diff --git a/docs/identity-platform/msal-acquire-cache-tokens.md b/docs/identity-platform/msal-acquire-cache-tokens.md
index e766a79aef2..9b77a7be3b0 100644
--- a/docs/identity-platform/msal-acquire-cache-tokens.md
+++ b/docs/identity-platform/msal-acquire-cache-tokens.md
@@ -81,6 +81,7 @@ For web applications that use the [OpenID Connect authorization code flow](v2-pr
 
 The method of acquiring a token depends on whether it's a public client or confidential client application.
 
+
 ### Public client applications
 
 In public client applications (desktop and mobile), you can:
@@ -113,6 +114,10 @@ When your client requests an access token, Microsoft Entra ID also returns an au
 
 [!INCLUDE [advanced-token-caching](~/includes/advanced-token-cache.md)]
 
+
+> [!NOTE]
+> When acquiring tokens interactivelly using [authentication broker](msal-net-use-brokers-with-xamarin-apps.md), the authentication broker will do cache-lookup first and return cached token if available ([GitHub issue - acquireToken uses caching](https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/2197#issuecomment-2447771586)).
+
 ## See also
 
 Several of the platforms supported by MSAL have additional token cache-related information in the documentation for that platform's library. For example:
diff --git a/docs/identity/authentication/how-to-certificate-based-authentication.md b/docs/identity/authentication/how-to-certificate-based-authentication.md
index 035b47584bd..7c1302b5b91 100644
--- a/docs/identity/authentication/how-to-certificate-based-authentication.md
+++ b/docs/identity/authentication/how-to-certificate-based-authentication.md
@@ -66,7 +66,7 @@ The PKI-based trust store has higher limits for the number of CAs and the size o
 
 An admin must configure the trusted CAs that issue user certificates. 
 Only least-privileged administrators are needed to make changes. 
-A PKI-based trust store has RBAC roles [Privilege Authentication Administrator](../role-based-access-control/permissions-reference.md#privileged-authentication-administrator) and [Authentication Administrator](../role-based-access-control/permissions-reference.md#authentication-administrator).
+A PKI-based trust store has RBAC role [Privilege Authentication Administrator](../role-based-access-control/permissions-reference.md#privileged-authentication-administrator).
 
 Upload PKI feature of the PKI-based trust store is available only with  Microsoft Entra ID P1 or P2 license. However, with free license as well, admins can upload all the CAs individually instead of the PKI file and configure the PKI-based trust store.
 
@@ -74,7 +74,7 @@ Upload PKI feature of the PKI-based trust store is available only with  Microsof
 
 #### Create a PKI container object
 1.	Create a PKI container object.
-   1. Sign in to the Microsoft Entra admin center as an [Authentication Policy Administrator](../role-based-access-control/permissions-reference.md#authentication-policy-administrator).
+   1. Sign in to the Microsoft Entra admin center as an [Privilege Authentication Administrator](../role-based-access-control/permissions-reference.md#privileged-authentication-administrator).
    1. Browse to **Protection** > **Show more** > **Security Center** (or **Identity Secure Score**) > **Public key infrastructure (Preview)**.
    1. Click **+ Create PKI**.
    1. Enter **Display Name**.
diff --git a/docs/identity/authentication/media/concept-authentication-oath-tokens/duplicate-tokens.png b/docs/identity/authentication/media/concept-authentication-oath-tokens/duplicate-tokens.png
index 5cb152ff38b..d3316c9f2fb 100644
Binary files a/docs/identity/authentication/media/concept-authentication-oath-tokens/duplicate-tokens.png and b/docs/identity/authentication/media/concept-authentication-oath-tokens/duplicate-tokens.png differ
diff --git a/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/exempted.png b/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/exempted.png
index 65b54169e74..478edafc985 100644
Binary files a/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/exempted.png and b/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/exempted.png differ
diff --git a/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/number.png b/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/number.png
index 9af53fe182f..4485e9de538 100644
Binary files a/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/number.png and b/docs/identity/authentication/media/concept-certificate-based-authentication-technical-deep-dive/number.png differ
diff --git a/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-device-changes.png b/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-device-changes.png
index 0e7af96983d..0ebbb1ba5c9 100644
Binary files a/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-device-changes.png and b/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-device-changes.png differ
diff --git a/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-user-changes.png b/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-user-changes.png
index e4f262b91f2..f782fa675b1 100644
Binary files a/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-user-changes.png and b/docs/identity/authentication/media/how-to-mfa-server-migration-utility/log-analytics-user-changes.png differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/account-in-android.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/account-in-android.png
deleted file mode 100644
index 7e90b86f9bd..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/account-in-android.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/complete-passkey-in-authenticator-android.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/complete-passkey-in-authenticator-android.png
deleted file mode 100644
index d09619f5f24..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/complete-passkey-in-authenticator-android.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/organization-android.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/organization-android.png
deleted file mode 100644
index a08b542c86a..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-android/organization-android.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode-three.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode-three.png
deleted file mode 100644
index b06cbff5168..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode-three.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode.png
deleted file mode 100644
index 10896de9663..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass-manage-mode.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass.png
deleted file mode 100644
index 66d7970f971..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/enter-temporary-access-pass.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/new-passkey-in-authenticator.png b/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/new-passkey-in-authenticator.png
deleted file mode 100644
index 96d23b73569..00000000000
Binary files a/docs/identity/authentication/media/howto-authenticate-passwordless-passkey-ios/new-passkey-in-authenticator.png and /dev/null differ
diff --git a/docs/identity/authentication/media/howto-authentication-passwordless-phone/location.png b/docs/identity/authentication/media/howto-authentication-passwordless-phone/location.png
index eec3bf83529..7b5252c17b5 100644
Binary files a/docs/identity/authentication/media/howto-authentication-passwordless-phone/location.png and b/docs/identity/authentication/media/howto-authentication-passwordless-phone/location.png differ
diff --git a/docs/identity/authentication/media/howto-register-passwordless-passkey-direct-android/account-details.png b/docs/identity/authentication/media/howto-register-passwordless-passkey-direct-android/account-details.png
deleted file mode 100644
index 5f566eb007b..00000000000
Binary files a/docs/identity/authentication/media/howto-register-passwordless-passkey-direct-android/account-details.png and /dev/null differ
diff --git a/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md b/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md
index 66ec761770f..0d0e8cfcb8d 100644
--- a/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md
+++ b/docs/identity/conditional-access/concept-conditional-access-cloud-apps.md
@@ -131,6 +131,8 @@ To view [sign-in logs](/entra/identity/monitoring-health/concept-sign-ins) for t
 1. Add a filter for **Client credential type**.
 1. Adjust the filter to view a specific set of logs based on the client credential used in the sign-in.
 
+For more information see the article [Public client and confidential client applications](/entra/identity-platform/msal-client-applications).
+
 <a name='all-cloud-apps'></a>
 
 ### All resources
diff --git a/docs/identity/domain-services/media/tutorial-configure-password-hash-sync/service-sync-manager.png b/docs/identity/domain-services/media/tutorial-configure-password-hash-sync/service-sync-manager.png
index 83e7f194354..d9b00c5bedc 100644
Binary files a/docs/identity/domain-services/media/tutorial-configure-password-hash-sync/service-sync-manager.png and b/docs/identity/domain-services/media/tutorial-configure-password-hash-sync/service-sync-manager.png differ
diff --git a/docs/identity/hybrid/connect/choose-ad-authn.md b/docs/identity/hybrid/connect/choose-ad-authn.md
index 519f2516c76..43d54a30ee8 100644
--- a/docs/identity/hybrid/connect/choose-ad-authn.md
+++ b/docs/identity/hybrid/connect/choose-ad-authn.md
@@ -174,7 +174,7 @@ The following diagrams outline the high-level architecture components required f
 |Is Windows Hello for Business supported?|[Key trust model](/windows/security/identity-protection/hello-for-business/hello-identity-verification)<br><br>[Hybrid Cloud Trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust)|[Key trust model](/windows/security/identity-protection/hello-for-business/hello-identity-verification)<br><br>[Hybrid Cloud Trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust)<br><br>*Both require Windows Server 2016 Domain functional level*|[Key trust model](/windows/security/identity-protection/hello-for-business/hello-identity-verification)<br><br>[Hybrid Cloud Trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust)<br><br>[Certificate trust model](/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs)|
 |What are the multifactor authentication options?|[Microsoft Entra multifactor authentication](/azure/multi-factor-authentication/)<br><br>[Custom Controls with Conditional Access*](~/identity/conditional-access/controls.md)|[Microsoft Entra multifactor authentication](~/identity/authentication/index.yml)<br><br>[Custom Controls with Conditional Access*](~/identity/conditional-access/controls.md)|[Microsoft Entra multifactor authentication](~/identity/authentication/index.yml)<br><br>[Third-party MFA](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs)<br><br>[Custom Controls with Conditional Access*](~/identity/conditional-access/controls.md)|
 |What user account states are supported?|Disabled accounts<br>(up to 30-minute delay)|Disabled accounts<br><br>Account locked out<br><br>Account expired<br><br>Password expired<br><br>Sign-in hours|Disabled accounts<br><br>Account locked out<br><br>Account expired<br><br>Password expired<br><br>Sign-in hours|
-|What are the Conditional Access options?|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)<br><br>[AD FS claim rules](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator)|
+|What are the Conditional Access options?|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)|[Microsoft Entra Conditional Access, with Microsoft Entra ID P1 or P2](~/identity/conditional-access/overview.md)|
 |Is blocking legacy protocols supported?|[Yes](~/identity/conditional-access/overview.md)|[Yes](~/identity/conditional-access/overview.md)|[Yes](/windows-server/identity/ad-fs/operations/access-control-policies-w2k12)|
 |Can you customize the logo, image, and description on the sign-in pages?|[Yes, with Microsoft Entra ID P1 or P2](~/fundamentals/how-to-customize-branding.md)|[Yes, with Microsoft Entra ID P1 or P2](~/fundamentals/how-to-customize-branding.md)|[Yes](how-to-connect-fed-management.md)|
 |What advanced scenarios are supported?|[Smart password lockout](~/identity/authentication/howto-password-smart-lockout.md)<br><br>[Leaked credentials reports, with Microsoft Entra ID P2](~/id-protection/overview-identity-protection.md)|[Smart password lockout](~/identity/authentication/howto-password-smart-lockout.md)|Multisite low-latency authentication system<br><br>[AD FS extranet lockout](/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-soft-lockout-protection)<br><br>[Integration with third-party identity systems](how-to-connect-fed-compatibility.md)|
diff --git a/docs/identity/hybrid/connect/how-to-connect-health-ad-fs-sign-in.md b/docs/identity/hybrid/connect/how-to-connect-health-ad-fs-sign-in.md
index 9ca67969080..c2cf3b6b957 100644
--- a/docs/identity/hybrid/connect/how-to-connect-health-ad-fs-sign-in.md
+++ b/docs/identity/hybrid/connect/how-to-connect-health-ad-fs-sign-in.md
@@ -84,7 +84,6 @@ If a single factor authentication is performed, two rows are populated with the
 In cases of multifactor authentication, there are three rows with a shared correlation ID and three corresponding Authentication Methods (that is, Forms, Microsoft Entra multifactor authentication, Multifactor). In this particular example, the multifactor in this case shows that the SSO has an MFA.
 
 ***What are the errors that I can see in the report?***
-For a full list of AD FS related errors that are populated in the sign-in report and descriptions, visit [AD FS Help Error Code Reference](https://adfshelp.microsoft.com/References/ConnectHealthErrorCodeReference)
 
 ***I am seeing “00000000-0000-0000-0000-000000000000” in the “User” section of a sign-in. What does that 
 mean?***
diff --git a/docs/identity/hybrid/connect/how-to-connect-health-adfs.md b/docs/identity/hybrid/connect/how-to-connect-health-adfs.md
index b89f9a713a0..f19fc2555b9 100644
--- a/docs/identity/hybrid/connect/how-to-connect-health-adfs.md
+++ b/docs/identity/hybrid/connect/how-to-connect-health-adfs.md
@@ -175,7 +175,7 @@ After enabling AD FS audit logs, you should be able to check the AD FS audit log
 2. Go to **Windows Logs**, and then select **Security**.
 3. In the right pane, select **Filter Current Logs**.
 4. For **Event sources**, select **AD FS Auditing**.
-5. You can get a complete list of AD FS events [here](https://adfshelp.microsoft.com/AdfsEventViewer/GetAdfsEventList).
+
 
 For more information about audit logs, see [Operations questions](./reference-connect-health-faq.yml).
 
@@ -195,7 +195,7 @@ The following tables provide a list of common events that correspond to audit le
 |1202|FreshCredentialSuccessAudit|The Federation Service validated a new credential.|
 |1203|FreshCredentialFailureAudit|The Federation Service failed to validate a new credential.|
 
-For more information see the  complete list of AD FS events [here](https://adfshelp.microsoft.com/AdfsEventViewer/GetAdfsEventList).
+
 
 ##### Verbose audit level events
 
@@ -209,7 +209,6 @@ For more information see the  complete list of AD FS events [here](https://adfsh
 |500|IssuedIdentityClaims|More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information.|
 |501|CallerIdentityClaims|More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information.|
 
-For more information, see the complete list of AD FS events [here](https://adfshelp.microsoft.com/AdfsEventViewer/GetAdfsEventList).
 
 ## Test connectivity to the Microsoft Entra Connect Health service
 
diff --git a/docs/identity/hybrid/connect/how-to-connect-health-alert-catalog.md b/docs/identity/hybrid/connect/how-to-connect-health-alert-catalog.md
index c1380965df5..1de30bf98c7 100644
--- a/docs/identity/hybrid/connect/how-to-connect-health-alert-catalog.md
+++ b/docs/identity/hybrid/connect/how-to-connect-health-alert-catalog.md
@@ -41,7 +41,7 @@ Microsoft Entra Connect Health alerts get resolved on a success condition. Micro
 | High CPU Usage detected | The percentage of CPU consumption crossed the recommended threshold on this server. | <li>This could be a temporary spike in CPU consumption. Check the CPU usage trend from the Monitoring section.</li><li>Inspect the top processes consuming the highest CPU usage on the server.<ol type="a"><li>You might use the Task Manager or execute the following PowerShell Command: <br> <i>get-process \| Sort-Object -Descending CPU \| Select-Object -First 10</i></li><li>If there are unexpected processes consuming high CPU usage, stop the processes using the following PowerShell command: <br> <i>stop-process -ProcessName [name of the process]</i></li></li></ol><li>If the processes seen in the previous list are the intended processes running on the server and the CPU consumption is continuously near the threshold, consider reevaluating the deployment requirements of this server.</li><li>As a fail-safe option you might consider restarting the server. |
 | High Memory Consumption Detected | The percentage of memory consumption of the server is beyond the recommended threshold on this server. | Inspect the top processes consuming the highest memory on the server. You might use the Task Manager or execute the following PowerShell Command:<br> <i>get-process \| Sort-Object -Descending WS \| Select-Object -First 10</i> </br> If there are unexpected processes consuming high memory, stop the processes using the following PowerShell command:<br><i>stop-process -ProcessName [name of the process] </i></li><li> If the processes seen in the previous list are the intended processes running on the server, consider reevaluating the deployment requirements of this server.</li><li>As a failsafe option, you might consider restarting the server. | 
 | Password Hash Synchronization stopped working | Password Hash Synchronization is stopped. As a result passwords won't be synchronized with Microsoft Entra ID. | Restart Microsoft Entra ID Sync Services: <br /> Any synchronization operations currently running are interrupted. You can choose to perform below steps when no synchronization operation is in progress. <br /> <ol> <li>Select <b>Start</b>, select <b>Run</b>, type <b>Services.msc</b>, and then select <b>OK</b>.</li> <li>Locate the <b>Microsoft Entra ID Sync</b>, right-select it, and then select <b>Restart</b>.</li> </ol> </p>  | 
-| Export to Microsoft Entra ID was Stopped. Accidental delete threshold was reached | The export operation to Microsoft Entra ID failed. There were more objects to be deleted than the configured threshold. As a result, no objects were exported. | <li> The number of objects are marked for deletion are greater than the set threshold. Ensure this outcome is desired.</li> <li> To allow the export to continue, perform the following steps: <ol type="a"> <li>Disable Threshold by running Disable-ADSyncExportDeletionThreshold</li> <li>Start Synchronization Service Manager</li> <li>Run Export on Connector with type = Microsoft Entra ID</li> <li>After successfully exporting the objects, enable Threshold by running: Enable-ADSyncExportDeletionThreshold</li> </ol> </li> |
+| Export to Microsoft Entra ID was Stopped. Accidental delete threshold was reached |The export operation to Microsoft Entra ID failed. There were more objects to be deleted than the configured threshold. As a result, no objects were exported. | The number of objects marked for deletion is greater than the maximum threshold set. To evaluate the objects pending deletion, see [prevent accidental deletes](/entra/identity/hybrid/connect/how-to-connect-sync-feature-prevent-accidental-deletes). |
 
 ## Alerts for Active Directory Federation Services
 | Alert Name | Description | Remediation |