fix for acronlinx

Author: ceperezb

learn-pr/wwl-sci/security-copilot-describe-agents/includes/1-introduction.md

@@ -1,16 +1,16 @@
 Microsoft Security Copilot is a cutting-edge AI-driven platform designed to enhance security workflows by automating tasks and providing actionable insights, making it an essential tool for security engineers.
 
-Imagine you're a security engineer at a mid-sized financial institution. Your team is overwhelmed with the sheer volume of security alerts, phishing attempts, and identity access requests that need to be analyzed daily. Recently, a phishing attack slipped through the cracks, leading to a data breach that could have been prevented with better tools and processes. You’re tasked with finding a solution that not only streamlines your team’s workload but also improves the accuracy and speed of threat detection and response. This is where Microsoft Security Copilot comes in. By using specialized agents like the Phishing Triage Agent and Conditional Access Optimization Agent, you can automate repetitive tasks, generate detailed threat intelligence reports, and optimize access policies—all while integrating seamlessly with tools like Microsoft Defender and Microsoft Entra. These capabilities allow your team to focus on high-priority issues, reduce false positives, and strengthen your organization’s overall security posture.
+Imagine you’re a security engineer at a mid-sized financial institution. Your team manages a complex environment spanning identity management with Microsoft Entra, endpoint protection with Microsoft Intune, threat detection with Microsoft Defender, and data protection with Microsoft Purview. Every day, your team is flooded with alerts from phishing attempts, identity risks, policy misconfigurations, and data loss incidents. Recently, a phishing attack slipped through the cracks, leading to a data breach that could have been prevented with better tools and processes. You’re tasked with finding a solution that not only streamlines your team’s workload but also improves the accuracy and speed of threat detection and response across all these platforms. This is where Microsoft Security Copilot agents come in. These AI-powered agents automate repetitive tasks, provide actionable insights, and integrate seamlessly across Microsoft security products—helping your team focus on high-priority issues, reduce false positives, and strengthen your organization’s overall security posture.
 
-In this module, you get an introduction to some of the Microsoft Security Copilot agents, including the Threat Intelligence briefing agent, the Conditional Access Optimization agent, and the Phishing Triage agent.
+In this module, you get an introduction to Microsoft Security Copilot agents, including agent identities and permissions. You explore the Threat Intelligence Briefing Agent in the standalone experience and learn about Security Copilot agents across Microsoft Entra, Microsoft Defender, Microsoft Purview, and Microsoft Intune. You also learn how Security Copilot supports building your own agents.
 
 > [!NOTE]
->This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Coplot, through both the standalone and embedded experience. Agents that are available through the embedded Copilot experience, are described in training that relates to the specific security solution in which it's embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution. 
+> This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Copilot, through both the standalone and embedded experiences. Agents that are available through the embedded Copilot experience are described in training that relates to the specific security solution in which they’re embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution.
 
 After completing this module, you’ll be able to:
 
 - Describe the role and functionality of Microsoft Security Copilot agents in automating security workflows.
-- Describe the Threat Intelligence Briefing Agent.
-- Describe the Conditional Access Optimization Agent.
-- Describe the Phishing Triage agent.
+- Describe agent identities and permissions in Microsoft Security Copilot.
+- Describe the Threat Intelligence Briefing Agent in the Security Copilot standalone experience.
+- Describe Security Copilot agents in Microsoft Entra, Microsoft Defender, Microsoft Purview, and Microsoft Intune.
 - Describe how Security Copilot supports building your own agents.

learn-pr/wwl-sci/security-copilot-describe-agents/includes/2-describe-agents.md

@@ -14,7 +14,7 @@ To effectively use Security Copilot agents, it's essential to understand the ter
 |--------------|-------------|
 | **Trigger**  | An event or condition that tells an agentic system to initiate an action or series of actions. |
 | **Permissions** | The level of authorization an AI agent is given by an admin during configuration that enables it to access specific information or carry out its tasks. |
-| **Identity** | An agent needs an identity to authenticate and securely access resources when it runs. During the agent setup process, you choose from two types of identity: (1) **Create an agent identity** — Creates a dedicated identity for the agent using the Microsoft Entra Agent ID capability, keeping access scoped, secure, and easier to manage. Currently, this option is only available for Microsoft-built agents. (2) **Connect with an existing user account** — Lets the agent use your credentials to run, inheriting your access and permissions while it's active. |
+| **Identity** | An agent needs an identity to authenticate and securely access resources when it runs. During the agent setup process, you choose from two types of identity: (1) **Create an agent identity**—Creates a dedicated identity for the agent using the Microsoft Entra Agent ID capability, keeping access scoped, secure, and easier to manage. Currently, this option is only available for Microsoft-built agents. (2) **Connect with an existing user account**—Lets the agent use your credentials to run, inheriting your access and permissions while it's active. |
 | **Plugins**  | A component that extends what an agent can do by giving it access to capabilities in Microsoft and non-Microsoft services and public websites through APIs. While some plugins may be required to run an agent, some agents may employ optional plugins that can enhance its functionality by providing access to more data sources or tools.|
 | **Role-based access control (RBAC)** | Determines who can view and manage the outputs generated by agents in Microsoft Security Copilot, and ensures that sensitive information is accessible only to authorized users. |
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/2a-understand-agent-identities-permissions.md

@@ -31,10 +31,10 @@ This option lets the agent use an existing user's credentials. The agent inherit
 
 An AI agent can use its identity to:
 
-- **Access web services** — Request access tokens from Microsoft Entra to call Microsoft Graph, organization-built services, or third-party APIs.
-- **Autonomous access** — Act independently using rights assigned directly to the agent identity, including Microsoft Graph permissions, Azure RBAC roles, and Microsoft Entra directory roles.
-- **Delegated access** — Act on behalf of a human user, using rights the user controls and delegates.
-- **Authenticate incoming messages** — Accept and validate requests from other clients, users, or agents using Microsoft Entra access tokens.
+- **Access web services**—Request access tokens from Microsoft Entra to call Microsoft Graph, organization-built services, or non-Microsoft APIs.
+- **Autonomous access**—Act independently using rights assigned directly to the agent identity, including Microsoft Graph permissions, Azure role-based access control (RBAC) roles, and Microsoft Entra directory roles.
+- **Delegated access**—Act on behalf of a human user, using rights the user controls and delegates.
+- **Authenticate incoming messages**—Accept and validate requests from other clients, users, or agents using Microsoft Entra access tokens.
 
 ### Permissions for agents
 
@@ -46,8 +46,8 @@ When an agent identity is created, the required permissions are assigned automat
 
 RBAC determines who can view and manage agent outputs in Security Copilot. The Security Copilot platform defines two roles:
 
-- **Security Copilot owner** — Set up agents, manage settings, assign permissions, and perform all platform tasks. Build, test, and publish agents at workspace scope.
-- **Security Copilot contributor** — Run agents, create sessions, and interact with agent outputs. Build, test, and publish agents at user scope.
+- **Security Copilot owner**—Set up agents, manage settings, assign permissions, and perform all platform tasks. Build, test, and publish agents at workspace scope.
+- **Security Copilot contributor**—Run agents, create sessions, and interact with agent outputs. Build, test, and publish agents at user scope.
 
 These roles are managed within Security Copilot and are separate from Microsoft Entra ID roles. They control platform access only and don't grant access to security data by themselves. The data an agent can access is still governed by the user's existing Microsoft Entra and Azure RBAC roles—Security Copilot never exceeds the access a user already has.
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/4-describe-conditional-access-optimization-agent.md

@@ -3,7 +3,7 @@ Microsoft Entra agents can automate many identity and access management operatio
 Microsoft Entra agents analyze your identity environment, apply best practices, and take automated actions to improve your identity and access security posture and operational efficiency. They integrate directly with Microsoft Entra services, using your organization’s identity data and configuration to provide contextual, actionable insights.
 
 > [!NOTE]
-> This unit is designed to provide a high-level overview of the Security Copilot agents in Microsoft Entra. For additional information, refer to training that relates to Microsoft Entra.
+> The list of Security Copilot agents in Microsoft Entra is continually growing. This unit is designed to provide a high-level overview of a few of the Security Copilot agents in Microsoft Entra. Fo more information, refer to training that relates to Microsoft Entra.
 
 ### What are Microsoft Entra agents?
 
@@ -46,7 +46,7 @@ The [Access Review Agent](https://learn.microsoft.com/entra/id-governance/access
 
 | Attribute | Description |
 |-----------|-------------|
-| **Identity** | A unique agent identity for authorization is created when the agent is turned on. The agent uses this identity to scan your tenant for active access reviews, gather additional insights, and save its recommendations. Final decisions, submitted through the Microsoft Teams conversation, use the reviewer’s identity. |
+| **Identity** | A unique agent identity for authorization is created when the agent is turned on. The agent uses this identity to scan your tenant for active access reviews, gather insights, and save its recommendations. Final decisions, submitted through the Microsoft Teams conversation, use the reviewer’s identity. |
 | **Licenses** | Microsoft Entra ID Governance or Microsoft Entra Suite. |
 | **Plugins** | Microsoft Entra (mandatory). |
 | **Products** | ID Governance Access Reviews. |

learn-pr/wwl-sci/security-copilot-describe-agents/includes/5-describe-phishing-triage-agent.md

@@ -2,7 +2,10 @@ Microsoft Security Copilot includes agents embedded in the Microsoft Defender po
 
 
 > [!NOTE]
-> This unit is designed to provide a high-level overview of the Security Copilot agents in Microsoft Defender, which are focused on SOC tasks. For additional information related to the SOC tasks, such as threat hunting, threat detection, etc. refer to [Defend against cyberthreats with Microsoft's security operations platform](/training/courses/sc-200t00).
+> The list of Security Copilot agents in Microsoft Entra is continually growing. This unit is designed to provide a high-level overview of a few of the Security Copilot agents in Microsoft Entra. Fo more information, refer to training that relates to Microsoft Entra.
+
+> [!NOTE]
+> The list of Security Copilot agents in Microsoft Defender is continually growing. This unit is designed to provide a high-level overview of just a few of the Security Copilot agents in Microsoft Defender. For more information related to agents in Microsoft Defender and focused on SOC tasks, see [Defend against cyberthreats with Microsoft's security operations platform](/training/courses/sc-200t00).
 > 
 ### Microsoft Security Copilot agents in Microsoft Defender
 
@@ -38,7 +41,7 @@ The [Threat Intelligence Briefing Agent](https://learn.microsoft.com/defender-xd
 
 #### Threat Hunting Agent
 
-The [Threat Hunting Agent](https://learn.microsoft.com/defender-xdr/advanced-hunting-security-copilot-threat-hunting-agent) enables you to investigate threats using natural language from start to finish. It not only generates KQL queries but also interprets results, surfaces insights, and guides you through full hunting sessions. These capabilities empower you to hunt threats faster, more accurately, and with greater confidence.
+The [Threat Hunting Agent](https://learn.microsoft.com/defender-xdr/advanced-hunting-security-copilot-threat-hunting-agent) enables you to investigate threats using natural language from start to finish. It not only generates Kusto Query Language (KQL) queries but also interprets results, surfaces insights, and guides you through full hunting sessions. These capabilities empower you to hunt threats faster, more accurately, and with greater confidence.
 
 #### Dynamic Threat Detection Agent
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/5a-describe-purview-agents.md

@@ -1,7 +1,7 @@
 Microsoft Security Copilot agents in Microsoft Purview help triage Microsoft Purview Data Loss Prevention (DLP) and Microsoft Purview Insider Risk Management alerts. These agents are AI-powered assistants that work seamlessly with Microsoft security products to help security teams evaluate and categorize alerts.
 
 > [!NOTE]
-> This unit is designed to provide a high-level overview of the Security Copilot agents in Microsoft Purview. For additional information, refer to training that relates to Microsoft Purview.
+> The list of Security Copilot agents in Microsoft Purview is continually growing. This unit is designed to provide a high-level overview of a few of the Security Copilot agents in Microsoft Purview. For more information, see training that relates to Microsoft Purview.
 
 ### Microsoft Security Copilot agents in Microsoft Purview
 
@@ -14,7 +14,7 @@ The [Triage Agent in Insider Risk Management](https://learn.microsoft.com/purvie
 | Attribute | Description |
 |-----------|-------------|
 | **Identity** | Runs as the administrator who turned on the agent. Agent authentication expires after 90 days and must be renewed. |
-| **License** | Both the standard per seat licensing model and the pay-as-you-go billing model. Microsoft Purview Insider Risk Management with Microsoft 365 E3/E5/A5/F5/G5. |
+| **License** | Both the standard per user licensing model and the pay-as-you-go billing model. Microsoft Purview Insider Risk Management with Microsoft 365 E3/E5/A5/F5/G5. |
 | **Permissions** | Access policy configurations and settings in Insider Risk Management; read activities and events in Microsoft Purview; read file content and metadata involved in Insider Risk Management alerts; store user feedback and apply feedback when evaluating Insider Risk Management alerts. |
 | **Plugins** | Microsoft Purview. |
 | **Products** | Security Copilot and Insider Risk Management. |
@@ -28,7 +28,7 @@ The [Alert Triage Agent in Data Loss Prevention](https://learn.microsoft.com/pur
 | Attribute | Description |
 |-----------|-------------|
 | **Identity** | Runs as the administrator who turned on the agent. Agent authentication expires after 90 days and must be renewed. |
-| **License** | Both the standard per seat licensing model and the pay-as-you-go billing model. Microsoft Purview Data Loss Prevention with Microsoft 365 E3/E5/A5/F5/G5. |
+| **License** | Both the standard per user licensing model and the pay-as-you-go billing model. Microsoft Purview Data Loss Prevention with Microsoft 365 E3/E5/A5/F5/G5. |
 | **Permissions** | Access policy configurations and settings in DLP; read activities and events in Microsoft Purview; read file content and metadata involved in DLP alerts; store user feedback and apply feedback when evaluating DLP alerts. |
 | **Plugins** | Microsoft Purview. |
 | **Products** | Security Copilot and Data Loss Prevention. |

learn-pr/wwl-sci/security-copilot-describe-agents/includes/5b-build-agents.md

@@ -137,12 +137,12 @@ The iterative development process allows continuous refinement through conversat
 - Direct deployment capabilities
 - Support for iterative development through conversational input
 
-MCP tools are perfect for developers who want to build agents within their familiar development environment while leveraging AI assistance throughout the creation process.
+MCP tools are perfect for developers who want to build agents within their familiar development environment while using AI assistance throughout the creation process.
 
 **What you do:**
 
 - Use natural language prompts within your IDE to describe agent intent
-- Leverage MCP tools to automatically discover relevant Security Copilot capabilities
+- Use MCP tools to automatically discover relevant Security Copilot capabilities
 - Generate and iterate on agent YAML files through conversational AI assistance
 - Deploy agents directly to Security Copilot from your development environment
 - Test and refine agents through continuous feedback loops