LP2: Update modules 01, 04, 05 from revised source; remove orphaned media

Author: Rob-Barefoot

.openpublishing.redirection.json

@@ -38462,17 +38462,17 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "learn.wwl.describe-azure-storage-services.exercise-create-storage-blob",
-      "redirect_url": "/training/modules/describe-azure-storage-services/",
+      "source_path": "https://learn.microsoft.com/training/modules/describe-azure-storage-services/5-exercise-create-storage-blob",
+      "redirect_url": "https://learn.microsoft.com/training/modules/describe-azure-storage-services/",
       "redirect_document_id": false
     },
     {
-      "source_path": "learn.wwl.describe-core-architectural-components-of-azure.exercise-explore-learn-sandbox",
-      "redirect_url": "/training/modules/describe-core-architectural-components-of-azure/",
+      "source_path": "https://learn.microsoft.com/training/modules/describe-core-architectural-components-of-azure/7-exercise-create-azure-resource",
+      "redirect_url": "https://learn.microsoft.com/training/modules/describe-core-architectural-components-of-azure/",
       "redirect_document_id": false
     },
     {
-      "source_path": "learn.wwl.describe-core-architectural-components-of-azure.exercise-create-azure-resource",
+      "source_path": "https://learn.microsoft.com/training/modules/describe-core-architectural-components-of-azure/4-exercise-explore-learn-sandbox",
       "redirect_url": "/training/modules/describe-core-architectural-components-of-azure/",
       "redirect_document_id": false
     },

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/2-directory-services.md

@@ -1,17 +1,17 @@
-Microsoft Entra ID is Microsoft's cloud-based identity and access management service. You use it to sign in and access both Microsoft cloud applications and applications that you develop.
+Microsoft Entra ID is Microsoft's cloud-based identity and access management service. It lets you sign in and access both Microsoft cloud applications and cloud applications that you develop.
 
 If you've worked with on-premises Active Directory, Microsoft Entra ID will feel familiar. The key difference is that you control the identity accounts while Microsoft ensures the service is available globally.
 
-Connecting on-premises Active Directory to Microsoft Entra ID adds security. On its own, on-premises Active Directory doesn't monitor sign-in behavior. After the connection, Microsoft Entra ID can detect suspicious sign-in attempts at no extra cost — for example, sign-ins from unexpected locations or unknown devices.
+Connecting the two unlocks extra protection. On its own, on-premises Active Directory doesn't monitor sign-in behavior. Once connected to Microsoft Entra ID, Microsoft can detect suspicious sign-in attempts at no extra cost — for example, sign-ins from unexpected locations or unknown devices.
 
 ## Who uses Microsoft Entra ID?
 
 Microsoft Entra ID is for:
 
  -  **IT administrators**. Administrators can use Microsoft Entra ID to control access to applications and resources based on workload and security requirements.
- -  **App developers**. Developers can use Microsoft Entra ID as a standards-based way to add functionality to their applications, such as SSO or support for existing user credentials.
- -  **Users**. Users can manage their identities and perform tasks like self-service password reset.
- -  **Online service subscribers**. Microsoft 365, Azure, and Dynamics 365 subscribers already use Microsoft Entra ID to sign in to their accounts.
+ -  **App developers**. Developers can use Microsoft Entra ID to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user's existing credentials.
+ -  **Users**. Users can manage their identities and take maintenance actions like self-service password reset.
+ -  **Online service subscribers**. Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Microsoft Entra ID to authenticate into their account.
 
 ## What does Microsoft Entra ID do?
 
@@ -22,31 +22,31 @@ Microsoft Entra ID provides services such as:
  -  **Application management** — Manages cloud and on-premises apps through features like Application Proxy, SaaS app integration, and the My Apps portal.
  -  **Device management** — Supports device registration and management through tools like Microsoft Intune. Enables device-based Conditional Access policies that restrict access to known devices.
 
-:::image type="content" source="../media/directory-services-option-entra-capabilities-hub.png" alt-text="Diagram showing Microsoft Entra ID at the center with spokes connecting to Authentication, Single Sign-On, App Management, and Device Management capabilities.":::
+:::image type="content" source="../media/directory-services-option-entra-capabilities-hub.png" alt-text="Diagram showing Microsoft Entra ID at the center with spokes connecting to Authentication, Single sign-on, App Management, and Device Management capabilities.":::
 
 ## Can I connect my on-premises AD with Microsoft Entra ID?
 
-Without a connection, you must maintain two separate identity sets: one in on-premises Active Directory and one in Microsoft Entra ID. Microsoft Entra Connect bridges that gap.
+Without a connection, an on-premises Active Directory deployment and a cloud Microsoft Entra ID deployment require you to maintain two separate identity sets. Microsoft Entra Connect bridges that gap.
 
-Microsoft Entra Connect synchronizes user identities between on-premises Active Directory and Microsoft Entra ID. Because changes flow between both systems, users have a consistent experience — including SSO, multifactor authentication, and self-service password reset — whether they access on-premises or cloud resources.
+Microsoft Entra Connect synchronizes user identities between on-premises Active Directory and Microsoft Entra ID. Because changes flow between both systems, users get a consistent experience — including SSO, multifactor authentication, and self-service password reset — whether they're accessing on-premises or cloud resources.
 
 ## What is Microsoft Entra Domain Services?
 
 Microsoft Entra Domain Services provides managed domain services — domain join, group policy, LDAP, and Kerberos/NTLM authentication — without requiring you to deploy or maintain domain controllers in the cloud.
 
-Managed domain services are especially useful for legacy applications that can't use modern authentication. You can lift and shift those applications from on-premises into a managed domain without managing an AD DS environment in the cloud.
+This is especially useful for legacy applications that can't use modern authentication. You can lift and shift those applications from on-premises into a managed domain without managing an AD DS environment in the cloud.
 
-Because Microsoft Entra Domain Services integrates with your existing Microsoft Entra tenant, users can sign in to the managed domain with their existing credentials. Existing groups and user accounts also transfer, which simplifies migration.
+Because Microsoft Entra Domain Services integrate with your existing Microsoft Entra tenant, users can sign in to the managed domain with their existing credentials. Existing groups and user accounts also carry over, providing a smoother migration path.
 
 ### How does Microsoft Entra Domain Services work?
 
-When you create a Microsoft Entra Domain Services managed domain, you define a unique namespace. This namespace is the domain name. Azure then deploys two Windows Server domain controllers into your selected region. This pair of DCs is called a replica set.
+When you create a Microsoft Entra Domain Services managed domain, you define a unique namespace. This namespace is the domain name. Two Windows Server domain controllers are then deployed into your selected Azure region. This deployment of DCs is known as a replica set.
 
 You don't need to manage, configure, or update these DCs. The Azure platform handles the DCs as part of the managed domain, including backups and encryption at rest using Azure Disk Encryption.
 
 ### Is information synchronized?
 
-A managed domain performs one-way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services. You can create resources directly in the managed domain, but they don't synchronize back to Microsoft Entra ID. In a hybrid environment, Microsoft Entra Connect synchronizes on-premises AD DS identity information with Microsoft Entra ID, which then synchronizes to the managed domain.
+A managed domain is configured to perform a one-way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services. You can create resources directly in the managed domain, but they aren't synchronized back to Microsoft Entra ID. In a hybrid environment with an on-premises AD DS environment, Microsoft Entra Connect synchronizes identity information with Microsoft Entra ID, which is then synchronized to the managed domain.
 
 :::image type="content" source="../media/directory-services-option-sync-architecture.png" alt-text="Diagram showing the identity sync flow from on-premises Active Directory through Microsoft Entra Connect to Microsoft Entra ID and Domain Services.":::
 

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/3-authentication-methods.md

@@ -2,7 +2,7 @@ Authentication establishes the identity of a person, service, or device by requi
 
 The following diagram shows the security level compared to the convenience. Notice Passwordless authentication is high security and high convenience while passwords on their own are low security but high convenience.
 
-:::image type="content" source="../media/authentication-methods-options.png" alt-text="Diagram comparing Password Only, Multifactor Authentication, and Passwordless methods across security and convenience. Passwordless scores highest on both scales.":::
+:::image type="content" source="../media/authentication-methods-option-auth-spectrum.png" alt-text="Diagram comparing Password Only, Multifactor Authentication, and Passwordless methods across security and convenience. Passwordless scores highest on both scales.":::
 
 
 ## What's single sign-on?

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/7-describe-zero-trust-model.md

@@ -6,7 +6,7 @@ To address this new world of computing, Microsoft highly recommends the Zero Tru
 
  -  **Verify explicitly** \- Always authenticate and authorize based on all available data points.
  -  **Use least privilege access** \- Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
- -  **Assume breach** \- Minimize blast radius and segment access. Verify end-to-end encryption. Use analytics to get visibility, drive threat detection, and improve defenses.
+ -  **Assume breach** \- Limit the potential impact and segment access. Verify end-to-end encryption. Use analytics to get visibility, drive threat detection, and improve defenses.
 
 :::image type="content" source="../media/zero-trust-option-principles-triad.png" alt-text="Diagram showing the three Zero Trust guiding principles: Verify explicitly, Use least privilege access, and Assume breach, each with key actions listed.":::
 

learn-pr/wwl-azure/describe-azure-identity-access-security/includes/9a-describe-encryption-key-management.md

@@ -9,7 +9,7 @@ In Azure, encryption is commonly discussed in two forms:
 
 A strong security posture generally includes both.
 
-:::image type="content" source="../media/encryption-key-mgmt-option-split.png" alt-text="Diagram showing encryption at rest protecting databases, disks, and storage, and encryption in transit protecting data moving between application tiers and users, with Azure Key Vault managing secrets, encryption keys, and certificates for both.":::
+:::image type="content" source="../media/encryption-key-management-option-split.png" alt-text="Diagram showing encryption at rest protecting databases, disks, and storage, and encryption in transit protecting data moving between application tiers and users, with Azure Key Vault managing secrets, encryption keys, and certificates for both.":::
 
 ## Practical example
 
@@ -25,7 +25,7 @@ Azure Key Vault is a service for securely storing and controlling access to:
 
 Using Key Vault helps centralize secret and key management instead of storing sensitive values directly in application code or configuration files.
 
-:::image type="content" source="../media/encryption-key-mgmt-option-hub.png" alt-text="Diagram showing Azure Key Vault as a central hub managing three categories: secrets such as passwords and connection strings, encryption keys for at-rest and in-transit protection, and certificates for TLS and SSL. Benefits include access control, key rotation, and usage auditing.":::
+:::image type="content" source="../media/encryption-key-management-option-hub.png" alt-text="Diagram showing Azure Key Vault as a central hub managing three categories: secrets such as passwords and connection strings, encryption keys for at-rest and in-transit protection, and certificates for TLS and SSL. Benefits include access control, key rotation, and usage auditing.":::
 
 ## Why key management matters