Module updates

Author: Rob-Barefoot

learn-pr/wwl-azure/guided-project-share-files-securely/10-summary.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-share-files-securely.summary
+title: Summary
+metadata:
+  title: Summary
+  description: "Summary"
+  ms.date: 03/16/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 2
+content: |
+  [!include[](includes/10-summary.md)]

learn-pr/wwl-azure/guided-project-share-files-securely/7-validate-success.yml

@@ -10,6 +10,6 @@ metadata:
   ms.topic: unit
   ms.custom:
   - N/A
-durationInMinutes: 10
+durationInMinutes: 2
 content: |
   [!include[](includes/7-validate-success.md)]

learn-pr/wwl-azure/guided-project-share-files-securely/9-knowledge-check.yml

@@ -0,0 +1,51 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-share-files-securely.knowledge-check
+title: Knowledge check
+metadata:
+  title: Knowledge check
+  description: "Knowledge check"
+  ms.date: 03/29/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/9-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "How can you instantly revoke all SAS tokens generated from a stored access policy?"
+    choices:
+    - content: "Regenerate the storage account access keys."
+      isCorrect: false
+      explanation: "Regenerating access keys revokes all SAS tokens on the account, not just the ones from a specific policy. This is a broader action than needed."
+    - content: "Delete the stored access policy."
+      isCorrect: true
+      explanation: "Deleting the stored access policy immediately invalidates all SAS tokens that reference it, providing targeted revocation."
+    - content: "Set the SAS token expiry to a past date."
+      isCorrect: false
+      explanation: "You cannot modify an already-issued SAS token. The token is a signed URL that cannot be changed after generation."
+  - content: "What determines the permissions and expiry of a policy-based SAS token?"
+    choices:
+    - content: "The storage account access tier"
+      isCorrect: false
+      explanation: "The access tier controls storage costs and retrieval speed, not SAS token permissions."
+    - content: "The stored access policy"
+      isCorrect: true
+      explanation: "A stored access policy defines the permissions, start time, and expiry for all SAS tokens generated from it."
+    - content: "The container's public access level"
+      isCorrect: false
+      explanation: "The public access level controls anonymous access. SAS permissions are controlled by the policy or the SAS parameters."
+  - content: "What does a lifecycle management rule do for blob storage?"
+    choices:
+    - content: "Moves blobs between storage accounts automatically."
+      isCorrect: false
+      explanation: "Lifecycle management rules operate within a single storage account. They do not move blobs between accounts."
+    - content: "Backs up blobs to a secondary region."
+      isCorrect: false
+      explanation: "Geo-redundant storage handles regional replication, not lifecycle management rules."
+    - content: "Automatically deletes or moves blobs based on age or conditions."
+      isCorrect: true
+      explanation: "Lifecycle management rules can automatically delete, move to cool storage, or move to archive storage based on the age of the blob."

learn-pr/wwl-azure/guided-project-share-files-securely/includes/10-summary.md

@@ -0,0 +1,14 @@
+You completed a full guided project that mapped to a real IT operations task.
+
+## What you accomplished
+
+-   Configured private blob storage for controlled sharing.
+-   Created a stored access policy to manage SAS token rules centrally.
+-   Generated a policy-based SAS link for secure, time-limited partner access.
+-   Tested that SAS grants access while direct anonymous access is blocked.
+-   Revoked all SAS access instantly by deleting the stored access policy.
+-   Configured a lifecycle management rule to auto-delete shared files after 30 days.
+
+## Next step
+
+Repeat the project once from memory to reinforce the workflow and decision points.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/2-exercise-create-storage-upload-file.md

@@ -89,6 +89,4 @@ Add your file to the container. Once uploaded, only users with explicit permissi
 5.  Confirm **monthly-report.txt** appears in the blob list.
 
 > [!NOTE]
-> **Validation step:** Confirm **monthly-report.txt** is uploaded and visible in the **partner-drop** container.
-
-> [!NOTE]
+> **Validation step:** Confirm **monthly-report.txt** is uploaded and visible in the **partner-drop** container.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/3-exercise-create-access-policy.md

@@ -58,6 +58,4 @@ Now generate a SAS token that inherits its rules from the policy you just create
 > Notice that the **Permissions** and **Expiry** fields are grayed out—they're controlled by the policy, not set individually. This is the key advantage: all tokens share the same rules, and revoking the policy revokes them all.
 
 > [!NOTE]
-> **Validation step:** Confirm the SAS URL is generated and the permissions came from the stored access policy.
-
-> [!NOTE]
+> **Validation step:** Confirm the SAS URL is generated and the permissions came from the stored access policy.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/4-exercise-test-partner-access.md

@@ -42,6 +42,4 @@ Now verify that the policy-based SAS token grants access to the same file that w
 4.  Keep this incognito window open—you'll use it again in the next exercise.
 
 > [!NOTE]
-> **Validation step:** Confirm the SAS URL displays the file content from the same unauthenticated incognito session that was just denied direct access.
-
-> [!NOTE]
+> **Validation step:** Confirm the SAS URL displays the file content from the same unauthenticated incognito session that was just denied direct access.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/5-exercise-revoke-access.md

@@ -70,6 +70,4 @@ Verify that revoking SAS access only removed the external pathway—the file its
 4.  Close the incognito window.
 
 > [!NOTE]
-> **Validation step:** The file remains in the container. Revoking SAS access doesn't delete data—it only removes the access pathway.
-
-> [!NOTE]
+> **Validation step:** The file remains in the container. Revoking SAS access doesn't delete data—it only removes the access pathway.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/6-exercise-lifecycle-management.md

@@ -58,6 +58,4 @@ Verify the rule details to make sure it targets the right container and action.
 > Lifecycle rules run once per day. In a production environment, blobs that meet the 30-day condition would be deleted during the next rule execution cycle. You won't see the rule execute during this project, but the configuration is in place.
 
 > [!NOTE]
-> **Validation step:** Confirm the rule targets the **partner-drop/** prefix with a 30-day delete action.
-
-> [!NOTE]
+> **Validation step:** Confirm the rule targets the **partner-drop/** prefix with a 30-day delete action.

learn-pr/wwl-azure/guided-project-share-files-securely/includes/7-validate-success.md

@@ -1,5 +1,3 @@
-## Validate success
-
 Review the validation steps you completed during the exercises. Confirm that each item below is true before moving on.
 
 -   [ ] The storage account is deployed and the **partner-drop** container is created with **Private** access level.