documentation](https://fleetdm.com/docs/using-fleet/audit-logs) for a list of all activity types.
 
 You can automatically send activites to a webhook URL or a [log destination](https://fleetdm.com/docs/configuration/fleet-server-configuration#external-activity-audit-logging).
 

articles/chrome-os.md

@@ -1,12 +1,12 @@
 # ChromeOS
 For visibility on ChromeOS hosts, Fleet provides the fleetd Chrome extension which provides similar functionality as osquery on other operating systems.
 
-To learn how to add ChromeOS hosts to Fleet, visit [here](https://fleetdm.com/docs/using-fleet/adding-hosts#enroll-chromebooks).
+Follow the instructions in our [host enrollment guide](https://fleetdm.com/guides/enroll-hosts#enroll-chromebooks) to add Chromebooks to Fleet.
 
 > The fleetd Chrome browser extension is supported on ChromeOS operating systems that are managed using [Google Admin](https://admin.google.com). It is not intended for non-ChromeOS hosts with the Chrome browser installed.
 
 ## Available tables
-To see the available tables for ChromeOS, visit [here](https://fleetdm.com/tables/chrome_extensions?platformFilter=chrome).
+See our [ChromeOS tables list](https://fleetdm.com/tables/chrome_extensions?platformFilter=chrome) for available tables.
 
 ## Setting the hostname
 By default, the hostname for a Chromebook host will be blank. The hostname can be customized in Google Admin under Devices > Chrome > Settings > Device > Device Settings > Other Settings > [Device network hostname template](https://support.google.com/chrome/a/answer/1375678#zippy=%2Cdevice-network-hostname-template%2Creport-device-os-information).
@@ -20,7 +20,7 @@ By default, the hostname for a Chromebook host will be blank. The hostname can b
   - `usb_devices`: https://github.com/fleetdm/fleet/issues/12780
 
 ## Debugging ChromeOS
-To learn how to debug the Fleetd Chrome extension, visit [here](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/getting-started/testing-and-local-development.md#fleetd-chrome-extension).
+See our [fleetd Chrome extension testing docs](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/getting-started/testing-and-local-development.md#fleetd-chrome-extension) for debugging instructions.
 
 <meta name="category" value="guides">
 <meta name="authorGitHubUsername" value="zhumo">

articles/cis-benchmarks.md

@@ -142,9 +142,7 @@ Certain benchmarks cannot be automated by a policy in Fleet. For a list of speci
 - [Windows 11 Enterprise](https://github.com/fleetdm/fleet/blob/main/ee/cis/win-11/README.md)
 
 ## Performance testing
-In August 2023, we completed scale testing on 10k Windows hosts and 70k macOS hosts. Ultimately, we validated both server and host performance at that scale.
-
-Detailed results are [here](https://docs.google.com/document/d/1OSpyzMkHjVhG_-EIBkLu7X3hj_XfVASGl3IXIYChpck/edit?usp=sharing).
+In August 2023, we completed [scale testing on 10k Windows hosts and 70k macOS hosts](https://docs.google.com/document/d/1OSpyzMkHjVhG_-EIBkLu7X3hj_XfVASGl3IXIYChpck/edit?usp=sharing). Ultimately, we validated both server and host performance at that scale.
 
 <meta name="category" value="guides">
 <meta name="authorGitHubUsername" value="lucasmrod">

articles/connect-end-user-to-wifi-with-certificate.md

@@ -20,7 +20,7 @@ To connect end users to W-Fi or VPN with DigiCert certificates, we'll do the fol
 ### Step 1: Create service user in DigiCert
 
 1. Head to [DigiCert One](https://one.digicert.com/)
-2. Follow the instructions to create a service user [here](https://docs.digicert.com/en/platform-overview/manage-your-accounts/account-manager/users-and-access/service-users/create-a-service-user.html) and save the service user's API token.
+2. Follow [DigiCert's instructions for creating a service user](https://docs.digicert.com/en/platform-overview/manage-your-accounts/account-manager/users-and-access/service-users/create-a-service-user.html) and save the service user's API token.
 > Make sure to assign **User and certificate manager** and **Certificate profile manager** roles
 > when creating service user.
 
@@ -124,7 +124,7 @@ When saving the configuration, Fleet will attempt to connect to the SCEP server
 1. Create a [configuration profile](https://fleetdm.com/guides/custom-os-settings) with the SCEP payload. In the profile, for `Challenge`, use`$FLEET_VAR_NDES_SCEP_CHALLENGE`. For `URL`, use `$FLEET_VAR_NDES_SCEP_PROXY_URL`, and make sure to add `$FLEET_VAR_SCEP_RENEWAL_ID` to `CN`.
 
 
-2. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with end user authentication enabled (learn more [here](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping)). You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0).
+2. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with [end user authentication](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping) enabled. You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0).
 
 3. In Fleet, head to **Controls > OS settings > Custom settings** and add the configuration profile to deploy certificates to your hosts.
 
@@ -218,7 +218,7 @@ To connect end users to W-Fi or VPN with a custom SCEP server, we'll do the foll
 
 2. Replace the `<CA_NAME>`, with name you created in step 3. For example, if the name of the CA is "WIFI_AUTHENTICATION" the variables will look like this: `$FLEET_VAR_CUSTOM_SCEP_PASSWORD_WIFI_AUTHENTICATION` and `FLEET_VAR_CUSTOM_SCEP_DIGICERT_DATA_WIFI_AUTHENTICATION`.
 
-3. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with end user authentication enabled (learn more [here](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping)). You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0).
+3. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with [end user authentication]((https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping)) enabled. You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0).
 
 4. In Fleet, head to **Controls > OS settings > Custom settings** and add the configuration profile to deploy certificates to your hosts.
 

articles/creating-windows-csps.md

@@ -4,7 +4,7 @@ Deploying Windows configurations profiles (aka Configuration Service Providers (
 
 This guide will help you understand the building blocks to crafting CSPs of varying complexity – from simple payloads to more complex ones that involve modification of ADMX underpinnings.
 
-> In Fleet, Windows CSPs are called "Custom OS settings." Learn more about Custom OS settings [here](https://fleetdm.com/guides/custom-os-settings).
+> In Fleet, Windows CSPs are called [**Custom OS settings**](https://fleetdm.com/guides/custom-os-settings).
 
 ## ADMX
 

articles/custom-os-settings.md

@@ -10,7 +10,7 @@ You can enforce OS settings using the Fleet UI, Fleet API, or [Fleet's GitOps wo
 
 For macOS, iOS, and iPadOS hosts, Fleet recommends the [iMazing Profile Creator](https://imazing.com/profile-editor) tool for creating and exporting macOS configuration profiles. Fleet signs these profiles for you. If you have self-signed profiles, run this command to unsign them: `usr/bin/security cms -D -i  /path/to/profile/profile.mobileconfig | xmllint --format -`
 
-For Windows hosts, copy this [Windows configuration profile template](https://fleetdm.com/example-windows-profile) and update the profile using any configuration service providers (CSPs) from [Microsoft's MDM protocol](https://learn.microsoft.com/en-us/windows/client-management/mdm/). Learn more about Windows CSPs [here](https://fleetdm.com/guides/creating-windows-csps).
+For Windows hosts, copy this [Windows configuration profile template](https://fleetdm.com/example-windows-profile) and update the profile using any [configuration service providers (CSPs)](https://fleetdm.com/guides/creating-windows-csps) from [Microsoft's MDM protocol](https://learn.microsoft.com/en-us/windows/client-management/mdm/).
 
 Fleet UI:
 
@@ -22,7 +22,7 @@ Fleet UI:
 
 4. To edit the OS setting, first remove the old configuration profile and then add the new one. On macOS, iOS, and iPadOS, removing a configuration profile will remove enforcement of the OS setting.
 
-Fleet API: API documentation is [here](https://fleetdm.com/docs/rest-api/rest-api#add-custom-os-setting-configuration-profile)
+Fleet API: Use the [Add custom OS setting (configuration profile) endpoint](https://fleetdm.com/docs/rest-api/rest-api#add-custom-os-setting-configuration-profile) in the Fleet API.
 
 ### See status
 
@@ -36,7 +36,7 @@ In the top box, with "Verified," "Verifying," "Pending," and "Failed" statuses,
 
 * **Pending**: hosts that are running MDM commands or will run MDM commands to apply OS settings when they come online.
 
-* **Failed**: hosts that failed to apply OS settings. For Windows profiles, the status codes are documented in Microsoft's documentation [here](https://learn.microsoft.com/en-us/windows/client-management/oma-dm-protocol-support#syncml-response-status-codes).
+* **Failed**: hosts that failed to apply OS settings. For Windows profiles, status codes are listed in [Microsoft's OMA DM docs](https://learn.microsoft.com/en-us/windows/client-management/oma-dm-protocol-support#syncml-response-status-codes).
 
 In the list of hosts, click on an individual host and click the **OS settings** item to see the status for a specific setting.
 

articles/deploy-fleet-on-aws-ecs.md

@@ -5,7 +5,7 @@
 
 ![Deploy Fleet on AWS ECS](../website/assets/images/articles/deploy-fleet-on-aws-ecs-800x450@2x.png)
 
-Terraform reference architecture can be found [here](https://github.com/fleetdm/fleet-terraform)
+A Terraform reference architecture can be found in the [fleetdm/terrqform](https://github.com/fleetdm/fleet-terraform) repository.
 
 ### Infrastructure dependencies
 

articles/deploy-fleet-on-render.md

@@ -45,7 +45,7 @@ fleetctl package --type=msi --enroll-secret <secret> --fleet-url https://<your-u
 
 This command creates an `msi` installer pointed at your Fleet instance.
 
-Now we need some awesome queries to run against the hosts we enroll, check out the collection [here](https://github.com/fleetdm/fleet/tree/main/docs/01-Using-Fleet/standard-query-library).
+Now we need some awesome queries to run against the hosts we enroll, such as those from our [standard query library](https://github.com/fleetdm/fleet/tree/main/docs/01-Using-Fleet/standard-query-library).
 
 To get them into Fleet we can use `fleetctl` again. Run the following on your terminal:
 

articles/deploying-sentinelone-with-fleet.md

@@ -8,7 +8,7 @@ SentinelOne is a cybersecurity platform that provides endpoint protection, detec
 
 ### Upload .mobileconfigs to Fleet
 
-SentinelOne requires 5 separate mobileconfig files in order to properly function on macOS. Each of these serves an important operational function. These 5 profiles are available to download on my GitHub repo [here](https://github.com/harrisonravazzolo/Bluth-Company-GitOps/tree/main/lib/macos/SentinelOne). Let's quickly run through each one and highlight what it's actually doing on your endpoints.
+SentinelOne requires [5 separate mobileconfig files](https://github.com/harrisonravazzolo/Bluth-Company-GitOps/tree/main/lib/macos/SentinelOne) in order to properly function on macOS. Each of these serves an important operational function. Let's quickly run through each one and highlight what it's actually doing on your endpoints.
 
 > It's possible these profiles can be combined into one payload, but we've kept them separate here for troubleshooting purposes.
 

articles/downgrade-fleet.md

@@ -2,7 +2,7 @@
 
 Follow these steps to downgrade your Fleet instance from Fleet Premium.
 
-> If you'd like to renew your Fleet Premium license key, please contact us [here](https://fleetdm.com/company/contact).
+> If you'd like to renew your Fleet Premium license key, please [contact us](https://fleetdm.com/company/contact).
 
 ## Back up your users and update all team-level users to global users
 
@@ -31,7 +31,7 @@ Follow these steps to downgrade your Fleet instance from Fleet Premium.
 
 ## Remove your Fleet Premium license key
 
-1. Remove your license key from your Fleet configuration. Documentation on where the license key is located in your configuration is [here](https://fleetdm.com/docs/deploying/configuration#license).
+1. Remove your license key from your [Fleet configuration](https://fleetdm.com/docs/deploying/configuration#license).
 2. Restart your Fleet server.
 
 <meta name="category" value="guides">

articles/end-user-authentication.md

@@ -22,7 +22,7 @@ Apple's Device Enrollment Program (DEP) was the original, separate Apple service
 
 The first step is to enable SAML (Security Assertion Markup Language) SSO for your IdP (Identity Provider). Follow the instructions from the [Single sign-on guide](https://fleetdm.com/docs/deploy/single-sign-on-sso). Use the URL ending with `/mdm/sso/callback.` Make sure to assign users to your SAML integration.
 
-Fleet's guide for setting up end-user authentication during the macOS setup experience is available [here](https://fleetdm.com/guides/macos-setup-experience#end-user-authentication-and-end-user-license-agreement-eula). Note that setting up end-user authentication is done globally. However, enabling end-user authentication is done separately for each team. You may test end-user authentication in a separate team before rolling it out to the rest of your organization.
+You can [require users to authenticate with your IdP before using their Mac](https://fleetdm.com/guides/macos-setup-experience#end-user-authentication-and-end-user-license-agreement-eula). Note that setting up end-user authentication is done globally. However, enabling end-user authentication is done separately for each team. You may test end-user authentication in a separate team before rolling it out to the rest of your organization.
 
 With end-user authentication enabled for your team, Fleet sends the updated enrollment profile to Apple. This sync happens once a minute and can be adjusted with the [mdm.apple_dep_sync_periodicity](https://fleetdm.com/docs/configuration/fleet-server-configuration#mdm-apple-dep-sync-periodicity) server configuration setting. The relevant attribute of the [Apple enrollment profile](https://developer.apple.com/documentation/devicemanagement/profile) is `configuration_web_url`. Fleet sets it to `{server_url}/mdm/sso`.
 

articles/enforce-disk-encryption.md

@@ -24,13 +24,13 @@ You can enforce disk encryption using the Fleet UI, Fleet API, or [Fleet's GitOp
 
 #### Fleet API: 
 
-API documentation is [here](https://fleetdm.com/docs/rest-api/rest-api#update-disk-encryption-enforcement).
+You can use the [Update disk encryption enforcement API endpoint](https://fleetdm.com/docs/rest-api/rest-api#update-disk-encryption-enforcement) to manage disk encryption settings via the API.
 
 ### Disk encryption status
 
 In the Fleet UI, head to the **Controls > OS settings > Disk encryption** tab. You will see a table that shows the status of disk encryption on your hosts. 
 
-* Verified: the host turned disk encryption on and sent their key to Fleet. Fleet verified with osquery. See instructions for viewing the disk encryption key [here](#view-disk-encryption-key).
+* Verified: the host turned disk encryption on and sent their key to Fleet, and Fleet has verified the key with osquery. The [encryption key can be viewed within Fleet](#view-disk-encryption-key).
 
 * Verifying: the host acknowledged the MDM command to install the disk encryption profile. Fleet is verifying with osquery and retrieving the disk encryption key.
 

articles/enforce-os-updates.md

@@ -6,7 +6,7 @@ In Fleet, you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hos
 
 ## Turning on enforcement
 
-For Apple (macOS, iOS, and iPadOS) hosts, the you can find the list of available OS versions in the Apple Software Lookup Service [here](https://gdmf.apple.com/v2/pmv](https://gdmf.apple.com/v2/pmv). The update will only be enforced if you use a version in that list.
+For Apple (macOS, iOS, and iPadOS) hosts, Apple provides a [list of available OS versions](https://gdmf.apple.com/v2/pmv) in the Apple Software Lookup Service. The update will only be enforced if you use a version in that list.
 
 ### Fleet UI
 
@@ -46,7 +46,7 @@ If the host was turned off when the deadline passed, the update will be schedule
 
 If you set a past date (ex. yesterday) as the deadline, the end user will immediately be prompted to install the update. If they don't, the update will automatically install in one hour. Similarly, if you set the deadline to today, end users will experience the same behavior if it's after 12 PM (end user local time).
 
-For hosts that use Automated Device Enrollment (ADE), if the device is below the specified minimum version, it will be required to update to the latest version during ADE before device setup and enrollment can proceed. You can find the latest version in the Apple Software Lookup Service [here](https://gdmf.apple.com/v2/pmv). Apple's software updates are relatively large (up to several GBs) so ask your end users to connect to a Wi-Fi network that can handle large downloads during ADE.
+For hosts that use Automated Device Enrollment (ADE), if the device is below the specified minimum version, it will be required to update to the latest version during ADE before device setup and enrollment can proceed. You can find the latest version in the [Apple Software Lookup Service](https://gdmf.apple.com/v2/pmv). Apple's software updates are relatively large (up to several GBs) so ask your end users to connect to a Wi-Fi network that can handle large downloads during ADE.
 
 ### Windows
 
@@ -58,7 +58,7 @@ End users are encouraged to update Windows via the native Windows dialog.
 
 If an end user was on vacation when the deadline passed, the end user is given a grace period (configured) before the host automatically restarts.
 
-Fleet enforces OS updates for quality and feature updates. Read more about the types of Windows OS updates in the Microsoft documentation [here](https://learn.microsoft.com/en-us/windows/deployment/update/get-started-updates-channels-tools#types-of-updates).
+Fleet enforces OS updates for quality and feature updates. Microsoft provides documentation on [types of Windows updates](https://learn.microsoft.com/en-us/windows/deployment/update/get-started-updates-channels-tools#types-of-updates).
 
 ### macOS (below version 14.0)
 

articles/enroll-hosts.md

@@ -133,7 +133,7 @@ How to unenroll a host from Fleet:
 
 2. For macOS hosts with MDM turned on, select **Actions > Turn off MDM** to turn MDM off. Instructions for turning off MDM on Windows hosts coming soon.
 
-3. Determine the platform of the host you're trying to unenroll and follow the instructions to uninstall the fleetd agent [here](https://fleetdm.com/guides/how-to-uninstall-fleetd).
+3. Determine the platform of the host you're trying to unenroll, then follow the [uninstall instructions](https://fleetdm.com/guides/how-to-uninstall-fleetd) for that platform.
 
 4. Select **Actions > Delete** to delete the host from Fleet.
 
@@ -362,8 +362,7 @@ When generating Fleet's agent (fleetd) for Windows hosts (**.msi**) on a Windows
 use local installations of the 3 WiX v3 binaries used by this command (`heat.exe`, `candle.exe`, and
 `light.exe`) instead of those in a pre-configured container, which is the default behavior. To do
 so:
-  1. Install the WiX v3 binaries. To install, you can download them
-     [here](https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip), then unzip the downloaded file.
+  1. Download the [WiX v3 binaries](https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip), then unzip the downloaded file.
   2. Find the absolute filepath of the directory containing your local WiX v3 binaries. This will be wherever you saved the unzipped package contents.
   3. Run `fleetctl package`, and pass the absolute path above as the string argument to the
      `--local-wix-dir` flag. For example:
@@ -372,7 +371,7 @@ so:
      ```
      If the provided path doesn't contain all 3 binaries, the command will fail.
 
->**Note:** Creating a fleetd agent for Windows (.msi) on macOS also requires Wine. To install Wine see the script [here](https://fleetdm.com/install-wine).
+>**Note:** Creating a fleetd agent for Windows (.msi) on macOS also requires Wine. We've built a [Wine installation script](https://fleetdm.com/install-wine) to help you get it.
 
 ### Config-less fleetd agent deployment
 

articles/fleet-4.0.0.md

@@ -61,7 +61,7 @@ Enroll secrets no longer have “names” and are now either global or for a spe
 
 JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity. `auth_jwt_key` and `auth_jwt_key_file` are no longer accepted as configuration.
 
-As of Fleet 4.0.0, Fleet Device Management Inc. periodically collects anonymous information about your instance. Sending usage statistics is turned off by default for users upgrading from a previous version of Fleet. Read more about the exact information collected [here](https://github.com/fleetdm/fleet/blob/2f42c281f98e39a72ab4a5125ecd26d303a16a6b/docs/1-Using-Fleet/11-Usage-statistics.md).
+As of Fleet 4.0.0, Fleet Device Management Inc. periodically collects [anonymous information](https://fleetdm.com/guides/fleet-usage-statistics) about your instance. Sending usage statistics is turned off by default for users upgrading from a previous version of Fleet.
 
 <meta name="category" value="releases">
 <meta name="authorFullName" value="Noah Talerman">

articles/fleet-4.50.0.md

@@ -19,7 +19,7 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 Fleet enhances the deployment capabilities for IT administrators, particularly concerning security agents. Now available in Fleet Premium, this feature allows administrators to add and deploy security agents directly to macOS, Windows, and Linux hosts through the Software page, the Fleet API, or via GitOps workflows. This deployment functionality requires that the host has a `fleetd` agent with scripts enabled, but notably, it does not necessitate MDM (Mobile Device Management) features to be enabled within Fleet. This new capability supports a more streamlined and efficient approach to enhancing host security across diverse operating environments, allowing IT and security teams to ensure their hosts are protected with the necessary security tools without the complexity of additional infrastructure changes.
 
-For users who self-manage (host) Fleet, this feature requires connecting Fleet with an S3 bucket. See how in the server configuration reference [here](https://fleetdm.com/docs/configuration/fleet-server-configuration#s-3).
+For users who self-manage (host) Fleet, this feature requires [connecting Fleet with an S3 bucket]((https://fleetdm.com/docs/configuration/fleet-server-configuration#s-3).
 
 ## Policy description and resolutions aided by AI
 

articles/fleet-4.59.0.md

@@ -14,15 +14,15 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 ### Install apps during new Mac boot
 
-Using Fleet, you can now block a user’s screen while software installs or scripts run during macOS Setup Assistant. This prevents users from accessing the desktop before required configurations are enforced, improving security and guaranteeing that all workstations meet organizational standards before use. Learn more in the guide [here](https://fleetdm.com/guides/macos-setup-experience).
+Using Fleet, you can now block a user’s screen while software installs or scripts run during the [macOS setup experience](https://fleetdm.com/guides/macos-setup-experience). This prevents users from accessing the desktop before required configurations are enforced, improving security and guaranteeing that all workstations meet organizational standards before use.
 
 ### Automatically connect end users to Wi-Fi
 
-With Fleet, you can now install a SCEP certificate from NDES on all macOS hosts as part of the Wi-Fi/Ethernet configuration profile. This ensures seamless and secure network access for end users. Learn more in the guide [here](https://fleetdm.com/guides/ndes-scep-proxy).
+With Fleet, you can now [install a SCEP certificate from NDES](https://fleetdm.com/guides/ndes-scep-proxy) on all macOS hosts as part of the Wi-Fi/Ethernet configuration profile. This ensures seamless and secure network access for end users.
 
 ### Custom URL for Apple MDM
 
-Fleet now provides the ability to set an alternative MDM URL to help organizations differentiate MDM traffic from other Fleet traffic, allowing the application of network rules specific to MDM communications. Learn more in the guide [here](https://fleetdm.com/guides/alternate-apple-mdm-url).
+Fleet now provides the ability to set an [alternative MDM URL](https://fleetdm.com/guides/alternate-apple-mdm-url) to help organizations differentiate MDM traffic from other Fleet traffic, allowing the application of network rules specific to MDM communications.
 
 ## Changes
 

articles/fleet-4.60.0.md

@@ -14,7 +14,7 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 ### Escrow Linux disk encryption keys
 
-Fleet now supports escrowing the disk encryption keys for Linux (Ubuntu and Fedora) workstations. This means teams can access encrypted data without needing the local password when an employee leaves, simplifying handoffs and ensuring critical data remains accessible while protected. Learn more in the guide [here](https://fleetdm.com/guides/enforce-disk-encryption).
+Fleet now supports [escrowing disk encryption keys](https://fleetdm.com/guides/enforce-disk-encryption) for Linux (Ubuntu and Fedora) workstations. This means teams can access encrypted data without needing the local password when an employee leaves, simplifying handoffs and ensuring critical data remains accessible while protected.
 
 ### Custom targets for OS settings
 

articles/fleet-4.61.0.md

@@ -14,7 +14,7 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 ### Auto-install software
 
-IT admins can now install a Fleet-maintained app on all hosts without writing a custom policy. This simplifies software management and saves time for your end users by ensuring productivity tools like Slack and Zoom are consistently available. Learn more about automatically installing software [here](https://fleetdm.com/guides/automatic-software-install-in-fleet).
+IT admins can now [install a Fleet-maintained app](https://fleetdm.com/guides/automatic-software-install-in-fleet) on all hosts without writing a custom policy. This simplifies software management and saves time for your end users by ensuring productivity tools like Slack and Zoom are consistently available.
 
 ### Email two-factor authentication (2FA)
 

articles/fleet-4.62.0.md

@@ -14,15 +14,15 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 ### Custom targets for software installs
 
-IT admins can now install Fleet-maintained apps and custom packages only on macOS, Windows, and Linux hosts within specific labels. This lets you target installations more precisely, tailoring deployments by department, role, or hardware. Learn more about deploying software [here](https://fleetdm.com/guides/deploy-software-packages).
+IT admins can now [install Fleet-maintained apps and custom packages](https://fleetdm.com/guides/deploy-software-packages) on macOS, Windows, and Linux hosts within specific labels. This lets you target installations more precisely, tailoring deployments by department, role, or hardware. Learn more about deploying software.
 
 ### Automatic policies for custom packages
 
-Fleet now creates policies automatically when you add a custom package. This eliminates the need to manually write policies, making it faster and easier to deploy software across all your hosts. Learn more about automatically installing software [here](https://fleetdm.com/guides/automatic-software-install-in-fleet).
+Fleet now creates [auto-install policies](https://fleetdm.com/guides/automatic-software-install-in-fleet) automatically when you add a custom package. This eliminates the need to manually write policies, making it faster and easier to deploy software across all your hosts. Learn more about automatically installing software.
 
 ### Hide secrets in configuration profiles and scripts
 
-Fleet ensures that GitHub or GitLab secrets, like API tokens and license keys used in scripts (Shell & PowerShell) and configuration profiles (macOS & Windows), are hidden when viewed or downloaded in Fleet. This protects sensitive information, keeping it secure until it’s deployed to the hosts. Learn more about secrets [here](https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles).
+Fleet ensures that GitHub or GitLab [secrets](https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles), like API tokens and license keys used in scripts (Shell & PowerShell) and configuration profiles (macOS & Windows), are hidden when viewed or downloaded in Fleet. This protects sensitive information, keeping it secure until it’s deployed to the hosts.
 
 ## Changes
 

articles/fleet-4.63.0.md

@@ -15,15 +15,15 @@ For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deplo
 
 ### Automatically install software
 
-Fleet can now automatically install App Store (VPP) apps when a macOS host fails a policy. This removes the need for third-party automation tools, making large-scale app deployment easier and more reliable. Learn more about installing software [here](https://fleetdm.com/guides/automatic-software-install-in-fleet).
+Fleet can now [automatically install App Store (VPP) apps](https://fleetdm.com/guides/automatic-software-install-in-fleet) when a macOS host fails a policy. This removes the need for third-party automation tools, making large-scale app deployment easier and more reliable.
 
 ### Faster employee onboarding
 
-During new employee onboarding, Macs can now optionally download bootstrap packages and software from the nearest CloudFront region. This speeds up onboarding for organizations that onboard new employees at different headquarters across the world. Learn more [here](https://fleetdm.com/guides/cdn-signed-urls).
+During new employee onboarding, Macs can now optionally [download bootstrap packages and software from the nearest CloudFront region](https://fleetdm.com/guides/cdn-signed-urls). This speeds up onboarding for organizations that onboard new employees at different headquarters across the world.
 
 ### GitHub (SLSA) attestation
 
-Fleet and Fleet's agent (`fleetd`) release binaries and images now include Supply-chain Level Software Attestation (SLSA). This allows security-conscious teams to verify that the artifacts they deploy are the exact ones produced by Fleet’s official GitHub workflows, ensuring integrity and preventing tampering. Learn more [here](https://fleetdm.com/guides/fleet-software-attestation). 
+Fleet and Fleet's agent (`fleetd`) release binaries and images now include [Supply-chain Level Software Attestation (SLSA)](https://fleetdm.com/guides/fleet-software-attestation). This allows security-conscious teams to verify that the artifacts they deploy are the exact ones produced by Fleet’s official GitHub workflows, ensuring integrity and preventing tampering. 
 
 ## Changes
 

articles/fleet-4.64.0.md

@@ -25,7 +25,7 @@ Also, IT admins can now edit scripts within the Fleet UI. This eliminates the ne
 
 ### Fleetctl for Windows and Linux ARM
 
-Fleet users with Window or Linux ARM workstations can now use the fleetctl command-line interface (CLI) to run scripts, queries, and more. This expands Fleet’s CLI capabilities, allowing users to manage hosts on their preferred operating system (OS). Learn more about fleetctl [here](https://fleetdm.com/guides/fleetctl).
+Fleet users with Window or Linux ARM workstations can now use the [fleetctl](https://fleetdm.com/guides/fleetctl) command-line interface (CLI) to run scripts, queries, and more. This expands Fleet’s CLI capabilities, allowing users to manage hosts on their preferred operating system (OS).
 
 ## Changes
 

articles/fleet-4.65.0.md

@@ -15,11 +15,11 @@ You can now put Fleet in "GitOps mode" which puts the Fleet UI in a read-only mo
 
 ### Automatically install software
 
-Fleet now allows IT admins to install App Store apps on all your hosts without writing custom policies. This saves time when deploying apps across many hosts, making large-scale app deployment easier and more reliable. Learn more about installing software [here](https://fleetdm.com/guides/automatic-software-install-in-fleet).
+Fleet now allows IT admins to [install App Store apps automatically](https://fleetdm.com/guides/automatic-software-install-in-fleet) on all your hosts without writing custom policies. This saves time when deploying apps across many hosts, making large-scale app deployment easier and more reliable.
 
 ### Certificates in host vitals
 
-The **Host details** page now displays a list of certificates for macOS, iOS, and iPadOS hosts. This helps IT teams quickly diagnose Wi-Fi or VPN connection issues by identifying missing or expired certificates that may be preventing network access. See more host vitals [here](https://fleetdm.com/vitals/battery).
+The **Host details** page now includes [certificates](https://fleetdm.com/vitals/host-certificates-mac-os#apple) for macOS, iOS, and iPadOS hosts as part of [host vitals](https://fleetdm.com/vitals). This helps IT teams quickly diagnose Wi-Fi or VPN connection issues by identifying missing or expired certificates that may be preventing network access.
 
 ## Changes
 

articles/fleet-4.66.0.md

@@ -14,15 +14,15 @@ Fleet 4.66.0 is now available. See the complete [changelog](https://github.com/f
 
 ### Fleet-maintained apps for Windows
 
-Fleet now supports Fleet-maintained apps for Windows. This allows IT admins to easily manage and deploy trusted applications at scale, without manually packaging or scripting installations. More about Fleet-maintained apps [here](https://fleetdm.com/guides/fleet-maintained-apps).
+Fleet now supports [Fleet-maintained apps](https://fleetdm.com/guides/fleet-maintained-apps) for Windows. This allows IT admins to easily manage and deploy trusted applications at scale, without manually packaging or scripting installations.
 
 ### DigiCert certificate integration
 
-Fleet now integrates with DigiCert Trust Lifecycle Manager, enabling admins to deploy DigiCert certificates directly to their macOS devices via configuration profiles. This simplifies certificate management and helps streamline the provisioning process. Learn how [here](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate#digicert).
+Fleet now integrates with DigiCert Trust Lifecycle Manager, enabling admins to [deploy DigiCert certificates](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate#digicert) directly to their macOS devices via configuration profiles. This simplifies certificate management and helps streamline the provisioning process.
 
 ### Custom SCEP server support
 
-Admins can now use their own custom Simple Certificate Enrollment Protocol (SCEP) servers with Fleet. This integration allows deployment of certificates to Macs through configuration profiles, while ensuring all traffic to the SCEP server is routed through Fleet. Learn how [here](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate#custom-scep-server).
+Admins can now use their own [custom Simple Certificate Enrollment Protocol (SCEP) servers](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate#custom-scep-server) with Fleet. This integration allows deployment of certificates to Macs through configuration profiles, while ensuring all traffic to the SCEP server is routed through Fleet.
 
 ## Changes
 

articles/fleet-4.67.0.md

@@ -14,7 +14,7 @@ Fleet 4.67.0 is now available. See the complete [changelog](https://github.com/f
 
 ### Foreign vitals
 
-Fleet now pulls end user details from your identity provider (IdP)—like IdP email, full name, and group memberships—into host vitals. This makes it easier to identify who is using each host to speed up troubleshooting and audits. Learn more [here](https://fleetdm.com/guides/foreign-vitals-map-idp-users-to-hosts).
+Fleet now pulls end user details from your identity provider (IdP)—like IdP email, full name, and group memberships—into host vitals. This makes it easier to identify who is using each host to speed up troubleshooting and audits. Learn more with our [foreign vitals guide](https://fleetdm.com/guides/foreign-vitals-map-idp-users-to-hosts).
 
 ### Policy targets
 

articles/fleet-4.68.0.md

@@ -25,7 +25,7 @@ Security engineers can now send scheduled query results to a webhook URL. This m
 
 ### Deploy tarballs
 
-Fleet now supports deploying `.tar.gz` and `.tgz packages`. Security engineers no longer need separate hosting or deployment tools, simplifying the process of distributing software across hosts. Learn more [here](https://fleetdm.com/guides/deploy-software-packages).
+Fleet now supports deploying `.tar.gz` and `.tgz packages`. Security engineers no longer need separate hosting or deployment tools, simplifying the process of distributing software across hosts. Learn more in our [software deployment guide](https://fleetdm.com/guides/deploy-software-packages).
 
 ### SHA-256 verification
 
@@ -33,15 +33,15 @@ IT admins can now specify a `hash_sha256` when adding custom packages to Fleet v
 
 ### Certificate renewal
 
-Fleet can now automatically renew certificates from DigiCert, NDES, or custom certificate authorities (CA). This ensures end users can maintain seamless Wi-Fi and VPN access without manual certificate management. Learn more [here](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate).
+Fleet can now automatically renew certificates from DigiCert, NDES, or custom certificate authorities (CA). This ensures end users can maintain seamless Wi-Fi and VPN access without manual certificate management. See the [WiFi and VPN certificate guide](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate) for more information.
 
 ### Configuration profile variables
 
-IT admins can now insert end users' identity provider (IdP) usernames and groups into macOS, iOS, and iPadOS configuration profiles. This allows certificates to include user-specific data and enables other tools, like Munki, to take group-based actions. See all configuration profile variables Fleet currently supports [here](https://fleetdm.com/docs/configuration/yaml-files#macos-settings-and-windows-settings).
+IT admins can now insert end users' identity provider (IdP) usernames and groups into macOS, iOS, and iPadOS configuration profiles. This allows certificates to include user-specific data and enables other tools, like Munki, to take group-based actions. Supported configuration profile variables are listed in [GitOps documentation](https://fleetdm.com/docs/configuration/yaml-files#macos-settings-and-windows-settings).
 
 ### Software self-service categories
 
-IT admins can now organize software in **Fleet Desktop > Self service** into categories like "🌎 Browsers," "👬 Communication," "🧰 Developer tools," and "🖥️ Productivity." This makes it easier for end users to quickly find and install the apps they need. Learn more [here](https://fleetdm.com/guides/software-self-service).
+IT admins can now organize software in **Fleet Desktop > Self service** into categories like "🌎 Browsers," "👬 Communication," "🧰 Developer tools," and "🖥️ Productivity." This makes it easier for end users to quickly find and install the apps they need. See the [software self-service guide](https://fleetdm.com/guides/software-self-service) for more information.
 
 ### Run scripts in bulk
 
@@ -57,7 +57,7 @@ A new `fleetctl generate-gitops` command now generates GitOps (YAML) files based
 
 ### Custom Fleet agent (fleetd) during new Mac setup (ADE)
 
-Fleet now allows IT admins to deploy a custom fleetd during Mac Setup Assistant (ADE). This makes it possible to custom the fleetd configuration to point hosts to a custom Fleet server URL during initial enrollment, meeting security requirements without manual reconfiguration. Learn how [here](https://fleetdm.com/guides/macos-setup-experience#advanced).
+Fleet now allows IT admins to deploy a custom fleetd during Mac Setup Assistant (ADE). This makes it possible to custom the fleetd configuration to point hosts to a custom Fleet server URL during initial enrollment, meeting security requirements without manual reconfiguration. See the [macOS setup experience guide](https://fleetdm.com/guides/macos-setup-experience#advanced) for more information.
 
 ## Changes
 

articles/fleet-desktop-says-hello-world.md

@@ -29,7 +29,7 @@ This page explains what Fleet and osquery can and cannot see on their computers.
 Fleet Premium users can point this link to an internal resource to customize the content for their organization’s situation.
 
 ## Deploying Fleet Desktop
-To install Fleet Desktop on your end users' machines, you will need to generate a new osquery installer and run it on end users’ machines. Learn more [here](https://fleetdm.com/docs/using-fleet/adding-hosts#fleet-desktop). 
+To install Fleet Desktop on your end users' machines, you will need to [generate a fleetd agent](https://fleetdm.com/docs/using-fleet/adding-hosts#fleet-desktop) and run it on end users’ machines.
 
 Once installed, Fleet Desktop’s versioning is thereafter managed by our agent manager, Orbit.
 

articles/fleet-software-attestation.md

@@ -4,7 +4,7 @@ As of version 4.63.0 Fleet added [SLSA attestations](https://slsa.dev/) to our r
 
 ## What is software attestation?
 
-A software attestation is a cryptographically-signed statement provided by a software creator that certifies the build process and provenance of one or more software _artifacts_ (which might be files, container images, or other outputs). In other words, it's a promise to our users that the software we're providing was built by us, using a process that they can trust and verify. We utilize the SLSA framework for attestations which you can read more about [here](https://slsa.dev/).  After each release, attestations are added to https://github.com/fleetdm/fleet/attestations.
+A software attestation is a cryptographically-signed statement provided by a software creator that certifies the build process and provenance of one or more software _artifacts_ (which might be files, container images, or other outputs). In other words, it's a promise to our users that the software we're providing was built by us, using a process that they can trust and verify. We use the [SLSA framework](https://slsa.dev/) for attestations.  After each release, attestations are added to https://github.com/fleetdm/fleet/attestations.
 
 ## Verifying a release
 

articles/fleetctl.md

@@ -39,7 +39,7 @@ You can also install the latest version of the binary from [GitHub](https://gith
 
 Much of the functionality available in the Fleet UI is also available in fleetctl. You can run queries, add and remove users, generate Fleet's agent (fleetd) to add new hosts, get information about existing hosts, and more!
 
-> Note: Unless a logging infrastructure is configured on your Fleet server, osquery-related logs will be stored locally on each device. Read more [here](https://fleetdm.com/guides/log-destinations)
+> Unless a [log destination](https://fleetdm.com/guides/log-destinations) is configured, osquery logs will be stored locally on each device.
 
 To see the available commands you can run:
 

articles/foreign-vitals-map-idp-users-to-hosts.md

@@ -36,7 +36,7 @@ To map users from Okta to hosts in Fleet, do the following steps:
 3. For the **Unique identifier field for users**, enter `userName`.
 4. For the **Supported provisioning actions**, select **Push New Users**, **Push Profile Updates**, and **Push Groups**.
 5. For the **Authentication Mode**, select **HTTP Header**.
-6. Create a Fleet API-only user with maintainer permissions and copy API token for that user (learn how [here](https://fleetdm.com/guides/fleetctl#create-api-only-user)). Paste your API token in Okta's **Authorization** field.
+6. [Create a Fleet API-only user](https://fleetdm.com/guides/fleetctl#create-api-only-user) with maintainer permissions and copy API token for that user. Paste your API token in Okta's **Authorization** field.
 7. Select the **Test Connector Configuration** button. You should see success message in Okta.
 8. In Fleet, head to **Settings > Integrations > Identity provider (IdP)** and verify that Fleet successfully received the request from IdP.
 9. Back in Okta, select **Save**.

articles/how-to-configure-logging-destinations.md

@@ -78,7 +78,7 @@ Sumo Logic supports data ingestion via HTTP, making it a reliable choice for log
 
 #### For Splunk
 
-Splunk is a powerful platform for searching, monitoring, and analyzing machine-generated big data. Learn how to connect Fleet to Splunk [here](https://fleetdm.com/guides/log-destinations#splunk).
+Splunk is a powerful platform for searching, monitoring, and analyzing machine-generated big data. You can [configure Fleet to send logs to Splunk](https://fleetdm.com/guides/log-destinations#splunk).
 
 
 ### Conclusion

articles/how-to-uninstall-fleetd.md

@@ -18,7 +18,7 @@ How to uninstall fleetd from a host via Fleet (remotely):
 
 After performing these steps, the host will display as an offline host in the Fleet UI until you delete it.
 
-Are you having trouble uninstalling Fleetd on macOS, Windows, or Linux? Get help [here](https://fleetdm.com/slack).
+Are you having trouble uninstalling Fleetd on macOS, Windows, or Linux? Get help via one of our [support channels](https://fleetdm.com/support).
 
 <meta name="category" value="guides">
 <meta name="authorFullName" value="Eric Shaw">

articles/how-to-use-policies-for-patch-management-in-fleet.md

@@ -24,7 +24,7 @@ Additionally, updated software often includes new features that can ultimately h
 
 In this article, we will be using Google Chrome to demonstrate the functionality, and I already have the latest version’s .pkg downloaded locally.
 
-Select the team you want the policy to run on. Navigate to **Software > Add Software**. Here you can use one of Fleet’s maintained apps, add from VPP or Custom Package. We will use Custom Package in this example and upload the Google Chrome.pkg mentioned previously. After upload, there are a couple of options for pre/post-install queries and scripts - you can read more about those options [here](https://fleetdm.com/guides/deploy-software-packages).
+Select the team you want the policy to run on. Navigate to **Software > Add Software**. Here you can use one of Fleet’s maintained apps, add from VPP or Custom Package. We will use Custom Package in this example and upload the Google Chrome.pkg mentioned previously. After upload, there are a couple of options for pre/post-install queries and scripts - you can read more about those options in our [guide on deploying software](https://fleetdm.com/guides/deploy-software-packages).
 
 Navigate to **Policies**, select the team you want the policy to run in.
 

articles/log-destinations.md

@@ -84,7 +84,7 @@ resource "aws_kinesis_firehose_delivery_stream" "test_stream" {
 }
 ```
 
-For the latest configuration go to HashiCorp's Terraform docs [here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#splunk-destination).
+For the latest configuration go to [HashiCorp's Terraform docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#splunk-destination).
 
 ## Amazon Kinesis Data Streams
 

articles/macos-mdm-setup.md

@@ -62,7 +62,7 @@ Hosts that automatically enroll will be assigned to a default team. You can conf
 
 > Available in Fleet Premium
 
-To connect Fleet to Apple's VPP, head to the guide [here](https://fleetdm.com/guides/install-vpp-apps-on-macos-using-fleet).
+To connect Fleet to Apple's VPP, follow the instructions in our [VPP guide](https://fleetdm.com/guides/install-vpp-apps-on-macos-using-fleet#prerequisites).
 
 ## Best practice
 

articles/macos-setup-experience.md

@@ -16,7 +16,7 @@ In Fleet, you can customize the out-of-the-box macOS Setup Assistant with Remote
 
 In addition to the customization above, Fleet automatically installs the fleetd agent during out-of-the-box macOS setup. This agent is responsible for reporting host vitals to Fleet and presenting Fleet Desktop to the end user.
 
-macOS setup features require connecting Fleet to Apple Business Manager (ABM). Learn how [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm).
+macOS setup features require [connecting Fleet to Apple Business Manager (ABM)](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm).
 
 ## End user authentication and end user license agreement (EULA)
 
@@ -95,7 +95,7 @@ Verify that the package is a distribution package:
 To sign the package we need a valid Developer ID Installer certificate:
 
 1. Login to your [Apple Developer account](https://developer.apple.com/account).
-2. Follow Apple's instructions to create a Developer ID Installer certificate [here](https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates).
+2. Follow [Apple's instructions to create a Developer ID Installer certificate](https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates).
 
   > During step 3 in Apple's instructions, make sure you choose "Developer ID Installer." You'll need this kind of certificate to sign the package.
 
@@ -139,7 +139,7 @@ To customize the macOS Setup Assistant, we will do the following steps:
 
 ### Step 1: Create an automatic enrollment profile
 
-1. Download Fleet's example automatic enrollment profile by navigating to the example [here](https://fleetdm.com/example-dep-profile) and clicking the download icon.
+1. Download Fleet's example automatic enrollment profile by navigating to [the example](https://fleetdm.com/example-dep-profile) and clicking the **Download** icon.
 
 2. Open the automatic enrollment profile and replace the `profile_name` key with your organization's name.
 
@@ -147,7 +147,7 @@ To customize the macOS Setup Assistant, we will do the following steps:
 
 4. In your automatic enrollment profile, edit the `skip_setup_items` array so that it includes the panes you want to hide.
 
-  > You can modify properties other than `skip_setup_items`. These are documented by Apple [here](https://developer.apple.com/documentation/devicemanagement/profile).
+  > You can modify properties other than `skip_setup_items`. See [Apple's profile documentation](https://developer.apple.com/documentation/devicemanagement/profile) for valid fields.
     The `await_device_configured` option is always set to `true` to allow Fleet to take actions like running scripts and installing software packages during the enrollment process.
     If you'd like to release devices manually, you can check the "Release device manually" option in Setup experience > Setup assistant > Show advanced options.
 
@@ -167,7 +167,7 @@ Testing requires a test Mac that is present in your Apple Business Manager (ABM)
 
 2. In Fleet, navigate to the Hosts page and find your Mac. Make sure that the host's **MDM status** is set to "Pending."
 
-  > New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." Learn more about these hosts [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm).
+  > New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." See our [automatic enrollment guide](https://fleetdm.com/guides/macos-mdm-setup#automatic-enrollment) for more information.
 
 3. Transfer this host to the "Workstations (canary)" team by selecting the checkbox to the left of the host and selecting **Transfer** at the top of the table. In the modal, choose the Workstations (canary) team and select **Transfer**.
 
@@ -183,7 +183,7 @@ If you configure software and/or a script for setup experience, users will see a
 
 This window shows the status of the software installations as well as the script exectution. Once all steps have completed, the window can be closed and Setup Assistant will proceed as usual.
 
-To replace the Fleet logo with your organization's logo, head to **Settings** > **Organization settings** > **Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. See recommended sizes for logos [here](https://fleetdm.com/docs/configuration/yaml-files#org-info).
+To replace the Fleet logo with your organization's logo, head to **Settings** > **Organization settings** > **Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. See [configuration documentation](https://fleetdm.com/docs/configuration/yaml-files#org-info) for recommended logo sizes.
 
 > The setup experience script always runs after setup experience software is installed. Currently, software that [automatically installs](https://fleetdm.com/guides/automatic-software-install-in-fleet) and scripts that [automatically run](https://fleetdm.com/guides/policy-automation-run-script) are also installed and run during Setup Assistant but won't appear in the window. Automatic software and scripts may run before or after setup the experience software/script. They aren't installed/run in any particular order.
 
@@ -209,7 +209,7 @@ Fleet also provides a REST API for managing setup experience software and script
 
 ### Configuring via GitOps
 
-To manage setup experience software and script using Fleet's best practice GitOps, check out the `macos_setup` key in the GitOps reference documentation [here](https://fleetdm.com/docs/configuration/yaml-files#macos-setup)
+To manage setup experience software and script using Fleet's best practice GitOps, check out the `macos_setup` key in the [GitOps reference documentation](https://fleetdm.com/docs/configuration/yaml-files#macos-setup)
 
 ## Advanced
 

articles/managing-labels-in-fleet.md

@@ -66,7 +66,7 @@ fleetctl get labels
 
 
 
-* **Targeting extensions with labels**: Labels can also target extensions to specific hosts. You can find more details on this functionality [here](https://fleetdm.com/docs/configuration/agent-configuration#targeting-extensions-with-labels).
+* **Targeting extensions with labels**: Labels can also [target extensions to specific hosts](https://fleetdm.com/docs/configuration/agent-configuration#targeting-extensions-with-labels).
 
 
 ### Conclusion

articles/mdm-commands.md

@@ -23,7 +23,7 @@ The end result simply needs to be a standard, plain text file with the correct k
 
 ### Examples
 
-To restart a macOS host, we can use the "Restart a Device" MDM command documented by Apple [here](https://developer.apple.com/documentation/devicemanagement/restart_a_device#3384428). 
+To restart a macOS host, we can use the ["Restart a Device" MDM command](https://developer.apple.com/documentation/devicemanagement/restart_a_device).
 
 Below is the text to be used as the MDM command payload. Save it as a file and name it something like `apple-restart-device.xml`.
 
@@ -41,7 +41,7 @@ Below is the text to be used as the MDM command payload. Save it as a file and n
 </plist>
 ```
 
-To restart a Windows host, we can use the "Reboot" command documented by Microsoft [here](https://learn.microsoft.com/en-us/windows/client-management/mdm/reboot-csp).
+To restart a Windows host, we can use the ["Reboot" command](https://learn.microsoft.com/en-us/windows/client-management/mdm/reboot-csp).
 
 Below is the text to be used as the MDM command payload. Save it as a file and name it something like `windows-restart-device.xml`.
 

articles/mdm-migration.md

@@ -20,7 +20,7 @@ To migrate hosts, we will do the following steps:
 
 ### Step 1: Enroll hosts to Fleet
 
-1. First, enroll your hosts to Fleet by installing Fleet's agent (fleetd). Learn how [here](https://fleetdm.com/guides/enroll-hosts).
+1. First, [enroll your hosts](https://fleetdm.com/guides/enroll-hosts) to Fleet by installing Fleet's agent (fleetd).
 2. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account.
 
 ### Step 2: Assign hosts in Apple Business Manager (ABM) to Fleet
@@ -72,10 +72,10 @@ Fleet UI:
 2. Scroll down to the **End user migration workflow** section and select the toggle to enable the workflow.
 3. Under **Mode**, choose a mode, enter the webhook URL for your automation tool (e.g., Tines) under **Webhook URL**, and select **Save**.
 4. During the end user migration workflow, an end user's device will have its selected system theme (light or dark) applied. If your logo is not easy to see on both light and dark backgrounds, you can optionally set a logo for each theme:
-Head to **Settings** > **Organization settings** > **Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. See recommended sizes for logos [here](https://fleetdm.com/docs/configuration/yaml-files#org-info).
+Head to **Settings** > **Organization settings** > **Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. See [configuration docs](https://fleetdm.com/docs/configuration/yaml-files#org-info) for recommended sizes for logos.
 5. During migration, end users will see a button that says "Unsure? Contact IT". Head to **Settings** > **Organization settings** > **Organization info** > **Organization support URL** to direct users to your help desk if they have any questions. 
 
-Fleet API: API documentation is [here](https://fleetdm.com/docs/rest-api/rest-api#mdm-macos-migration)
+Fleet API: MDM migration settings are configured via the [`mdm.macos_migration`](https://fleetdm.com/docs/rest-api/rest-api#mdm-macos-migration) field on the [Modify configuration API endpoint](https://fleetdm.com/docs/rest-api/rest-api#modify-configuration).
 
 GitOps:
   - To manage macOS MDM migration configuration using Fleet's best practice GitOps, check out the `macos_migration` key in the [GitOps reference documentation](https://fleetdm.com/docs/configuration/yaml-files#macos-migration).
@@ -93,7 +93,7 @@ _Available in Fleet Premium_
 
 When migrating from a previous MDM, end users must restart or log out of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions on how to reset their key.
 
-To start, enforce FileVault disk encryption and escrow recovery keys in Fleet. Learn how [here](https://fleetdm.com/guides/enforce-disk-encryption).
+To start, [enforce FileVault disk encryption](https://fleetdm.com/guides/enforce-disk-encryption) in Fleet.
 
 After turning on disk encryption in Fleet, share [these guided instructions](#how-to-turn-on-disk-encryption) with your end users.
 

articles/migrating-to-gitops-using-fleetctl.md

@@ -2,7 +2,7 @@
 
 ## Introduction
 
-At Fleet, we are strong proponents of using [GitOps](https://fleetdm.com/guides/sysadmin-diaries-gitops-a-strategic-advantage#basic-article) to manage your configuration (you can read more about our rationale [here](https://fleetdm.com/guides/articles/preventing-mistakes-with-gitops)). But what if you already have a Fleet instance with complex configuration or a large numbers of labels, policies, queries or software installers? How can you migrate your configuration management to GitOps while ensuring that nothing is lost in the shuffle?
+At Fleet, we are strong proponents of using [GitOps](https://fleetdm.com/guides/sysadmin-diaries-gitops-a-strategic-advantage#basic-article) to manage your configuration, as it [improves reliability, reduces errors, and enables consistent, auditable management of your device infrastructure](https://fleetdm.com/guides/articles/preventing-mistakes-with-gitops). But what if you already have a Fleet instance with complex configuration or a large numbers of labels, policies, queries or software installers? How can you migrate your configuration management to GitOps while ensuring that nothing is lost in the shuffle?
 
 Enter `fleetctl generate-gitops`.
 

articles/policy-automation-run-script.md

@@ -4,7 +4,7 @@
 
 Fleet [v4.58.0](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.58.0) introduces the ability to execute scripts on hosts automatically based on predefined policy failures. This guide will walk you through configuring Fleet to automatically execute scripts on hosts using uploaded scripts based on programmed policies.
 
-Fleet allows users to upload scripts executed on macOS, Windows, and Linux hosts to remediate issues with those hosts. These scripts can now be automated to run when a policy fails. Learn more about scripts [here](https://fleetdm.com/guides/scripts).
+Fleet allows users to upload [scripts](https://fleetdm.com/guides/scripts) executed on macOS, Windows, and Linux hosts to remediate issues with those hosts. These scripts can now be automated to run when a policy fails.
 
 ## Prerequisites
 

articles/queries.md

@@ -2,7 +2,7 @@
 
 Queries in Fleet allow you to ask questions to help you manage, monitor, and identify threats on your devices. This guide will walk you through how to create, schedule, and run a query.
 
-> Note: Unless a logging infrastructure is configured on your Fleet server, osquery-related logs will be stored locally on each device. Read more [here](https://fleetdm.com/guides/log-destinations)
+> Unless a [log destination](https://fleetdm.com/guides/log-destinations) is configured, osquery logs will be stored locally on each device.
 
 > New users may find it helpful to start with Fleet's policies. You can find policies and queries from the community in Fleet's [query library](https://fleetdm.com/queries). To learn more about policies, see [What are Fleet policies?](https://fleetdm.com/securing/what-are-fleet-policies) and [Understanding the intricacies of Fleet policies](https://fleetdm.com/guides/understanding-the-intricacies-of-fleet-policies).
 

articles/scripts.md

@@ -13,14 +13,12 @@ Script execution is disabled by default. Continue reading to learn how to enable
 
 If you use Fleet's macOS MDM features, scripts are automatically enabled for macOS hosts that have MDM turned on. You're set!
 
-If you don't use MDM features, to enable scripts, we'll deploy a fleetd agent with scripts enabled:
+If you don't use MDM features, to enable scripts, we'll [deploy a fleetd agent](https://fleetdm.com/guides/enroll-hosts) with scripts enabled:
 
 1. Generate a new fleetd agent for macOS, Windows, or Linux using the `fleetctl package` command with the `--enable-scripts` flag. 
 
 2. Deploy fleetd to your hosts. If your hosts already have fleetd installed, you can deploy the new fleetd on-top of the old installation.
 
-Learn more about generating a fleetd agent and deploying it [here](https://fleetdm.com/guides/enroll-hosts).
-
 ## Manually run scripts
 
 You can run a script in the Fleet UI, with Fleet API, or with the fleetctl command-line interface (CLI).
@@ -47,11 +45,11 @@ fleetctl run-script --script-path=/path/to/script --host=hostname
 
 ## Automatically run scripts
 
-Learn more about automatically running scripts [here](https://fleetdm.com/guides/policy-automation-run-script).
+You can [automatically run scripts](https://fleetdm.com/guides/policy-automation-run-script) using Fleet via policy automations.
 
 ## Batch execute scripts
 
-You can execute a script  on a large number of hosts at the same time using the Fleet UI or Fleet API.
+You can execute a script on a large number of hosts at the same time using the Fleet UI or Fleet API.
 
 Fleet UI:
 

articles/security-testing-at-fleet-orbit-auto-updater-audit.md

@@ -6,12 +6,10 @@ At Fleet, openness is one of our core [values](https://fleetdm.com/handbook/comp
 
 [Orbit](https://blog.fleetdm.com/introducing-orbit-for-osquery-751da494d617) is an [osquery](https://github.com/osquery/osquery) runtime and auto-updater. It leverages [The Update Framework](https://theupdateframework.io/) to create a secure update mechanism using a hierarchy of cryptographic keys and operations.
 
-About a year ago, while Orbit was still brand new, not “production-ready,” and in use by almost nobody, we had an external vendor ([Trail of Bits](https://www.trailofbits.com/)) perform a security audit on the Orbit auto-updater functionality.
+About a year ago, while Orbit was still brand new, not “production-ready,” and in use by almost nobody, we had an external vendor ([Trail of Bits](https://www.trailofbits.com/)) perform a [security audit](https://fleetdm.com/docs/using-fleet/security-audits) on the Orbit auto-updater functionality.
 
 We then handled the issues surfaced by the audit publicly in the Fleet repository and the old Orbit repository.
 
-You can read more about the 2021 Orbit auto-updater security audit [here](https://fleetdm.com/docs/using-fleet/security-audits).
-
 ### Testing in the future
 
 Fleet will regularly perform security tests. These tests will target Fleet, Orbit, our company, and many other components.

articles/teams.md

@@ -46,7 +46,7 @@ You can add hosts to a team in Fleet by either enrolling the host with a team's
 
 ## Advanced
 
-You can automatically enroll hosts to a specific team in Fleet by installing a fleetd with a team enroll secret. Learn more [here](https://fleetdm.com/guides/enroll-hosts#enroll-host-to-a-specific-team).
+You can automatically enroll hosts to a specific team in Fleet by installing a fleetd agent with a [team enroll secret](https://fleetdm.com/guides/enroll-hosts#enroll-host-to-a-specific-team).
 
 Changing the host's enroll secret after enrollment will not cause the host to be transferred to a different team.
 

articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report.md

@@ -116,7 +116,7 @@ With all of the parts needed for the post, we use a final `Compose` card to stri
 ![Okta workflow Compose card composing Slack message.](../website/assets/images/articles/using-fleet-and-okta-workflows-image8-500x426@2x.png "Okta workflow Compose card composing Slack message.")
 
 
-Using one of my favorite cards, the `Construct` we create the key:value pair for our Slack message. So, for example, to post to the Slack API, we need a couple of values like, `channel` and `text`. And since we are using our friendly bot, we throw in the `username` as well. Check out the Slack docs [here](https://api.slack.com/methods/chat.postMessage) for the different keys you can use in the chat.postMessage API method, it's extensive!
+Using one of my favorite cards, the `Construct` we create the key:value pair for our Slack message. So, for example, to post to the Slack API, we need a couple of values like, `channel` and `text`. And since we are using our friendly bot, we throw in the `username` as well. Check out the [Slack API docs](https://api.slack.com/methods/chat.postMessage) for the different keys you can use in the chat.postMessage API method, it's extensive!
 
 ```{
 

articles/what-api-endpoints-to-expose-to-the-public-internet.md

@@ -33,7 +33,7 @@ If you would like to use Fleet's macOS MDM features, the following endpoints nee
 - `/mdm/apple/mdm`: Allows hosts to reach the server using the MDM protocol.
 - `/api/mdm/apple/enroll`: If you use automatic enrollment, allows hosts to get an enrollment profile.
 - `/api/*/fleet/device/*`: Provides end users access to their **My device** page.
-  - This page is where they download their manual enrollment profile, rotate their disk encryption key, and use other features. For more information on these API endpoints see the documentation [here](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/api-for-contributors.md#device-authenticated-routes).
+  - This page is where they download their manual enrollment profile, rotate their disk encryption key, and use other features. For more information on these API endpoints see the [API documentation for device-authenticated routes](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/api-for-contributors.md#device-authenticated-routes).
 - `/api/*/fleet/mdm/sso` and `/api/*/fleet/mdm/sso/callback`: If you use automatic enrollment and you require [end user authentication](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula) during out-of-the-box macOS setup, allows end users to authenticate with your IdP.
 - `/api/*/fleet/mdm/setup/eula/*`: If you use automatic enrollment and you require that the end user agrees to an [End User License Agreement (EULA)](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula) during out-of-the-box macOS setup, allows end user to see the EULA.
 - `/api/*/fleet/mdm/bootstrap`: If you use automatic enrollment and you install a [bootstrap package](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#bootstrap-package) during out-of-the-box macOS setup, installs the bootstrap package.

articles/windows-mdm-setup.md

@@ -6,7 +6,7 @@ To control OS settings, updates, and more on Windows hosts follow the manual enr
 
 To use automatic enrollment (aka zero-touch) features on Windows, follow instructions to connect Fleet to Microsoft Entra ID. You can further customize zero-touch with Windows Autopilot.
 
-To migrate Windows hosts from your current MDM solution to Fleet, follow the instructions [here](#automatic-windows-mdm-migration). 
+To migrate Windows hosts from your current MDM solution to Fleet, follow the [Automatic Windows MDM migration](#automatic-windows-mdm-migration) instructions.
 
 ## Turn on Windows MDM
 
@@ -142,7 +142,7 @@ Testing automatic enrollment requires creating a test user in Microsoft Entra ID
 2. After it's been wiped, open your workstation and follow the setup steps. At screen in which you're asked to sign in, you should see the title "Welcome to [your organziation]!" next to the logo you uploaded in step 4.
 
 
-## Automatic Windows MDM Migration
+## Automatic Windows MDM migration
 
 Fleet can automatically migrate your Windows hosts from another MDM solution to Fleet without end user interaction.
 
@@ -168,7 +168,7 @@ Follow the [steps above](#manual-enrollment) to turn on Windows MDM in Fleet.
 
 Once the automatic migration is enabled, Fleet sends a notification to each host to tell it to migrate. This process usually takes a few minutes at most.
 
-You can track migration progress in Fleet. Learn how [here](https://fleetdm.com/guides/mdm-migration#check-migration-progress).
+You can [track migration progress in Fleet](https://fleetdm.com/guides/mdm-migration#check-migration-progress).
 
 ## Turn off Windows MDM