fixed minor pr issues

Author: R-C-Stewart

learn-pr/wwl-sci/identify-security-risks-posture-management/includes/1-introduction.md

@@ -1,14 +1,14 @@
-Contoso Healthcare Systems operates a large Azure environment that includes core clinical and administrative workloads alongside expanding AI-powered applications — a patient triage assistant built on Azure OpenAI and an AI-driven medical records summarization service running on Azure AI Foundry. The security team receives hundreds of daily security recommendations but has no structured method to determine which risks represent real, exploitable threats to patient data, AI model integrity, or business continuity.
+Contoso Healthcare Systems operates a large Azure environment that includes core clinical and administrative workloads. Contoso is expanding AI-powered applications—a patient triage assistant built on Azure OpenAI and an AI-driven medical records summarization service running on Azure AI Foundry. The security team receives hundreds of daily security recommendations. The team has no structured method to determine which risks represent real, exploitable threats to patient data, AI model integrity, or business continuity.
 
 Microsoft Defender for Cloud's Cloud Security Posture Management (CSPM) capabilities provide continuous visibility, risk-based prioritization, attack path analysis, and proactive risk hunting to address exactly this challenge. CSPM helps you identify which misconfigurations and exposures matter most by showing you how attackers could exploit them to reach your critical assets.
 
 In this module, you learn to use CSPM features to identify and prioritize security risks across your Azure environment. Specifically, you:
 
 - Compare Foundational CSPM and Defender CSPM plan capabilities, including AI security posture management features
 - Interpret the Cloud Secure Score and security recommendations using the risk-based prioritization model in the Microsoft Defender portal
-- Identify externally exploitable attack paths — including those targeting AI workloads — using attack path analysis
-  - **Initial Access** — internet-exposed resources that serve as entry points into the environment
-  - **Lateral Movement** — paths an attacker can follow from one resource to another, including toward AI services
-  - **Exfiltration** — routes that lead to critical data such as patient health records or AI model training datasets
-  - **Privilege Escalation** — identity and permission misconfigurations that enable attackers to gain elevated access along a path
+- Identify externally exploitable attack paths—including those targeting AI workloads—using attack path analysis
+  - **Initial Access**—internet-exposed resources that serve as entry points into the environment
+  - **Lateral Movement**—paths an attacker can follow from one resource to another, including toward AI services
+  - **Exfiltration**—routes that lead to critical data such as patient health records or AI model training datasets
+  - **Privilege Escalation**—identity and permission misconfigurations that enable attackers to gain elevated access along a path
 - Run graph-based queries in Cloud Security Explorer to proactively discover security risks

learn-pr/wwl-sci/identify-security-risks-posture-management/includes/2-explore-plans-posture-visibility.md

@@ -1,10 +1,10 @@
-Contoso Healthcare's security team needs visibility across their entire Azure environment — clinical infrastructure, virtual machines, storage accounts, databases, and AI-powered applications including Azure OpenAI services and Azure AI Foundry. Microsoft Defender for Cloud provides Cloud Security Posture Management (CSPM) capabilities that give security engineers comprehensive insight into their cloud security state. Here, you explore the two CSPM plan options, learn how to navigate the Cloud Overview dashboard in the Defender portal, discover how CSPM inventories cloud and AI workloads, and understand the Cloud Secure Score model that measures security risk.
+Contoso Healthcare's security team needs visibility across their entire Azure environment—clinical infrastructure, virtual machines, storage accounts, databases, and AI-powered applications including Azure OpenAI services and Azure AI Foundry. Microsoft Defender for Cloud provides Cloud Security Posture Management (CSPM) capabilities that give security engineers comprehensive insight into their cloud security state. Here, you explore the two CSPM plan options. First, learn how to navigate the Cloud Overview dashboard in the Defender portal. Then discover how CSPM inventories cloud and AI workloads, and understand the Cloud Secure Score model that measures security risk.
 
 ## Understand the two CSPM plans
 
 Defender for Cloud offers two CSPM plans with different capabilities. **Foundational CSPM** is enabled by default at no cost when you onboard an Azure subscription. This plan provides secure score, security recommendations, asset inventory, Microsoft Cloud Security Benchmark (MCSB) assessments, workflow automation, and remediation tools across Azure, AWS, GCP, and on-premises environments.
 
-**Defender CSPM** is a paid plan that extends foundational capabilities with advanced features. With Defender CSPM, you gain attack path analysis that identifies potential lateral movement routes, risk prioritization capabilities that surface the most critical issues, and the cloud security explorer for proactive threat hunting. The plan also includes AI security posture management for Azure OpenAI and AI Foundry workloads, data security posture management (DSPM) with sensitive data scanning, agentless scanning for VMs and containers, external attack surface management, regulatory compliance assessments beyond MCSB, custom security recommendations, and governance rules for remediation tracking.
+**Defender CSPM** is a paid plan that extends foundational capabilities with advanced features. With Defender CSPM, you gain attack path analysis that identifies potential lateral movement routes. Additionally, you get risk prioritization capabilities that surface the most critical issues, and the cloud security explorer for proactive threat hunting. The plan also includes AI security posture management for Azure OpenAI and AI Foundry workloads. Combine this with data security posture management (DSPM), sensitive data scanning, agentless scanning for VMs and containers, external attack surface management, regulatory compliance assessments beyond MCSB, custom security recommendations, and governance rules for remediation tracking.
 
 | Feature Category | Foundational CSPM | Defender CSPM |
 |------------------|-------------------|---------------|
@@ -15,7 +15,7 @@ Defender for Cloud offers two CSPM plans with different capabilities. **Foundati
 | Compliance | MCSB only | Regulatory compliance assessments, custom recommendations |
 | Governance | Workflow automation | Governance rules, ServiceNow integration |
 
-Understanding which plan is active determines what features you can access. Many high-value capabilities — including risk prioritization, attack path analysis across all workload types, agentless scanning for VMs and containers, and AI security posture management — require the Defender CSPM plan. For an environment like Contoso Healthcare's, where clinical infrastructure, sensitive data stores, and AI workloads all carry different risk profiles, Defender CSPM provides the depth of analysis needed.
+Understandings which plan is active determine what features you can access. Many high-value capabilities—including risk prioritization, attack path analysis across all workload types, agentless scanning for VMs and containers, and AI security posture management—require the Defender CSPM plan. For an environment like Contoso Healthcare's, where clinical infrastructure, sensitive data stores, and AI workloads all carry different risk profiles, Defender CSPM provides the depth of analysis needed.
 
 ## Navigate the Cloud Overview dashboard
 
@@ -27,22 +27,22 @@ The **Security at a glance** section displays your most critical metrics. You se
 
 **Top Actions** guides your next steps by highlighting Critical Recommendations, High-Severity Incidents to investigate, and Attack Paths that show potential exploitation routes. This actionable guidance helps you focus remediation efforts on what matters most.
 
-The **Trends over time** section shows how your security posture and threat detection evolve. It includes a Security Posture graph — Cloud Secure Score history and recommendations by severity — and a Threat Detection graph showing alert trends by severity. Each graph updates daily and reflects your selected time range (30 days, 3 months, or 6 months).
+The **Trends over time** section shows how your security posture and threat detection evolve. It includes a Security Posture graph—Cloud Secure Score history and recommendations by severity—and a Threat Detection graph showing alert trends by severity. Each graph updates daily and reflects your selected time range (30 days, 3 months, or 6 months).
 
-The **Workload Insights** tiles at the bottom surface specialized intelligence from Microsoft's Cloud-Native Application Protection Platform (CNAPP). Each tile represents a workload category: Compute, Data, Containers, AI, APIs, DevOps, and Cloud Infrastructure Entitlement Management (CIEM). Each tile shows top security issues, protection coverage status, and links to detailed views for that workload — for example, the Compute tile surfaces findings for virtual machines and scale sets, the Data tile highlights storage and database exposures, and the AI tile shows insights for Azure OpenAI, Azure AI Foundry, and AI agent deployments.
+The **Workload Insights** tiles at the bottom surface specialized intelligence from Microsoft's Cloud-Native Application Protection Platform (CNAPP). Each tile represents a workload category: Compute, Data, Containers, AI, APIs, DevOps, and Cloud Infrastructure Entitlement Management (CIEM). Each tile shows top security issues, protection coverage status, and links to detailed views for that workload. For example, the Compute tile surfaces findings for virtual machines and scale sets, the Data tile highlights storage and database exposures, and the AI tile shows insights for Azure OpenAI, Azure AI Foundry, and AI agent deployments.
 
 :::image type="content" source="../media/ai-workload-tile.png" alt-text="Screenshot of the workload specific tile for AI workloads. Image shows the asset coverage and insights.":::
 
 ## Discover AI workloads with AI security posture management
 
-Defender CSPM continuously discovers and inventories resources across your Azure environment — virtual machines, storage accounts, databases, containers, and more — providing the asset coverage foundation for all security recommendations and scoring. Beyond standard resource discovery, Defender CSPM also provides specialized discovery for generative AI workloads. For Contoso Healthcare, this means visibility into Azure OpenAI Service instances, Azure AI Foundry projects, and Azure Machine Learning deployments alongside their clinical and administrative infrastructure, all without requiring manual configuration.
+Defender CSPM continuously discovers and inventories resources across your Azure environment—virtual machines, storage accounts, databases, containers, and more—providing the asset coverage foundation for all security recommendations and scoring. Beyond standard resource discovery, Defender CSPM also provides specialized discovery for generative AI workloads. For Contoso Healthcare, this means visibility into Azure OpenAI Service instances, Azure AI Foundry projects, and Azure Machine Learning deployments alongside their clinical and administrative infrastructure, all without requiring manual configuration.
 
 The system builds an **AI Bill of Materials (AI BOM)**—a comprehensive inventory of all AI application components, data sources, and artifacts spanning from development code through cloud deployment. This inventory captures not just the AI services themselves, but also the identity configurations, data access patterns, internet exposure status, and associated infrastructure components. With the AI BOM, you understand the full attack surface of your generative AI applications.
 
 Defender CSPM also provides AI agent discovery currently in preview. The system automatically identifies AI agents deployed through Azure AI Foundry and Microsoft Copilot Studio, populating the AI inventory with details about agent configurations, capabilities, and connections.
 
 > [!NOTE]
-> AI agent discovery is currently in preview. Preview features are subject to change and may have limited availability.
+> AI agent discovery is currently in preview. Preview features are subject to change and have limited availability.
 
 This visibility into AI workloads becomes the foundation for the AI-specific security recommendations you evaluate in subsequent steps. Contoso Healthcare can now see exactly where their AI applications run and what components require security attention.
 
@@ -52,9 +52,9 @@ The **Cloud Secure Score** in the Defender portal represents a risk-based approa
 
 The risk-based model evaluates multiple dimensions: whether an asset has internet exposure, handles sensitive data, sits on potential lateral movement paths, or represents a critical business service. A misconfigured storage account containing customer health records and exposed to the internet receives higher risk weighting than a similarly misconfigured development storage account with no sensitive data. This contextual analysis means your score reflects actual business risk, not just control compliance.
 
-Higher scores indicate lower identified risk. As you remediate higher-risk recommendations, your score reflects the reduced risk across your environment — focus on Critical and High risk findings first, as they carry the most weight in the calculation. To view this score in the Defender portal, navigate to Exposure Management > Initiatives > Cloud Security, then select Open initiative page. The initiative page displays your current score, historical trend over time, and score breakdown by workload category.
+Higher scores indicate lower identified risk. As you remediate higher-risk recommendations, your score reflects the reduced risk across your environment—focus on Critical and High risk findings first, as they carry the most weight in the calculation. To view this score in the Defender portal, navigate to Exposure Management > Initiatives > Cloud Security, then select Open initiative page. The initiative page displays your current score, historical trend over time, and score breakdown by workload category.
 
 > [!NOTE]
-> Microsoft Defender for Cloud offers two separate Secure Score models. The new Cloud Secure Score (risk-based) is available in the Microsoft Defender portal and incorporates asset criticality for prioritization. The classic Secure Score remains available in the Azure portal and uses a control-based calculation model. These are different scoring systems with different values.
+> Microsoft Defender for Cloud offers two separate Secure Score models. The new Cloud Secure Score (risk-based) is available in the Microsoft Defender portal and incorporates asset criticality for prioritization. The classic Secure Score remains available in the Azure portal and uses a control-based calculation model.
 
 For teams working primarily in the Azure portal, the classic secure score remains available and continues to function as before. However, the Cloud Secure Score in the Defender portal provides more accurate risk assessment by considering context around each security finding.

learn-pr/wwl-sci/identify-security-risks-posture-management/includes/7-summary.md

@@ -2,13 +2,13 @@ You now have a structured, risk-driven approach to identify security risks acros
 
 You explored how Foundational CSPM provides basic posture visibility, while Defender CSPM unlocks advanced capabilities including AI Bill of Materials discovery, attack path analysis, and the Cloud Security Explorer. The Cloud Overview dashboard and AI workload discovery features give Contoso's security team dedicated visibility into their Azure OpenAI and Azure AI Foundry deployments alongside their broader Azure workloads.
 
-You learned to interpret the Cloud Secure Score using the risk-based prioritization model in the Microsoft Defender portal. By understanding how internet exposure, data sensitivity, criticality, and lateral movement potential combine to surface the most dangerous vulnerabilities first, Contoso can focus remediation efforts where they matter most. AI-specific recommendations ensure their generative AI workloads receive appropriate security attention.
+You learned to interpret the Cloud Secure Score using the risk-based prioritization model in the Microsoft Defender portal. As a security specialist, by understanding how internet exposure, data sensitivity, criticality, and lateral movement potential combine to surface the most dangerous vulnerabilities first, Contoso can focus remediation efforts where they matter most. AI-specific recommendations ensure their generative AI workloads receive appropriate security attention.
 
 You used attack path analysis to identify externally exploitable paths targeting high-value assets, including AI workloads. The Attack Path Map reveals entry points, choke points, and vulnerable nodes along MITRE ATT&CK-contextualized attack chains, helping Contoso understand realistic attacker scenarios before exploitation occurs.
 
 You ran graph-based queries in Cloud Security Explorer to proactively hunt for risks across Azure environments. Prebuilt templates and custom queries let Contoso's team discover misconfigurations, exposure patterns, and compliance gaps that traditional scans might miss.
 
-With these capabilities, Contoso's security team can assess posture coverage, prioritize the most dangerous findings, trace exploitation chains, and proactively hunt for hidden risks — shifting from reactive alert response to continuous, context-aware risk identification.
+With these capabilities, Contoso's security team can assess posture coverage, prioritize the most dangerous findings, trace exploitation chains, and proactively hunt for hidden risks—shifting from reactive alert response to continuous, context-aware risk identification.
 
 ## Learn more