MicrosoftDocs
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/3-implement-azure-governance-scopes-ai-resources.md‎
Lines changed: 1 addition & 1 deletion b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/3-implement-azure-governance-scopes-ai-resources.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/7-summary.md‎
Lines changed: 0 additions & 1 deletion b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/7-summary.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/index.yml‎
Lines changed: 2 additions & 2 deletions b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/index.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎…a/azure-tags-resource-resource-group.png‎ ‎…ture/media/azure-tags-resource-group.png‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/azure-tags-resource-resource-group.png renamed to learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/azure-tags-resource-group.png b/‎…a/azure-tags-resource-resource-group.png‎ ‎…ture/media/azure-tags-resource-group.png‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/azure-tags-resource-resource-group.png renamed to learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/azure-tags-resource-group.png
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/company-allows-grouping-individual-policies.png‎
-89.1 KB b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/company-allows-grouping-individual-policies.png‎
-89.1 KB
@@ -12,7 +12,7 @@ Building on this concept, resource groups provide your next level of organizatio
 
 At the same time, resource groups establish cost tracking boundaries. Azure tags each resource with its parent resource group, enabling you to generate monthly reports showing exactly how much the sentiment analysis project costs. When your finance team asks "How much did we spend on AI infrastructure last quarter?", you filter costs by resource group tags rather than manually correlating dozens of individual resource charges. This becomes especially important when your AI platform scales to support multiple projects—without resource group organization, cost attribution becomes nearly impossible. Organizations that implement consistent resource group naming conventions (for example, "rg-[project-name]-[environment]") report 60-80% faster budget reconciliation compared to ad-hoc resource naming.
 
-:::image type="content" source="../media/azure-tags-resource-resource-group.png" alt-text="Diagram showing how Azure tags each resource with its parent resource group.":::
+:::image type="content" source="../media/azure-tags-resource-group.png" alt-text="Diagram showing how Azure tags each resource with its parent resource group.":::
 
 However, this changes when you have shared infrastructure that multiple projects depend on. Your AI platform likely includes centralized services like a common Azure Container Registry for model images, a shared Azure Key Vault for secrets, and enterprise-wide networking components. These shared resources belong in their own "shared-services" resource group, separate from project-specific groups. This pattern—often called the hub-and-spoke model—places shared infrastructure in a hub resource group with delegated access policies, while project workloads live in spoke resource groups with more permissive experimentation policies. As you see when we explore the Microsoft Foundry Account pattern, this separation simplifies both security management and cost chargeback.
 
 
@@ -14,7 +14,6 @@ Build on this foundation by exploring advanced governance patterns for enterpris
 Continue learning with these resources that extend the security concepts you've practiced:
 
 - [Implement network isolation for Azure Machine Learning](/azure/machine-learning/how-to-network-isolation-planning): Configure virtual networks and private endpoints for production AI workloads
-- [Microsoft Defender for Cloud and AI services](/azure/defender-for-cloud/defender-for-ai-services): Automated security assessment and threat detection for Azure AI resources
 - [Azure landing zones for AI](/azure/cloud-adoption-framework/scenarios/ai): Enterprise-scale reference architectures combining governance, networking, and identity patterns
 
 
@@ -1,14 +1,14 @@
 ### YamlMime:Module
 uid: learn.wwl.implement-security-controls-azure-ai-ready-infrastructure
 metadata:
-  title: "Implement security controls for Azure AI-ready infrastructure"
+  title: "Implement Security Controls for Azure AI-ready Infrastructure" 
   description: "This module equips you to configure Azure's foundational security controls for AI workloads. You'll start by configuring Microsoft Entra ID security principals that define *who* and *what* can access your AI resources—from data scientists needing interactive workspace access to managed identities enabling secure service-to-service communication."
   ms.date: 02/09/2026
   author: wwlpublish
   ms.author: bradj
   ms.topic: module-intro-to-product
   ms.service: azure
-title: "Implement Security Controls for Azure AI-ready Infrastructure"
+title: "Implement security controls for Azure AI-ready infrastructure"
 summary: This module equips you to configure Azure's foundational security controls for AI workloads. You'll start by configuring Microsoft Entra ID security principals that define *who* and *what* can access your AI resources—from data scientists needing interactive workspace access to managed identities enabling secure service-to-service communication.
 abstract: |
   By the end of this module, you are able to: