updates m11

Author: pablorodMS

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/1-introduction.md

@@ -1,11 +1,9 @@
-## Overview
-
 Modern AI agents operate across complex cloud environments where security, compliance, and responsible design are essential. This module introduces the foundational concepts solution architects must apply when designing safe and trustworthy agent-based systems.
 
 It focuses on building AI experiences that protect data, respect organizational policies, and uphold responsible AI expectations throughout the solution lifecycle.
 
-You'll explore how identity, access control, data governance, model security, and observability work together to create a defense-in-depth posture for autonomous and semi-autonomous agents. The module highlights how to translate business and compliance requirements into practical technical controls that regulate what agents can access, how they behave, and how their actions are monitored.
+You will explore how identity, access control, data governance, model security, and observability work together to create a defense-in-depth posture for autonomous and semi-autonomous agents. The module highlights how to translate business and compliance requirements into practical technical controls that regulate what agents can access, how they behave, and how their actions are monitored.
 
-Architects also learn how to identify vulnerabilities across prompts, models, data flows, and agent workflows. The content emphasizes proactive risk mitigation, layered safeguards, and structured evaluation practices to ensure solutions remain secure, predictable, and aligned with organizational standards.
+Architects will also learn how to identify vulnerabilities across prompts, models, data flows, and agent workflows. The content emphasizes proactive risk mitigation, layered safeguards, and structured evaluation practices to ensure solutions remain secure, predictable, and aligned with organizational standards.
 
-By the end of the module, you'll understand how to design AI systems that balance innovation with accountability. You'll gain the skills to build secure, governed, and compliant agent solutions that scale responsibly across the enterprise.
+By the end of the module, you will understand how to design AI systems that balance innovation with accountability. You will gain the skills to build secure, governed, and compliant agent solutions that scale responsibly across the enterprise.

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/2-design-security-agents.md

@@ -1,5 +1,3 @@
-## Overview
-
 Design a defense in depth approach for autonomous and semi-autonomous agents that operate across Microsoft clouds. You'll translate business and compliance requirements into identity, access, data protection, observability, and threat protection controls. You'll also define how agents authenticate, what they can do, what they can see, and how their behavior is monitored and governed at scale.
 
 ### By the end of this unit, solution architects will be able to
@@ -164,7 +162,7 @@ Design a defense in depth approach for autonomous and semi-autonomous agents tha
 
 - Use environment routing to separate dev/test/prod.
 
-- Require peer review and approver signoff to publish; block publishing if mandatory checks fail.
+- Require peer review and approver sign-off to publish; block publishing if mandatory checks fail.
 
 **Prepare incident response**
 
@@ -212,7 +210,7 @@ Design a defense in depth approach for autonomous and semi-autonomous agents tha
 
 5. Outline the incident response plan for a data leakage event.
 
-**Deliverable:** A onepage architecture decision record (ADR) plus the RBAC matrix.
+**Deliverable:** A one-page architecture decision record (ADR) plus the RBAC matrix.
 
 ## References
 

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/3-design-governance-agents.md

@@ -1,12 +1,10 @@
-## Overview
-
 Effective governance ensures that AI agents operate safely, consistently, and in alignment with organizational policy. As enterprises scale agent adoption, Solution Architects must define guardrails that establish accountability, enforce security, manage data flows, and ensure that agents behave predictably. Governance extends across identity, data protection, observability, security baselines, approval workflows, and lifecycle management.
 
 This unit outlines a structured governance framework that Solution Architects can apply across Microsoft cloud environments to ensure responsible, secure, and compliant agent operations.
 
 ## Learning objectives
 
-### At the end of this unit, learners will be able to
+At the end of this unit, learners will be able to:
 
 - Design agent governance models aligned with organizational security, compliance, and operational standards.
 
@@ -20,47 +18,43 @@ This unit outlines a structured governance framework that Solution Architects ca
 
 ## Governance principles for AI agents
 
-### Accountability and ownership
+Accountability and ownership is a core governance principle.
 
 Clear ownership ensures agents operate with traceability and predictable responsibility.
 
-#### Key elements
+Key elements include:
 
 - Assign an **agent owner** responsible for lifecycle, security posture, and approvals.
 
 - Maintain an **agent registry** documenting purpose, environment, risk level, and data access.
 
 - Require **publishing approvals** for agents handling sensitive or regulated data.
 
-Professional Visual:<br>**Chart - "Agent Ownership Model"**
-
-Columns: Agent | Owner | Environment | Risk Classification | Approval Required
 
-Color coding for Low / Medium / High risk.
 
 ## Identity, access, and permission governance
 
-### Establish a strong identity foundation
+## Establish a strong identity foundation
 
 Agents should operate with secure, isolated identities that restrict unintended access.
 
-#### Recommended practices
+Recommended practices include:
 
 - Use **managed identities** instead of embedded secrets.
 
 - Assign **least-privilege permissions**, scoped by environment and resource.
 
 - Segment roles for **Makers, Approvers, Admins, and Security teams**.
 
-Professional Visual:<br>**Matrix - "Agent RBAC Role Alignment"**<br>Rows: Maker, Publisher, Environment Admin, Security Admin<br>Columns: Create, Modify, Publish, Connectors, Data Access, Monitoring
+
 
 ## Data governance and protection controls
 
-### Data boundaries and classification
+Data boundaries and classification are essential for secure governance.
 
 Agents must follow defined boundaries regarding which data they can access, store, or generate.
 
-#### Key considerations
+Key considerations include:
 
 - Enforce **data classification** and restrict agent access to approved sources.
 
@@ -70,25 +64,25 @@ Agents must follow defined boundaries regarding which data they can access, stor
 
 - Use sensitivity labels to **track and govern information movement** throughout agent responses.
 
-:::image type="content" source="../media/data-governance-layering.png" alt-text="Diagram: Data governance layering":::
+:::image type="content" source="../media/data-governance-layering.png" alt-text="Diagram that shows data governance layering.":::
 
 ## Observability, monitoring, and cost governance
 
-### Centralized monitoring
+Centralized monitoring is required for observability and trust.
 
 Visibility into agent runtime activity is essential for auditing and operational trust.
 
-#### Include
+Include:
 
 - Logging prompts, actions, outcomes, errors, and escalations.
 
 - Dashboards for success rates, failure patterns, and unexpected behaviors.
 
 - Alerts for anomalous activity such as rapid token spikes or unusual data access.
 
-### Cost governance
+Cost governance is also required.
 
-#### Control consumption by
+Control consumption by:
 
 - Tagging agent resources for cost attribution.
 
@@ -98,21 +92,21 @@ Visibility into agent runtime activity is essential for auditing and operational
 
 ## Security, threat protection, and safe deployment
 
-### Runtime protection
+Runtime protection must be maintained throughout the lifecycle.
 
 Security safeguards must be active throughout an agent's lifecycle.
 
-#### Best practices
+Best practices include:
 
 - Enforce **runtime protection** and evaluate agents for insecure configurations before publish.
 
 - Apply input/output filtering to reduce prompt-injection and data-leakage risks.
 
 - Integrate the agent with organizational security monitoring and response processes.
 
-### Govern external integrations
+Govern external integrations with strict controls.
 
-#### Agents interacting with external APIs or systems must follow strict rules
+Agents interacting with external APIs or systems must follow strict rules:
 
 - Allow only **approved connectors and endpoints**.
 
@@ -122,23 +116,23 @@ Security safeguards must be active throughout an agent's lifecycle.
 
 ## Development, versioning, and lifecycle governance
 
-### Standardized development framework
+Standardized development frameworks improve repeatability and control.
 
 Governance improves when development behavior is predictable and repeatable.
 
-#### Include
+Include:
 
 - Standard templates for agent creation and documentation.
 
 - Version control for prompts, knowledge sources, and workflows.
 
 - Mandatory pre-publish checks for security, DLP, and data-access configuration.
 
-### Lifecycle policies
+Lifecycle policies are needed as agents evolve.
 
 Agents evolve—policies must govern updates and retirement.
 
-#### Policies include
+Policies include:
 
 - Scheduled reviews for accuracy, data freshness, and risk reassessment.
 

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/4-design-model-security.md

@@ -1,5 +1,3 @@
-## Overview
-
 Securing AI models is a core responsibility for solution architects who design, deploy, and operate enterprise-grade AI systems. Model security ensures that every model—whether used in Foundry, Azure AI, or integrated within an agent pipeline—remains protected from threats such as unauthorized access, data leakage, adversarial inputs, and compromised identities.
 
 This unit provides a structured approach to designing model-level security using identity governance, workload hardening, threat protection, access control, and continuous monitoring. Solution architects will learn how to apply security guardrails that span development, deployment, and operations.

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/5-analyze-solution-ai-vulnerabilities-mitigations-prompt-manipulation.md

@@ -1,12 +1,10 @@
-## Overview
-
 AI-powered solutions introduce unique vulnerabilities that differ from traditional application risks. Solution architects must be able to identify weak points across models, data flows, identity boundaries, and user interactions, especially those involving natural-language interfaces susceptible to prompt manipulation.
 
 This unit provides a structured framework for analyzing vulnerabilities in AI systems and defining effective mitigations. It equips architects with the skills to evaluate model behavior, detect abnormal agent activity, assess identity and RBAC exposure, and build end-to-end protections that reduce operational and security risks.
 
 ## Learning objectives
 
-- After completing this unit, learners will be able to:
+After completing this unit, learners will be able to:
 
 - Identify common AI-specific vulnerabilities, including prompt manipulation, data leakage, and insecure model behaviors.
 
@@ -22,7 +20,7 @@ This unit provides a structured framework for analyzing vulnerabilities in AI sy
 
 ### Prompt manipulation risks
 
-- Prompt manipulation occurs when a user intentionally or unintentionally attempts to steer an AI model away from intended safe behaviors. Common techniques include:
+Prompt manipulation occurs when a user intentionally or unintentionally attempts to steer an AI model away from intended safe behaviors. Common techniques include:
 
 - Overriding system instructions ("ignore previous instructions…").
 
@@ -82,7 +80,7 @@ Models may respond unpredictably when encountering ambiguous, adversarial, or se
 
 - Input files contain embedded malicious instructions.
 
-**Best practice:** Architect solutions using _data minimization_, _RBAC boundaries_, and _intentbased access_ aligned with user roles.
+**Best practice:** Architect solutions using _data minimization_, _RBAC boundaries_, and _intent-based access_ aligned with user roles.
 
 ### Identity, access, and RBAC gaps
 
@@ -114,7 +112,7 @@ Models may respond unpredictably when encountering ambiguous, adversarial, or se
 
 - Poor auditing and lack of rollback capability.
 
-- Unsecured flows calling third-party endpoints.
+- Unsecured flows calling non-Microsoft endpoints.
 
 #### Architects must ensure
 

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/6-review-solution-adherence-responsible-ai-principles.md

@@ -1,10 +1,8 @@
-## Overview
-
 Responsible AI (RAI) is a foundational requirement for every solution architect designing or assessing AI systems. Reviewing a solution for adherence to Responsible AI principles ensures that systems remain safe, secure, compliant, transparent, and aligned with organizational and regulatory expectations. This unit equips solution architects with a structured, repeatable method to evaluate solutions across governance, risk, design, deployment, and ongoing operations.
 
 ## Learning objectives
 
-- After completing this unit, learners will be able to:
+After completing this unit, learners will be able to:
 
 - Evaluate an AI solution against Microsoft Responsible AI principles.
 
@@ -18,17 +16,17 @@ Responsible AI (RAI) is a foundational requirement for every solution architect
 
 Microsoft defines six core Responsible AI principles that guide design and governance decisions:
 
-1. **Fairness:** AI systems should treat all groups equitably.
+- **Fairness:** AI systems should treat all groups equitably.
 
-1. **Reliability and Safety:** Systems must function as intended and prevent harm.
+- **Reliability and Safety:** Systems must function as intended and prevent harm.
 
-1. **Privacy and Security:** Protect personal and organizational data through strong controls.
+- **Privacy and Security:** Protect personal and organizational data through strong controls.
 
-1. **Inclusiveness:** AI should empower people of all abilities and backgrounds.
+- **Inclusiveness:** AI should empower people of all abilities and backgrounds.
 
-1. **Transparency:** Solutions should be understandable, with clear disclosures on how AI is used.
+- **Transparency:** Solutions should be understandable, with clear disclosures on how AI is used.
 
-1. **Accountability:** Organizations retain responsibility for decisions made by AI.
+- **Accountability:** Organizations retain responsibility for decisions made by AI.
 
 These principles serve as the lens through which a solution architect evaluates models, agents, workflows, integrations, and user experiences.
 
@@ -102,15 +100,15 @@ The following review model ensures consistency and objectivity when assessing an
 
 ### Responsible AI validation tools
 
-#### Solution architects can leverage Microsoft's RAI toolset to validate solution performance
+#### Solution architects can leverage Microsoft's Responsible AI toolset to validate solution performance
 
 - RAI validation checks for declarative agents
 
 - Tooling for bias detection, safety evaluation, and risk assessment
 
 - Practices for documenting model lineage, data provenance, and decisions
 
-- Governance processes for review, approval, and signoff
+- Governance processes for review, approval, and sign-off
 
 ### Operational oversight and governance
 
@@ -126,16 +124,16 @@ Responsible AI is not a one-time review—it requires continuous monitoring.
 
 - Sunset criteria for models no longer meeting safety or compliance requirements
 
-:::image type="content" source="../media/responsible-ai-lifecycle.png" alt-text="Responsible AI lifecycle flow.":::
+:::image type="content" source="../media/responsible-ai-lifecycle.png" alt-text="Diagram that shows the Responsible AI lifecycle flow.":::
 
 ## References
 
-- [Microsoft AI principles and approach](https://www.microsoft.com/en-us/ai/principles-and-approach)
+- [Microsoft AI principles and approach](https://www.microsoft.com/ai/principles-and-approach)
 
 - [Responsible AI overview for Microsoft Security Copilot](/copilot/security/responsible-ai-overview-security-copilot)
 
 - [Responsible AI overview for Dynamics 365](/dynamics365/fin-ops-core/dev-itpro/responsible-ai/responsible-ai-overview)
 
-- [Microsoft AI tools and practices](https://www.microsoft.com/en-us/ai/tools-practices)
+- [Microsoft AI tools and practices](https://www.microsoft.com/ai/tools-practices)
 
 - [Responsible AI validation for Microsoft 365 Copilot extensibility](/microsoft-365-copilot/extensibility/rai-validation)

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/7-validate-data-residency-movement-compliance.md

@@ -1,12 +1,10 @@
-## Overview
-
 Validating data residency and movement compliance is a critical responsibility for solution architects designing AI-powered solutions across Microsoft 365, Dynamics 365, and Copilot Studio. Keeping data within approved geographic boundaries ensures that solutions follow regulatory, contractual, and organizational requirements. This unit explains how to evaluate data residency posture, control data movement, and apply data governance policies that align with cloud compliance expectations.
 
 Solution architects must know where data is stored, how it moves across services, and which components participate in inference, logging, processing, or retention. This includes understanding the behavior of generative AI features, how Copilot Studio handles data, and how Microsoft Purview enforces data-handling compliance.
 
 ## Learning objectives
 
-- After completing this unit, learners will be able to:
+After completing this unit, learners will be able to:
 
 - Identify required data residency and sovereignty requirements for AI workloads.
 
@@ -32,7 +30,7 @@ Data residency defines the physical or geographic location where customer data i
 
 - Whether data used by generative AI stays within the designated region.
 
-- How multi-tenant cloud services distribute workloads.
+- How multitenant cloud services distribute workloads.
 
 ### Copilot Studio data residency behavior
 

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/8-design-access-controls-ground-data-model-tune.md

@@ -1,5 +1,3 @@
-## Overview
-
 Designing access controls for grounding data and model-tuning workflows is a critical responsibility for solution architects. AI systems depend on trustworthy, policy-aligned grounding data and secure tuning processes to ensure predictable, compliant, and responsible outputs. Effective controls protect sensitive assets, enforce the principle of least privilege, and ensure AI behaviors remain aligned with organizational, legal, and ethical requirements.
 
 This unit provides a structured approach for evaluating and designing access controls around data ingestion, grounding retrieval, model evaluations, and supervised fine-tuning workflows.
@@ -56,13 +54,13 @@ Guardrails protect both users and the system by preventing unsafe or non-complia
 
 - Blocklists for prohibited document types
 
-- Sanitization pipelines removing PII or contractual data
+- Sanitization pipelines removing personal data or contractual data
 
 - Automated reviews validating safety and policy alignment
 
 - Alerting and anomaly detection for unusual data access or tuning patterns
 
-:::image type="content" source="../media/guardrail-enforcement-model.png" alt-text="Guardrail Enforcement Model.":::
+
 
 ## Operational monitoring and compliance enforcement