Merge pull request #54055 from staleycyn/patch-1

Stacyrch140 · web-flow · commit d706429b706c · 2026-03-31T17:18:18.000-04:00
Content drift for guided project secure workloads
diff --git a/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/3-exercise-security-groups.md b/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/3-exercise-security-groups.md
@@ -4,7 +4,7 @@ Your organization requires the network traffic in the app-vnet to be tightly con
 + The frontend subnet has web servers that can be accessed from the internet. An application security group (ASG) is required for those servers. The ASG should be associated with any virtual machine interface that is part of the group. 
 + An NSG rule is required to allow inbound HTTPS traffic to the ASG. This rule uses the TCP protocol on port 443. 
 + The backend subnet has database servers used by the frontend web servers. A network security group (NSG) is required to control this traffic. The NSG should be associated with any virtual machine interface accessed by the web servers. 
-+ An NSG rule is required to allow inbound network traffic from the ASG to the backend servers. This rule uses the MS SQL service and port 1443. 
++ An NSG rule is required to allow inbound network traffic from the ASG to the backend servers. This rule uses the MS SQL service and port 1433. 
 + A virtual machine should be installed in the frontend subnet (VM1) and the backend subnet (VM2). The IT group has an Azure Resource Manager template to deploy these Ubuntu servers. 
 
 ## Skilling Tasks
@@ -23,6 +23,6 @@ Your organization requires the network traffic in the app-vnet to be tightly con
 Launch the exercise and follow the instructions. When you're done, be sure to return to this page so you can continue learning.
 
 > [!NOTE]
-> To complete this lab you need an [Azure subscription](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
+> To complete this lab, you need an [Azure subscription](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 
-[![Button to launch exercise.](../media/launch-exercise.png)](https://go.microsoft.com/fwlink/?linkid=2261960)
+[![Button to launch exercise.](../media/launch-exercise.png)](https://go.microsoft.com/fwlink/?linkid=2261960)
diff --git a/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/4-exercise-firewall.md b/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/4-exercise-firewall.md
@@ -1,11 +1,14 @@
 ## Scenario
 
-Your organization requires centralized network security for the application virtual network. As the application usage increases, more granular application-level filtering and advanced threat protection are needed. Also, the application needs continuous updates from Azure Pipelines. You identify these requirements.
+Your organization requires centralized network security for the application virtual network. As the application usage increases, more granular application-level filtering and advanced threat protection are needed. All subnet traffic is routed through the firewall. You identify these requirements.
+
 + Azure Firewall is required for security in the app-vnet. 
 + A firewall policy should be configured to help manage access to the application. 
 + A firewall policy **application rule** is required. This rule allows the application access to Azure DevOps so the application code can be updated. 
 + A firewall policy **network rule** is required. This rule allows DNS resolution. 
 
+This lab uses the Standard SKU, which supports both network and application rule collections. Azure Firewall has three SKUs: Basic (for SMB environments, alert-mode threat intelligence only), Standard (enterprise-grade with application rules), and Premium (advanced threat protection). Azure Firewall inspects both north-south (external) and east-west (internal lateral) traffic between workloads.  
+
 ## Skilling Tasks
 
 + Create an Azure Firewall.
@@ -21,7 +24,7 @@ Your organization requires centralized network security for the application virt
 Launch the exercise and follow the instructions. When you're done, be sure to return to this page so you can continue learning.
 
 > [!NOTE]
-> To complete this lab you need an [Azure subscription](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
+> To complete this lab, you need an [Azure subscription](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 
 [![Button to launch exercise.](../media/launch-exercise.png)](https://go.microsoft.com/fwlink/?linkid=2261961)
 
diff --git a/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/8-summary.md b/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/8-summary.md
@@ -9,13 +9,8 @@ In this module, you learned how to:
 ## Learn more with Azure documentation
 
 - Read more about [Azure Virtual Networks](/azure/virtual-network/virtual-networks-overview).
-- Read more about [Network Security Groups](/azure/virtual-network/network-security-groups-overview?toc=%2Fazure%2Fnetworking%2Ffundamentals%2Ftoc.json).
-- Read more about [Azure Firewall](/azure/firewall/overview?toc=%2Fazure%2Fnetworking%2Ffundamentals%2Ftoc.json).
-- Read more about [Virtual Network routing](/azure/virtual-network/virtual-networks-udr-overview?toc=%2Fazure%2Fnetworking%2Ffundamentals%2Ftoc.json).
-- Read more about [Azure DNS](/azure/dns/dns-overview?toc=%2Fazure%2Fnetworking%2Ffundamentals%2Ftoc.json).
+- Read more about [Network Security Groups](/azure/virtual-network/network-security-groups-overview).
+- Read more about [Azure Firewall](/azure/firewall/overview).
+- Read more about [Virtual Network routing](/azure/virtual-network/virtual-networks-udr-overview).
+- Read more about [Azure DNS](/azure/dns/dns-overview).
 
-## Learn more with online training
-
-- [Configure Azure Virtual Networks](/training/modules/configure-virtual-networks/9-simulation-create-networks?ns-enrollment-type=learningpath&ns-enrollment-id=learn.az-104-manage-virtual-networks)
-- [Configure virtual network peering](/training/modules/configure-vnet-peering/6-simulation-peering?ns-enrollment-type=learningpath&ns-enrollment-id=learn.az-104-manage-virtual-networks) 
-- [Configure Network Security Groups](/training/modules/configure-network-security-groups/7-simulation-create-network-groups)
diff --git a/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/index.yml b/learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/index.yml
@@ -3,8 +3,8 @@ uid: learn.wwl.guided-project-configure-secure-access-workloads
 metadata:
   title: Guided Project - Configure secure access to workloads with Azure virtual networking services
   description: "In this module, you practice configuring secure access to workloads using Azure virtual networking. The lab combines both learning and hands-on practice."
-  ms.date: 01/26/2026
-  author: wwlpublish
+  ms.date: 03/23/2026
+  author: staleycyn
   ms.author: cynthist
   ms.topic: module
   ms.custom:
@@ -49,4 +49,4 @@ units:
 - learn.wwl.guided-project-configure-secure-access-workloads.knowledge-check
 - learn.wwl.guided-project-configure-secure-access-workloads.summary
 badge:
-  uid: learn.wwl.guided-project-configure-secure-access-workloads.badge
+  uid: learn.wwl.guided-project-configure-secure-access-workloads.badge
