update module

Author: ceperezb

learn-pr/wwl-sci/describe-security-concepts-methodologies/1-introduction.yml

@@ -4,10 +4,10 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 1
+durationInMinutes: 2
 content: |
   [!include[](includes/1-introduction.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/2-describe-shared-responsibility-model.yml

@@ -4,10 +4,10 @@ title: Describe the shared responsibility model
 metadata:
   title: Describe the shared responsibility model
   description: "Describe the shared responsibility model"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 3
+durationInMinutes: 8
 content: |
   [!include[](includes/2-describe-shared-responsibility-model.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/3-describe-defense-depth.yml

@@ -4,10 +4,10 @@ title: Describe defense in depth
 metadata:
   title: Describe defense in depth
   description: "Describe defense in depth"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 4
+durationInMinutes: 8
 content: |
   [!include[](includes/3-describe-defense-depth.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/4-describe-zero-trust-model.yml

@@ -4,10 +4,10 @@ title: Describe the Zero Trust model
 metadata:
   title: Describe the Zero Trust model
   description: "Describe the Zero Trust model"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 5
+durationInMinutes: 10
 content: |
   [!include[](includes/4-describe-zero-trust-model.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/5-describe-encryption-hashing.yml

@@ -4,10 +4,10 @@ title: Describe encryption and hashing
 metadata:
   title: Describe encryption and hashing
   description: "Describe encryption and hashing"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 4
+durationInMinutes: 8
 content: |
   [!include[](includes/5-describe-encryption-hashing.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/6-describe-compliance-concepts.yml

@@ -4,10 +4,10 @@ title: Describe governance, risk, and compliance (GRC) concepts
 metadata:
   title: Describe governance, risk, and compliance (GRC) concepts
   description: "Describe governance, risk, and compliance (GRC) concepts"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 4
+durationInMinutes: 7
 content: |
   [!include[](includes/6-describe-compliance-concepts.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/7-knowledge-check.yml

@@ -6,7 +6,7 @@ metadata:
   ai_generated_module_assessment: true
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
@@ -38,26 +38,26 @@ quiz:
       explanation: "Correct. Multifactor authentication is an example of defense in-depth at the identity and access layer."
     - content: "Ensuring there's no segmentation of your corporate network."
       isCorrect: false
-      explanation: "Incorrect. Splitting a network up into multiple sub-networks provides better layered security and is an example of defense in depth at the network layer."
+      explanation: "Incorrect. Splitting a network up into multiple subnetworks provides better layered security and is an example of defense in depth at the network layer."
   - content: "The human resources organization wants to ensure that stored employee data is encrypted. Which security mechanism would they use?"
     choices:
     - content: "Hashing."
       isCorrect: false
-      explanation: "Incorrect.  Hashing uses an algorithm to convert the original text to a *unique* fixed-length hash value but it is different to encryption in that it doesn't use keys, and the hashed value isn't subsequently decrypted back to the original."
+      explanation: "Incorrect. Hashing uses an algorithm to convert the original text to a *unique* fixed-length hash value but it's different to encryption in that it doesn't use keys, and the hashed value isn't  decrypted back to the original."
     - content: "Encryption in transit."
       isCorrect: false
-      explanation: "Incorrect.  Encryption in transit is used for encrypting data that is moving from one location to another, not for data that is stored or at rest."
+      explanation: "Incorrect. Encryption in transit is used for encrypting data that's moving from one location to another, not for data that is stored or at rest."
     - content: "Encryption at rest."
       isCorrect: true
       explanation: "Correct. Encryption at rest could be part of a security strategy to protect stored employee  data."
   - content: "Which of the following best describes the concept of data sovereignty?"
     choices:
     - content: "There are regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally."
       isCorrect: false
-      explanation: "​​​Incorrect. Regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally relates to data residency.  Data sovereignty, is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
-    - content: "Data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
+      explanation: "​​​Incorrect. Regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally relates to data residency. Data sovereignty, is the concept that data is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
+    - content: "Data is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
       isCorrect: true
-      explanation: "Correct. Data sovereignty is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
+      explanation: "Correct. Data sovereignty is the concept that data is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
     - content: "Trust no one, verify everything."
       isCorrect: false
-      explanation: "Incorrect. Trust no one, verify everything describes the Zero Trust model. Data sovereignty is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."
+      explanation: "Incorrect. Trust no one, verify everything describes the Zero Trust model. Data sovereignty is the concept that data is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed."

learn-pr/wwl-sci/describe-security-concepts-methodologies/8-summary-resources.yml

@@ -4,10 +4,10 @@ title: Summary and resources
 metadata:
   title: Summary and resources
   description: "Summary and resources"
-  ms.date: 09/23/2024
+  ms.date: 03/31/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 1
+durationInMinutes: 2
 content: |
   [!include[](includes/8-summary-resources.md)]

learn-pr/wwl-sci/describe-security-concepts-methodologies/includes/1-introduction.md

@@ -1,12 +1,12 @@
 
+As more business data is accessed from locations outside the traditional corporate network, security and compliance are critical concerns for organizations of all sizes. Organizations need to understand how to protect their data, regardless of where it's accessed from and whether it sits on a corporate network, in the cloud, or in AI-powered services. They also need to stay compliant with the growing number of industry and regulatory requirements that govern how data must be handled, stored, and protected.
 
-As more business data is being accessed from locations outside of the traditional corporate network, security and compliance have become overriding concerns. Organizations need to understand how they can best protect their data, regardless of where it's accessed from, and whether it sits on their corporate network or in the cloud.  In addition, organizations need to ensure they're compliant with industry and regulatory requirements to ensure the protection and privacy of data.
-
-This module introduces some important security and compliance concepts. You'll learn about the shared responsibility model, defense in depth, and Zero Trust model.   You'll be introduced to the concepts of encryption and hashing as ways to protect data. Lastly, you'll learn about concepts that relate to compliance.
+This module introduces the foundational security and compliance concepts that underpin the Microsoft security, compliance, and identity portfolio. You start with the shared responsibility model, which clarifies which security responsibilities belong to you and which belong to your cloud provider. From there, you explore how a defense-in-depth strategy layers multiple controls to slow and stop attacks, and how the confidentiality, integrity, and availability (CIA) triad frames the goals of any security effort. You learn about the Zero Trust model—and why trusting the network perimeter alone is no longer sufficient in a world where work happens from anywhere. You then explore encryption and hashing as technical mechanisms for protecting data. Finally, you learn about governance, risk, and compliance (GRC) as the structured approach organizations use to manage their obligations and responsibilities.
 
 After completing this module, you'll be able to:
 
-- Describe the shared responsibility and the defense in-depth security models.
-- Describe the Zero-Trust model.
-- Describe the concepts of encryption and hashing.
-- Describe some basic compliance concepts.
+- Describe the shared responsibility model and how responsibilities shift across on-premises, IaaS, PaaS, and SaaS environments, including AI services.
+- Describe defense-in-depth as a layered security strategy and explain the confidentiality, integrity, and availability (CIA) triad.
+- Describe the Zero Trust model, its guiding principles, and its seven foundational pillars.
+- Describe encryption and hashing as mechanisms for protecting data at rest, in transit, and in use.
+- Describe Governance, Risk, and Compliance (GRC) concepts, including data residency, data sovereignty, and data privacy.