Merge pull request #53934 from Rob-Barefoot/main

LP2-updates

Author: denrea

.openpublishing.redirection.json

@@ -38461,6 +38461,21 @@
       "redirect_url": "/purview/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "learn-pr/wwl-azure/describe-azure-storage-services/5-exercise-create-storage-blob.md",
+      "redirect_url": "https://learn.microsoft.com/training/modules/describe-azure-storage-services/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "learn-pr/wwl-azure/describe-core-architectural-components-of-azure/7-exercise-create-azure-resource.md",
+      "redirect_url": "https://learn.microsoft.com/training/modules/describe-core-architectural-components-of-azure/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "learn-pr/wwl-azure/describe-core-architectural-components-of-azure/4-exercise-explore-learn-sandbox.md",
+      "redirect_url": "https://learn.microsoft.com/training/modules/describe-core-architectural-components-of-azure/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "learn-pr/wwl-data-ai/manage-power-bi-artifacts-use-microsoft-purview/index.md",
       "redirect_url": "/purview/",

learn-pr/wwl-azure/describe-azure-identity-access-security/10-knowledge-check.yml

@@ -1,52 +1,63 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.describe-azure-identity-access-security.knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: "Knowledge check"
-  ms.date: 10/03/2024
-  author: wwlpublish
-  ms.author: robbarefoot
-  ms.topic: unit
-  ms.custom:
-  - N/A
-  module_assessment: true
-durationInMinutes: 4
-content: |
-  [!include[](includes/10-knowledge-check.md)]
-quiz:
-  title: "Check your knowledge"
-  questions:
-  - content: "Which Microsoft Entra tool can vary the credentials needed to log in based on signals, such as where the user is located?"
-    choices:
-    - content: "Conditional Access"
-      isCorrect: true
-      explanation: "Conditional Access is a tool that Microsoft Entra ID uses to allow (or deny) access to resources based on identity signals. Conditional Access might challenge you for a second authentication factor if your sign-in signals are unusual or from an unexpected location."
-    - content: "Guest access"
-      isCorrect: false
-      explanation: "Guest access is an access method that helps enable collaboration across organizational boundaries, but isn’t an authentication method or a tool to help with authentication."
-    - content: "Passwordless"
-      isCorrect: false
-      explanation: "Passwordless is an authentication method that relies on something you have; plus something you are or something you know. For example, Windows Hello is a passwordless authentication method."
-  - content: "Which security model assumes the worst-case security scenario, and protects resources accordingly?"
-    choices:
-    - content: "Zero Trust"
-      isCorrect: true
-      explanation: "Zero Trust is a security model that assumes the worst case scenario and protects resources with that expectation."
-    - content: "Defense-in-depth"
-      isCorrect: false
-      explanation: "Defense-in-depth is focused on setting up a system that prevents access to information by unauthorized parties. It’s a proactive model and builds layer upon layer to protect information."
-    - content: "Role-based access control"
-      isCorrect: false
-      explanation: "Role-based access control provides the ability to grant or deny access based on a user or services assigned role."
-  - content: "A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write."
-    choices:
-    - content: "Read only"
-      isCorrect: false
-      explanation: "Role-based access control works on an allow model, so they wouldn’t be limited to the permissions of only one role."
-    - content: "Write only"
-      isCorrect: false
-      explanation: "Role-based access control works on an allow model, so they wouldn’t be limited to the permissions of only one role."
-    - content: "Read and write"
-      isCorrect: true
-      explanation: "Role-based access control, using an allow model, grants all of the permissions assigned in all of the assigned roles."
+### YamlMime:ModuleUnit
+uid: learn.wwl.describe-azure-identity-access-security.knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: "Knowledge check"
+  ms.date: 10/03/2024
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+  module_assessment: true
+durationInMinutes: 4
+content: |
+  [!include[](includes/10-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "Which Microsoft Entra tool can vary the credentials needed to log in based on signals, such as where the user is located?"
+    choices:
+    - content: "Conditional Access"
+      isCorrect: true
+      explanation: "Conditional Access is a tool that Microsoft Entra ID uses to allow (or deny) access to resources based on identity signals. Conditional Access might challenge you for a second authentication factor if your sign-in signals are unusual or from an unexpected location."
+    - content: "Guest access"
+      isCorrect: false
+      explanation: "Guest access is an access method that helps enable collaboration across organizational boundaries, but isn’t an authentication method or a tool to help with authentication."
+    - content: "Passwordless"
+      isCorrect: false
+      explanation: "Passwordless is an authentication method that relies on something you have; plus something you are or something you know. For example, Windows Hello is a passwordless authentication method."
+  - content: "Which security model assumes the worst-case security scenario, and protects resources accordingly?"
+    choices:
+    - content: "Zero Trust"
+      isCorrect: true
+      explanation: "Zero Trust is a security model that assumes the worst case scenario and protects resources with that expectation."
+    - content: "Defense-in-depth"
+      isCorrect: false
+      explanation: "Defense-in-depth is focused on setting up a system that prevents access to information by unauthorized parties. It’s a proactive model and builds layer upon layer to protect information."
+    - content: "Role-based access control"
+      isCorrect: false
+      explanation: "Role-based access control provides the ability to grant or deny access based on a user or services assigned role."
+  - content: "A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write."
+    choices:
+    - content: "Read only"
+      isCorrect: false
+      explanation: "Role-based access control works on an allow model, so they wouldn’t be limited to the permissions of only one role."
+    - content: "Write only"
+      isCorrect: false
+      explanation: "Role-based access control works on an allow model, so they wouldn’t be limited to the permissions of only one role."
+    - content: "Read and write"
+      isCorrect: true
+      explanation: "Role-based access control, using an allow model, grants all of the permissions assigned in all of the assigned roles."
+  - content: "Which Azure service is designed to securely store secrets, certificates, and encryption keys for your applications?"
+    choices:
+    - content: "Azure Key Vault"
+      isCorrect: true
+      explanation: "Azure Key Vault is used to securely store and manage secrets, certificates, and keys."
+    - content: "Azure Policy"
+      isCorrect: false
+      explanation: "Azure Policy helps enforce governance rules, but it doesn't store application secrets or encryption keys."
+    - content: "Azure Monitor"
+      isCorrect: false
+      explanation: "Azure Monitor provides telemetry and observability, not key and secret storage."

learn-pr/wwl-azure/describe-azure-identity-access-security/9a-describe-encryption-key-management.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.describe-azure-identity-access-security.describe-encryption-key-management
+title: Describe encryption and key management in Azure
+metadata:
+  title: Describe encryption and key management in Azure
+  description: "Describe encryption and key management in Azure"
+  ms.date: 03/06/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 4
+content: |
+  [!include[](includes/9a-describe-encryption-key-management.md)]

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/1-introduction.md

@@ -1,4 +1,4 @@
-In this module, you’ll be introduced to the Azure identity, access, and security services and tools. You’ll learn about directory services in Azure, authentication methods, and access control. You’ll also cover things like Zero Trust and defense in depth, and how they keep your cloud safer. You’ll wrap up with an introduction to Microsoft Defender for Cloud.
+In this module, you'll be introduced to the Azure identity, access, and security services and tools. You'll learn about directory services in Azure, authentication methods, and access control. You'll also cover Zero Trust, defense in depth, and how they keep your cloud safer. Finally, you'll review encryption concepts, key management with Azure Key Vault, and Microsoft Defender for Cloud.
 
 ## Learning objectives
 
@@ -11,4 +11,5 @@ After completing this module, you’ll be able to:
  -  Describe Azure Role Based Access Control (RBAC).
  -  Describe the concept of Zero Trust.
  -  Describe the purpose of the defense in depth model.
+ -  Describe encryption concepts and key management options in Azure.
  -  Describe the purpose of Microsoft Defender for Cloud.

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/11-summary.md

@@ -1,4 +1,4 @@
-In this module, you learned about Azure identity, access, and security services and tools. You covered authentication methods, including which ones are more secure. You learned about restricting access based on a role to help create a more secure environment. And, you learned about the Defense In Depth and Zero Trust models.
+In this module, you learned about Azure identity, access, and security services and tools. You covered authentication methods, including which ones are more secure. You learned about restricting access based on a role to help create a more secure environment. You also reviewed encryption concepts and key management options in Azure. And, you learned about the Defense In Depth and Zero Trust models.
 
 ## Learning objectives
 
@@ -11,8 +11,20 @@ You should now be able to:
  -  Describe Azure Role Based Access Control (RBAC).
  -  Describe the concept of Zero Trust.
  -  Describe the purpose of the defense in depth model.
+ -  Describe encryption concepts and key management options in Azure.
  -  Describe the purpose of Microsoft Defender for Cloud.
 
 ## Additional resources
 
 The following resources provide more information on topics in this module or related to this module.<br>[Microsoft Certified: Security, Compliance, and Identity Fundamentals](/learn/certifications/security-compliance-and-identity-fundamentals/) is an entire certification, with associated training, dedicated to helping you better understand and manage Security, Compliance, and identity.
+
+## Explore with Copilot
+
+> [!TIP]
+> Try one of these prompts in Copilot Chat:
+>
+> - "Use one end-to-end scenario to show how SSO, MFA, Conditional Access, and RBAC work together in a Zero Trust design."
+> - "Explain the difference between Microsoft Entra ID, Microsoft Entra Domain Services, and external identities with practical examples."
+> - "Simulate a security incident and show how encryption, key management, defense in depth, and Microsoft Defender for Cloud reduce risk."
+
+