Update firewall exercise with additional security details

staleycyn · web-flow · commit 74dd28ec969c · 2026-03-31T12:28:17.000-07:00
Clarified requirements for centralized network security and added details about Azure Firewall's role and capabilities.
diff --git a/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/4-exercise-firewall.md b/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/4-exercise-firewall.md
@@ -1,12 +1,14 @@
 ## Scenario
 
-Your organization requires centralized network security for the application virtual network. As the application usage increases, more granular application-level filtering and advanced threat protection are needed. Also, the application needs continuous updates from Azure Pipelines. You identify these requirements.
+Your organization requires centralized network security for the application virtual network. As the application usage increases, more granular application-level filtering and advanced threat protection are needed. All subnet traffic is routed through the firewall.Also, the application needs continuous updates from Azure Pipelines. You identify these requirements.
+
 + Azure Firewall is required for security in the app-vnet. 
 + A firewall policy should be configured to help manage access to the application. 
 + A firewall policy **application rule** is required. This rule allows the application access to Azure DevOps so the application code can be updated. 
 + A firewall policy **network rule** is required. This rule allows DNS resolution. 
 
-This lab uses the Standard SKU, which supports both network and application rule collections. Azure Firewall has three SKUs: Basic (for SMB environments, alert-mode threat intelligence only), Standard (enterprise-grade with application rules), and Premium (advanced threat protection). 
+This lab uses the Standard SKU, which supports both network and application rule collections. Azure Firewall has three SKUs: Basic (for SMB environments, alert-mode threat intelligence only), Standard (enterprise-grade with application rules), and Premium (advanced threat protection). Azure Firewall inspects both north-south (external) and east-west (internal lateral) traffic between workloads.  
+
 ## Skilling Tasks
 
 + Create an Azure Firewall.
