Merge pull request #53715 from ceperezb/CEPEREZB-sc100-design-sec-ops

update module

Author: ttorble

learn-pr/wwl-sci/design-solutions-security-operations/0-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction to the module on designing solutions for security operations."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-solutions-security-operations/1-introduction-security-operations-secops.yml

@@ -4,7 +4,7 @@ title: Describe the function of Security operations (SecOps)
 metadata:
   title: Describe the function of Security operations (SecOps)
   description: "SC-100 preparatory unit on the topic: Describe the function of Security operations (SecOps)."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-solutions-security-operations/10-summary.yml

@@ -4,10 +4,10 @@ title: Summary
 metadata:
   title: Summary
   description: "Summary of the module on the topic: design solutions for security operations."
-  ms.date: 09/26/2024
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 3
+durationInMinutes: 4
 content: |
   [!include[](includes/10-summary.md)]

learn-pr/wwl-sci/design-solutions-security-operations/2-design-security-operations-capabilities-hybrid-multicloud-environments.yml

@@ -4,10 +4,10 @@ title: Design monitoring to support hybrid and multicloud environments
 metadata:
   title: Design monitoring to support hybrid and multicloud environments
   description: "SC-100 preparatory unit on the topic: Design monitoring to support hybrid and multicloud environments."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 11
+durationInMinutes: 12
 content: |
   [!include[](includes/2-design-security-operations-capabilities-hybrid-multicloud-environments.md)]

learn-pr/wwl-sci/design-solutions-security-operations/3-design-centralized-logging-auditing.yml

@@ -4,10 +4,10 @@ title: Design solutions to support centralized logging and auditing
 metadata:
   title: Design solutions to support centralized logging and auditing 
   description: "SC-100 preparatory unit on the topic: design centralized logging and auditing."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 20
+durationInMinutes: 19
 content: |
   [!include[](includes/3-design-centralized-logging-auditing.md)]

learn-pr/wwl-sci/design-solutions-security-operations/5-design-solutions-detection-response.yml

@@ -4,7 +4,7 @@ title: Design solutions for detection and response that includes extended detect
 metadata:
   title: Design solutions for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)
   description: "SC-100 preparatory unit on the topic: design solutions for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-solutions-security-operations/6-design-solution-security-orchestration-automation-response.yml

@@ -4,7 +4,7 @@ title: Design a solution for security orchestration, automation, and response (S
 metadata:
   title: Design a solution for security orchestration, automation, and response (SOAR)
   description: "SC-100 preparatory unit on the topic: design a solution for security orchestration, automation, and response (SOAR)."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-solutions-security-operations/7-design-security-workflows.yml

@@ -4,7 +4,7 @@ title: Design and evaluate security workflows, including incident response, thre
 metadata:
   title: Design and evaluate security workflows, including incident response, threat hunting, and incident management
   description: "SC-100 preparatory unit on the topic: •	Design and evaluate security workflows, including incident response, threat hunting, and incident management."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-solutions-security-operations/8-design-threat-detection-coverage.yml

@@ -4,11 +4,11 @@ title: Design and evaluate threat detection coverage by using MITRE ATT&CK matri
 metadata:
   title: Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS
   description: "SC-100 preparatory unit on the topic: Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS."
-  ms.date: 02/02/2026
+  ms.date: 03/06/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 9
+durationInMinutes: 10
 content: |
   [!include[](includes/8-design-threat-detection-coverage.md)]
 

learn-pr/wwl-sci/design-solutions-security-operations/9-knowledge-check.yml

@@ -1,89 +1,89 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.design-solutions-security-operations.knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: "Knowledge check for module on the topic: design solutions for security operations."
-  ms.date: 09/26/2024
-  author: ceperezb
-  ms.author: ceperezb
-  ms.topic: unit
-  module_assessment: true
-durationInMinutes: 3
-###########################################################################
-###
-### General guidance (https://review.learn.microsoft.com/learn-docs/docs/id-guidance-knowledge-check)
-###  - Questions are complete sentences ending with a question mark
-###  - No true/false questions
-###  - 3 answers per question
-###  - All answers about the same length
-###  - Numeric answers listed in sorted order
-###  - No "All of the above" and/or "None of the above" as answer choices
-###  - No "Not" or "Except" in questions
-###  - No second person ("you") in the questions or answers
-###  - Provide a meaningful explanation for both correct and incorrect answers
-###
-###########################################################################
-content: |
-quiz:
-  questions:
-    - content: "What is the function of a Security Operations Center (SOC)?"
-      choices:
-        - content: "Monitor an organization's security posture, detect and respond to security incidents."
-          isCorrect: true
-          explanation: "A SOC is responsible for monitoring an organization's security posture, detecting security incidents, and responding effectively to them."
-        - content: "Perform security testing and vulnerability assessments"
-          isCorrect: false
-          explanation: "While security testing is important, a SOC is primarily focused on incident detection, response and prevention."
-        - content: "Develop network security policies and procedures"
-          isCorrect: false
-          explanation: "While policy development is an important part of any security program, a SOC is primarily focused on incident detection, response and prevention."
-        - content: "Train employees on security awareness best practices"
-          isCorrect: false
-          explanation: "While employee training is important, a SOC is primarily focused on incident detection, response and prevention."
-
-    - content: "Which of the following best describes the function of Azure Monitor?"
-      choices:
-        - content: "Collects data from various sources and provides insights into the performance and health of applications and infrastructure."
-          isCorrect: true
-          explanation: "Azure Monitor collects data from various sources including logs, metrics, and trace telemetry, and provides insights into the performance, health, and availability of applications and infrastructure."
-        - content: "Provides network security by analyzing and blocking malicious traffic."
-          isCorrect: false
-          explanation: "While security is an important aspect of cloud services, it is not the primary function of Azure Monitor."
-        - content: "Automatically remediates security issues in computing environments."
-          isCorrect: false
-          explanation: "While automation is a key component of modern security operations, it is not the primary function of Azure Monitor."
-        - content: "Allows users to monitor social media and web-based threats."
-          isCorrect: false
-          explanation: "Azure Monitor is focused on collecting data from Azure resources, logging systems, and other sources, not monitoring social media or web-based threats."
-
-    - content: "What is XDR in Microsoft Defender XDR?"
-      choices:
-        - content: "An AI-powered malware scanner that detects and removes malicious files."
-          isCorrect: false
-          explanation: "While malware detection is part of its capabilities, XDR refers to extended detection and response which is designed to connect multiple security products across an environment and automate threat response in real-time."
-        - content: "A cloud-based backup solution for critical data." 
-          isCorrect: false
-          explanation: "Backup solutions are important but the role of XDR is beyond that, focusing on detecting and responding to modern-day cyber-attacks with automated actions."
-        - content: "A tool that automates patching of vulnerable systems."
-          isCorrect: false
-          explanation: "While automated patching is a valuable tool for improving system security, this is not the primary function of XDR."
-        - content: "A unified threat detection and response solution."
-          isCorrect: true
-          explanation: "XDR is a unified platform that provides visibility across endpoints, email, documents, identity, and allows security teams to quickly investigate, respond and remediate threats in a coordinated way."
-
-    - content: "What is the purpose of the MITRE ATT&CK framework within Microsoft Sentinel?"
-      choices:
-        - content: "To identify vulnerabilities in Azure environments."
-          isCorrect: false
-          explanation: "The MITRE ATT&CK framework is used to identify tactics, techniques, and procedures (TTPs) used by attackers to compromise networks and systems. It is not specifically intended for identifying vulnerabilities."
-        - content: "To create custom dashboards for tracking security events."
-          isCorrect: false
-          explanation: "Dashboards are a visualization tool, while MITRE ATT&CK can be used to help organize, prioritize and track against potential threat actor activity mapped against the TTPs."
-        - content: "To provide a comprehensive threat intelligence feed."
-          isCorrect: false
-          explanation: "Threat Intelligence feeds provide context about cyber threats prevalent at the time, however, the MITRE ATT&CK framework is primarily focused on providing a structured knowledge base of adversary tactics and techniques useful to investigators, analysts, and defenders."
-        - content: "To map detections and responses to specific adversary tactics and techniques."
-          isCorrect: true
-          explanation: "The MITRE ATT&CK framework offers a common language used by security teams to describe attacker behavior, test security defenses, and understand whether the implemented security measures are effective at stopping or identifying attacks in real-time."
-
+### YamlMime:ModuleUnit
+uid: learn.wwl.design-solutions-security-operations.knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: "Knowledge check for module on the article: design solutions for security operations."
+  ms.date: 03/06/2026
+  author: ceperezb
+  ms.author: ceperezb
+  ms.topic: unit
+  module_assessment: true
+durationInMinutes: 3
+###########################################################################
+###
+### General guidance (https://review.learn.microsoft.com/learn-docs/docs/id-guidance-knowledge-check)
+###  - Questions are complete sentences ending with a question mark
+###  - No true/false questions
+###  - 3 answers per question
+###  - All answers about the same length
+###  - Numeric answers listed in sorted order
+###  - No "All of the above" and/or "None of the above" as answer choices
+###  - No "Not" or "Except" in questions
+###  - No second person ("you") in the questions or answers
+###  - Provide a meaningful explanation for both correct and incorrect answers
+###
+###########################################################################
+content: |
+quiz:
+  questions:
+    - content: "What is the function of a Security Operations Center (SOC)?"
+      choices:
+        - content: "Monitor an organization's security posture, detect, and respond to security incidents."
+          isCorrect: true
+          explanation: "A SOC is responsible for monitoring an organization's security posture, detecting security incidents, and responding effectively to them."
+        - content: "Perform security testing and vulnerability assessments"
+          isCorrect: false
+          explanation: "While security testing is important, a SOC is primarily focused on incident detection, response, and prevention."
+        - content: "Develop network security policies and procedures"
+          isCorrect: false
+          explanation: "While policy development is an important part of any security program, a SOC is primarily focused on incident detection, response, and prevention."
+        - content: "Train employees on security awareness best practices"
+          isCorrect: false
+          explanation: "While employee training is important, a SOC is primarily focused on incident detection, response, and prevention."
+
+    - content: "Which of the following best describes the function of Azure Monitor?"
+      choices:
+        - content: "Collects data from various sources and provides insights into the performance and health of applications and infrastructure."
+          isCorrect: true
+          explanation: "Azure Monitor collects data from various sources including logs, metrics, and trace telemetry, and provides insights into the performance, health, and availability of applications and infrastructure."
+        - content: "Provides network security by analyzing and blocking malicious traffic."
+          isCorrect: false
+          explanation: "While security is an important aspect of cloud services, it is not the primary function of Azure Monitor."
+        - content: "Automatically remediates security issues in computing environments."
+          isCorrect: false
+          explanation: "While automation is a key component of modern security operations, it is not the primary function of Azure Monitor."
+        - content: "Allows users to monitor social media and web-based threats."
+          isCorrect: false
+          explanation: "Azure Monitor is focused on collecting data from Azure resources, logging systems, and other sources, not monitoring social media or web-based threats."
+
+    - content: "What is XDR in Microsoft Defender XDR?"
+      choices:
+        - content: "An AI-powered malware scanner that detects and removes malicious files."
+          isCorrect: false
+          explanation: "While malware detection is part of its capabilities, XDR refers to extended detection and response, which is designed to connect multiple security products across an environment and automate threat response in real-time."
+        - content: "A cloud-based backup solution for critical data." 
+          isCorrect: false
+          explanation: "Backup solutions are important but the role of XDR is beyond that, focusing on detecting and responding to modern-day cyber-attacks with automated actions."
+        - content: "A tool that automates patching of vulnerable systems."
+          isCorrect: false
+          explanation: "While automated patching is a valuable tool for improving system security, this isn't the primary function of XDR."
+        - content: "A unified threat detection and response solution."
+          isCorrect: true
+          explanation: "XDR is a unified platform that provides visibility across endpoints, email, documents, identity, and allows security teams to quickly investigate, respond, and remediate threats in a coordinated way."
+
+    - content: "What is the purpose of the MITRE ATT&CK framework within Microsoft Sentinel?"
+      choices:
+        - content: "To identify vulnerabilities in Azure environments."
+          isCorrect: false
+          explanation: "The MITRE ATT&CK framework is used to identify tactics, techniques, and procedures (TTPs) used by attackers to compromise networks and systems. It is not intended for identifying vulnerabilities."
+        - content: "To create custom dashboards for tracking security events."
+          isCorrect: false
+          explanation: "Dashboards are a visualization tool, while MITRE ATT&CK can be used to help organize, prioritize and track against potential threat actor activity mapped against the TTPs."
+        - content: "To provide a comprehensive threat intelligence feed."
+          isCorrect: false
+          explanation: "Threat Intelligence feeds provide context about cyber threats prevalent at the time, however, the MITRE ATT&CK framework is primarily focused on providing a structured knowledge base of adversary tactics and techniques useful to investigators, analysts, and defenders."
+        - content: "To map detections and responses to specific adversary tactics and techniques."
+          isCorrect: true
+          explanation: "The MITRE ATT&CK framework offers a common language used by security teams to describe attacker behavior, test security defenses, and understand whether the implemented security measures are effective at stopping or identifying attacks in real-time."
+