dotnet · alexwolfmsft · Nov 24, 2025 · Nov 24, 2025 · Nov 24, 2025 · Nov 24, 2025
@@ -87,7 +87,7 @@ The AI template uses Microsoft Entra ID for seamless, keyless authentication. It
 
     * In the Azure Portal, navigate to the overview page of your Azure OpenAI resource.
     * Select **Access control (IAM)** from the left navigation.
-    * [Add a role assignment](../../../azure/sdk/authentication/local-development-dev-accounts.md#assign-roles-to-the-group) for the `Azure AI Developer` role to your Azure account.
+    * [Add a role assignment](/dotnet/azure/sdk/authentication/local-development-dev-accounts#assign-roles-to-the-group) for the `Azure AI Developer` role to your Azure account.
 
 1. [Sign-in to a local development tool](../../../azure/sdk/authentication/local-development-dev-accounts.md#sign-in-to-azure-using-developer-tooling) such as Visual Studio or the Azure CLI using the Azure account you assigned the `Azure AI Developer` role to.
 

@@ -9,29 +9,29 @@ zone_pivot_groups: operating-systems-set-one
 
 # Authenticate .NET apps to Azure services during local development using brokered authentication
 
-[!INCLUDE [broker-intro](../includes/broker-intro.md)]
+[!INCLUDE [broker-intro](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-intro.md)]
 
 :::zone target="docs" pivot="os-windows"
 
-[!INCLUDE [broker-windows](../includes/broker-windows.md)]
+[!INCLUDE [broker-windows](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-windows.md)]
 
 :::zone-end
 
 :::zone target="docs" pivot="os-macos"
 
-[!INCLUDE [broker-mac](../includes/broker-mac.md)]
+[!INCLUDE [broker-mac](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-mac.md)]
 
 :::zone-end
 
 :::zone target="docs" pivot="os-linux"
 
-[!INCLUDE [broker-linux](../includes/broker-linux.md)]
+[!INCLUDE [broker-linux](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-linux.md)]
 
 :::zone-end
 
-[!INCLUDE [broker-configure-app](../includes/broker-configure-app.md)]
+[!INCLUDE [broker-configure-app](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-configure-app.md)]
 
-[!INCLUDE [broker-assign-roles](../includes/broker-assign-roles.md)]
+[!INCLUDE [broker-assign-roles](~/azure-dev-docs-pr/articles/includes/authentication/includes/broker-assign-roles.md)]
 
 ## Implement the code
 

@@ -39,17 +39,17 @@ The Azure Identity library can detect that the developer is signed-in from one o
 
 This approach takes advantage of the developer's existing Azure accounts to streamline the authentication process. However, a developer's account likely has more permissions than required by the app, therefore exceeding the permissions the app runs with in production. As an alternative, you can [create application service principals to use during local development](./local-development-service-principal.md), which can be scoped to have only the access needed by the app.
 
-[!INCLUDE [auth-create-entra-group](../includes/auth-create-entra-group.md)]
+[!INCLUDE [auth-create-entra-group](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-create-entra-group.md)]
 
-[!INCLUDE [auth-assign-group-roles](../includes/auth-assign-group-roles.md)]
+[!INCLUDE [auth-assign-group-roles](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-assign-group-roles.md)]
 
 ## Sign-in to Azure using developer tooling
 
 Next, sign-in to Azure using one of several developer tools that can be used to perform authentication in your development environment. The account you authenticate should also exist in the Microsoft Entra group you created and configured earlier.
 
 ### [Visual Studio](#tab/sign-in-visual-studio)
 
-[!INCLUDE [auth-visual-studio](../includes/auth-visual-studio.md)]
+[!INCLUDE [auth-visual-studio](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-visual-studio.md)]
 
 ### [Visual Studio Code](#tab/sign-in-visual-studio-code)
 
@@ -122,4 +122,4 @@ Connect-AzAccount -UseDeviceAuthentication
 
 ---
 
-[!INCLUDE [Implement DefaultAzureCredential](<../includes/implement-defaultazurecredential.md>)]
+[!INCLUDE [Implement DefaultAzureCredential](~/azure-dev-docs-pr/articles/includes/authentication/includes/implement-defaultazurecredential.md)]
@@ -30,12 +30,12 @@ When the app is registered in Azure, an application service principal is created
 
 During local development, environment variables are set with the application service principal's identity. The Azure Identity library reads these environment variables to authenticate the app to the required Azure resources.
 
-[!INCLUDE [create-app-registration](../includes/auth-create-app-registration.md)]
+[!INCLUDE [create-app-registration](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-create-app-registration.md)]
 
-[!INCLUDE [create-entra-group](../includes/auth-create-entra-group.md)]
+[!INCLUDE [create-entra-group](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-create-entra-group.md)]
 
-[!INCLUDE [auth-assign-group-roles](../includes/auth-assign-group-roles.md)]
+[!INCLUDE [auth-assign-group-roles](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-assign-group-roles.md)]
 
-[!INCLUDE [auth-set-environment-variables](../includes/auth-set-environment-variables.md)]
+[!INCLUDE [auth-set-environment-variables](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-set-environment-variables.md)]
 
-[!INCLUDE [Implement Service Principal](<../includes/implement-service-principal.md>)]
+[!INCLUDE [Implement Service Principal](../includes/implement-service-principal.md)]
@@ -21,7 +21,7 @@ Using dedicated application service principals allows you to adhere to the princ
 
 A different app registration should be created for each environment the app is hosted in. This allows environment specific resource permissions to be configured for each service principal and make sure an app deployed to one environment doesn't talk to Azure resources that are part of another environment.
 
-[!INCLUDE [auth-create-app-registration](../includes/auth-create-app-registration.md)]
+[!INCLUDE [auth-create-app-registration](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-create-app-registration.md)]
 
 ## Assign roles to the application service principal
 
@@ -66,6 +66,6 @@ Next, determine what roles (permissions) your app needs on what resources and as
 
 ---
 
-[!INCLUDE [auth-set-environment-variables](../includes/auth-set-environment-variables.md)]
+[!INCLUDE [auth-set-environment-variables](~/azure-dev-docs-pr/articles/includes/authentication/includes/auth-set-environment-variables.md)]
 
 [!INCLUDE [implement-service-principal](../includes/implement-service-principal.md)]
@@ -15,7 +15,7 @@ The recommended approach to authenticate an Azure-hosted app to other Azure reso
 - How to assign roles to the system-assigned managed identity
 - How to authenticate using the system-assigned managed identity from your app code
 
-[!INCLUDE [managed-identity-concepts](../includes/managed-identity-concepts.md)]
+[!INCLUDE [managed-identity-concepts](~/azure-dev-docs-pr/articles/includes/authentication/includes/managed-identity-concepts.md)]
 
 The sections ahead describe the steps to enable and use a system-assigned managed identity for an Azure-hosted app. If you need to use a user-assigned managed identity, visit the [user-assigned managed identities](user-assigned-managed-identity.md) article for more information.
 

@@ -15,7 +15,7 @@ The recommended approach to authenticate an Azure-hosted app to other Azure reso
 - How to assign roles to the user-assigned managed identity
 - How to authenticate using the user-assigned managed identity from your app code
 
-[!INCLUDE [managed-identity-concepts](../includes/managed-identity-concepts.md)]
+[!INCLUDE [managed-identity-concepts](~/azure-dev-docs-pr/articles/includes/authentication/includes/managed-identity-concepts.md)]
 
 The sections ahead describe the steps to enable and use a user-assigned managed identity for an Azure-hosted app. If you need to use a system-assigned managed identity, visit the [system-assigned managed identities](system-assigned-managed-identity.md) article for more information.