MicrosoftDocs
diff --git a/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/5-knowledge-check.yml‎
Lines changed: 23 additions & 23 deletions b/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/5-knowledge-check.yml‎
Lines changed: 23 additions & 23 deletions
diff --git a/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/includes/1-introduction.md‎
Lines changed: 2 additions & 2 deletions b/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/includes/1-introduction.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/includes/2-describe-service-trust-portal.md‎
Lines changed: 12 additions & 12 deletions b/‎learn-pr/wwl-sci/describe-compliance-management-capabilities-microsoft/includes/2-describe-service-trust-portal.md‎
Lines changed: 12 additions & 12 deletions
@@ -18,38 +18,38 @@ quiz:
   title: "Check your knowledge"
   questions:
 
-  - content: "When browsing Microsoft compliance documentation in the Service Trust Portal, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the latest updates?"
+  - content: "A compliance team wants to receive an email notification whenever Microsoft updates a specific document on the Service Trust Portal. What should they do?"
     choices:
-    - content: "Save the documents to your My Library."
+    - content: "Save the document to My Library and enable notification settings."
       isCorrect: true
-      explanation: "Correct. Saving the document to the My Library section of the Service Trust Portal, will ensure you have the latest updates."
-    - content: "Print each document so you can easily refer to them."
+      explanation: "Correct. Adding a document to My Library and configuring notification settings sends an email whenever Microsoft updates that document, including a link and brief description of the update."
+    - content: "Download the document and periodically check the Service Trust Portal for a newer version."
       isCorrect: false
-      explanation: "Incorrect. Printing the document doesn't ensure you have the latest updates."
-    - content: "Download each document."
+      explanation: "Incorrect. Downloading the document doesn't provide automatic notifications about updates."
+    - content: "Submit a support request to Microsoft asking to be notified of document updates."
       isCorrect: false
-      explanation: "Incorrect. Downloading the document doesn't ensure you have the latest updates."
+      explanation: "Incorrect. The My Library notification feature in the Service Trust Portal handles document update notifications automatically, without requiring a support request."
 
-  - content: "Microsoft's approach to privacy is built on six principles: Three of the principles are strong legal protections for privacy, no content-based targeting, and benefits to customers from any data we collect. Identify the three other principles that are part of Microsoft's approach to privacy."
+  - content: "A law enforcement agency submits a request directly to Microsoft for a commercial customer's data. What does Microsoft's data defense commitment specify will happen?"
     choices:
-    - content: "Customer control, transparency, and security."
+    - content: "Microsoft will scrutinize the request for legal validity, promptly notify the customer where legally permitted, and direct the requesting party to seek the data directly from the customer."
       isCorrect: true
-      explanation: "Correct. The foundation of Microsoft's approach to privacy is built on the following six principles: customer control, transparency, security, strong legal protections for privacy, no content-based targeting, and benefits to customers from any data we collect."
-    - content: "Shared responsibility, transparency, and security."
+      explanation: "Correct. Microsoft's data defense commitment states that it won't give any government direct or unfettered access to customer data. Microsoft scrutinizes all government demands, notifies the customer where legally permitted, and directs the requesting party to seek the data directly from the customer."
+    - content: "Microsoft will immediately comply with the request and provide the data to the law enforcement agency."
       isCorrect: false
-      explanation: "Incorrect. The shared responsibility model identifies which security tasks are handled by the cloud provider, and which security tasks are handled by you, the customer."
-    - content: "Customer control, transparency, and zero trust."
+      explanation: "Incorrect. Microsoft doesn't give governments direct or unfettered access to customer data. It scrutinizes requests and will challenge those that aren't legally valid."
+    - content: "Microsoft will refuse the request under any circumstances because government data requests are never permitted."
       isCorrect: false
-      explanation: "Incorrect. Although zero trust is a model employed by Microsoft, it's not one of the privacy principles. The privacy principles include security more broadly. The general principles that represent Microsoft's approach to privacy are customer control, transparency, security, strong legal protections for privacy, no content-based targeting, and benefits to customers from any data we collect."
-    
-  - content: A company needs to handle inquiries about personal data that they have collected, as per certain privacy regulations. Which Priva solution should they implement?
+      explanation: "Incorrect. Microsoft will disclose data when required by law. However, it scrutinizes all government demands to ensure they're legally valid and appropriate, and notifies customers where legally permitted."
+
+  - content: "An organization's data privacy team identifies that some internal sites in their Microsoft 365 environment are accessible to far more users than necessary. Which Microsoft Priva Privacy Risk Management policy type is designed to detect and help remediate this issue?"
     choices:
-    - content: Priva Privacy Assessments
+    - content: "Data overexposure policy"
+      isCorrect: true
+      explanation: "Correct. Data overexposure policies detect situations in which data is insufficiently secured—such as when access to an internal site is open to too many people—and provide remediation options such as making content private or notifying content owners."
+    - content: "Data transfer policy"
       isCorrect: false
-      explanation: Incorrect. Priva Privacy Assessments automates the discovery, documentation, and evaluation of personal data use across the entire data estate.
-    - content: Priva Consent Management
+      explanation: "Incorrect. Data transfer policies monitor for transfers between different world regions, departments, or outside the organization. They don't address excessive access permissions on internal sites."
+    - content: "Data minimization policy"
       isCorrect: false
-      explanation: Incorrect. Priva Consent Management is used for streamlining the management of consented personal data.
-    - content: Priva Subject Rights Requests
-      isCorrect: true
-      explanation: Correct. Priva Subject Rights Requests helps handle inquiries about personal data that companies have collected.
+      explanation: "Incorrect. Data minimization policies look for data that has been stored for at least a certain length of time, to help manage ongoing storage practices. They don't address access permission issues."
@@ -1,9 +1,9 @@
 
-Microsoft Cloud services are built on a foundation of trust, security, and compliance. The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices.
+Microsoft Cloud services are built on a foundation of trust, security, and compliance. The Microsoft Service Trust Portal provides content, tools, and other resources about Microsoft security, privacy, and compliance practices.
 
 Microsoft also helps organizations meet their privacy requirements, with Microsoft Priva. Priva helps organizations safeguard personal data and build a privacy-resilient workplace.
 
-In this module you'll learn about the Service Trust Portal and resources it provides, including audit reports, security assessments, and compliance guides that enable organizations to manage compliance.  You'll learn about Microsoft's commitment to privacy and its privacy principles.  Lastly, you'll learn about Microsoft Priva, which helps organizations meet their privacy goals.
+In this module, you learn about the Service Trust Portal and resources it provides, including audit reports, security assessments, and compliance guides that enable organizations to manage compliance. You learn about Microsoft's commitment to privacy and its privacy principles. Lastly, you learn about Microsoft Priva, which helps organizations meet their privacy goals.
 
 After completing this module, you'll be able to:
 
 
@@ -1,10 +1,10 @@
 
-The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
+The Microsoft Service Trust Portal provides content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
 
 The Service Trust Portal (STP) is Microsoft's public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
 
 ### Accessing the Service Trust Portal
-To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Microsoft Entra organization account) and review and accept the Microsoft non-disclosure agreement for Compliance Materials.
+To access some of the resources on the Service Trust Portal, you must sign in as an authenticated user with your Microsoft cloud services account (Microsoft Entra organization account).
 
 ### Service Trust Portal Content Categories
 The Service Trust Portal landing page includes content that is organized into the following categories:
@@ -18,17 +18,17 @@ The Service Trust Portal landing page includes content that is organized into th
 
 As users navigate to content in the different categories, selecting the Service Trust Portal link at the top of the page provides a quick way to get back to the home page.
 
-:::image type="content" source="../media/stp-top-navigation.png" alt-text="Screenshot of the Service Trust Portal link at the top of the home page.":::
+:::image type="content" source="../media/stp-top-navigation.png" lightbox="../media/stp-top-navigation.png" alt-text="Screenshot of the Service Trust Portal link at the top of the home page.":::
 
-#### Certifications, Regulations and Standards
+#### Certifications, Regulations, and Standards
 
 The certification, regulations, and standards section of the STP provides a wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft Cloud services keep your data secure.  
 
-:::image type="content" source="../media/stp-certifications-standards.png" alt-text="Screenshot of the tiles available in the certifications, regulations, and standards section of the Service Trust Portal home page.":::
+:::image type="content" source="../media/stp-certifications-standards.png" lightbox="../media/stp-certifications-standards.png" alt-text="Screenshot of the tiles available in the certifications, regulations, and standards section of the Service Trust Portal home page.":::
 
-Selecting a tile will provide a list of available documents, including a description and when it was last updated. The screenshot that follows shows some of the documents available by selecting the ISO/IEC tile.
+Selecting a tile provides a list of available documents, including a description and when it was last updated. The screenshot that follows shows some of the documents available by selecting the ISO/IEC tile.
 
-:::image type="content" source="../media/stp-iso-iec.png" alt-text="Screenshot of the list of documents available by selecting the ISO/IEC tile.":::
+:::image type="content" source="../media/stp-iso-iec.png" lightbox="../media/stp-iso-iec.png" alt-text="Screenshot of the list of documents available by selecting the ISO/IEC tile.":::
 
 #### Reports, Whitepapers, and Artifacts
 
@@ -39,7 +39,7 @@ This section includes general documents relating to the following categories:
 - Privacy and Data Protection - Privacy and Data Protection Resources
 - FAQ and Whitepapers - Whitepapers and answers to frequently asked questions
 
-:::image type="content" source="../media/stp-reports.png" alt-text="Screenshot that shows the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page.":::
+:::image type="content" source="../media/stp-reports.png" lightbox="../media/stp-reports.png" alt-text="Screenshot that shows the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page.":::
 
 #### Industry and Regional Resources
 
@@ -51,18 +51,18 @@ This section includes documents that apply to the following industries and regio
 - United States Government - Resources exclusively for US Government customers
 - Regional Resources - Documents describing compliance of Microsoft's online services with various regional policies and regulations
 
-:::image type="content" source="../media/stp-industry-regions.png" alt-text="Screenshot of the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page.":::
+:::image type="content" source="../media/stp-industry-regions.png" lightbox="../media/stp-industry-regions.png" alt-text="Screenshot of the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page.":::
 
 #### Resources for your Organization
 This section lists documents applying to your organization (restricted by tenant) based on your organization’s subscription and permissions.
 
-:::image type="content" source="../media/stp-organization-resources.png" alt-text="Screenshot showing tiles available in the resources for your organization section of the Service Trust Portal home page.":::
+:::image type="content" source="../media/stp-organization-resources.png" lightbox="../media/stp-organization-resources.png" alt-text="Screenshot showing tiles available in the resources for your organization section of the Service Trust Portal home page.":::
 
 ### My Library
 Use the My Library feature to add documents and resources on the Service Trust Portal to your My Library page. This lets you access documents that are relevant to you in a single place. To add a document to your My Library, select the ellipsis (...) menu to the right of a document and then select Save to library.
 
 Additionally, the notifications feature lets you configure your My Library so that an email message is sent to you whenever Microsoft updates a document that you've added to your My Library. To set up notifications, go to your My Library and select Notification Settings. You can choose the frequency of notifications and specify an email address in your organization to send notifications to. Email notifications include links to the documents that have been updated and a brief description of the update.
 
-If a document is part of a series, you'll be subscribed to the series, and will receive notifications when there's an update to that series.
+If a document is part of a series, you're subscribed to the series, and receive notifications when there's an update to that series.
 
-:::image type="content" source="../media/stp-my-library.png" alt-text="Screenshot of the documents listed in the My Library page.":::
+:::image type="content" source="../media/stp-my-library.png" lightbox="../media/stp-my-library.png" alt-text="Screenshot of the documents listed in the My Library page.":::