fix for pr issues

Author: ceperezb

learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/3b-design-solutions-ramp.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.design-solutions-microsoft-cybersecurity-cloud-security-benchmark.design-solutions-rapid-modernization-plan
+title: Design solutions that align to a Zero Trust rapid modernization plan
+metadata:
+  title: Design solutions that align to a Zero Trust rapid modernization plan
+  description: "SC-100 preparatory content on topic: Design solutions that align to a Zero Trust rapid modernization plan (RaMP)."
+  ms.date: 01/23/2026
+  author: ceperezb
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 6
+content: |
+  [!include[](includes/3b-design-solutions-rapid-modernization-plan.md)]

learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/3b-design-solutions-rapid-modernization-plan.yml

@@ -1,18 +1,18 @@
-In this unit we introduce the Microsoft Cybersecurity Reference Architecture (MCRA). But to understand what the MCRA is, it's important to first introduce the Microsoft Security Adoption Framework, as the MCRA is a component of the SAF.
+In this unit, we introduce the Microsoft Cybersecurity Reference Architecture (MCRA). But to understand what the MCRA is, it's important to first introduce the Microsoft Security Adoption Framework, as the MCRA is a component of the SAF.
 
 ## The Microsoft Security Adoption Framework
 
-The Microsoft Security Adoption Framework (SAF) is a comprehensive guide for end-to-end security modernization. It provides a structured approach—from executive strategy to architectural and technical planning—grounded in Zero Trust principles, to help organizations improve their security posture across a hybrid, multicloud environment. Think of SAF as the overarching “playbook” for security transformation, addressing not just technology but also strategy, governance, and processes. [learn.microsoft.com]
+The Microsoft Security Adoption Framework (SAF) is a comprehensive guide for end-to-end security modernization. It provides a structured approach—from executive strategy to architectural and technical planning—grounded in Zero Trust principles, to help organizations improve their security posture across a hybrid, multicloud environment. Think of SAF as the overarching "playbook" for security transformation, addressing not just technology but also strategy, governance, and processes. [learn.microsoft.com]
 
-Within that framework, the Microsoft Cybersecurity Reference Architecture (MCRA) serves as a key component of SAF. MCRA is essentially the technical blueprint that visualizes how all Microsoft security capabilities and best practices fit together in an end-to-end architecture. It shows how to implement SAF’s guidance at the technical level. In fact, SAF leverages MCRA as the reference model for security architecture — MCRA illustrates the integrated security solutions (identity, devices, apps, infrastructure, etc.) working in concert under Zero Trust. By design, MCRA is part of SAF, helping security teams align their detailed technical architecture with the broader security strategy and Zero Trust approach advocated by SAF. [Microsoft...soft Learn | Learn.Microsoft.com]
+Within that framework, the Microsoft Cybersecurity Reference Architecture (MCRA) serves as a key component of SAF. MCRA is essentially the technical blueprint that visualizes how all Microsoft security capabilities and best practices fit together in an end-to-end architecture. It shows how to implement SAF’s guidance at the technical level. In fact, SAF applies MCRA as the reference model for security architecture. MCRA illustrates the integrated security solutions (identity, devices, apps, infrastructure, etc.) working in concert under Zero Trust. By design, MCRA is part of SAF, helping security teams align their detailed technical architecture with the broader security strategy and Zero Trust approach advocated by SAF. [Microsoft...soft Learn | Learn.Microsoft.com]
 
-In summary, SAF provides the “why and how” of security modernization (the strategic roadmap and operational guidance), while MCRA provides the “what” (the detailed architecture of security capabilities). Understanding their relationship: SAF sets the vision and process for modernizing security, and MCRA gives you the picture of the end-state architecture to aim for, ensuring that your security program’s execution aligns with Microsoft’s best-practice architecture for cybersecurity. This interplay ensures that as you plan and implement improvements via SAF, you are guided by the MCRA to cover all security domains in a coherent, integrated way. The result is a well-aligned security strategy (via SAF) and architecture (via MCRA) for modern enterprises.
+In summary, SAF provides the “why and how” of security modernization (the strategic roadmap and operational guidance), while MCRA provides the "what" (the detailed architecture of security capabilities). Understanding their relationship: SAF sets the vision and process for modernizing security, and MCRA gives you the picture of the end-state architecture to aim for, ensuring that your security program’s execution aligns with Microsoft’s best-practice architecture for cybersecurity. This interplay ensures that as you plan and implement improvements via SAF, you're guided by the MCRA to cover all security domains in a coherent, integrated way. The result is a well-aligned security strategy (via SAF) and architecture (via MCRA) for modern enterprises.
 
 ## MCRA
 
 The [Microsoft Cybersecurity Reference Architectures (MCRA)](/security/adoption/mcra) describe Microsoft's cybersecurity capabilities and how they integrate with existing security architectures. The MCRA provides:
 
-- **Technical diagrams** showing how Microsoft security capabilities integrate with Microsoft platforms (Microsoft 365 and Azure), third-party applications (ServiceNow, Salesforce), and third-party cloud platforms (AWS, GCP).
+- **Technical diagrams** showing how Microsoft security capabilities integrate with Microsoft platforms (Microsoft 365 and Azure), non-Microsoft applications (ServiceNow, Salesforce), and non-Microsoft cloud platforms (AWS, GCP).
 - **Capability descriptions** with ScreenTips that provide brief explanations and links to documentation when viewing in presentation mode.
 - **Best practice guidance** for implementing security capabilities across your enterprise environment.
 

learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/includes/1-introduction-reference-architecture-benchmark.md

@@ -7,7 +7,7 @@ Microsoft found that using security benchmarks can help you quickly secure cloud
 >[!NOTE]
 >Microsoft cloud security benchmark v2 is currently in preview. This version supersedes Microsoft cloud security benchmark v1.
 
-The [Microsoft cloud security benchmar v2 (MCSB)](/security/benchmark/azure/overview) is a collection of high-impact security recommendations you can use to help secure your cloud services in Azure and other cloud environments like AWS and GCP. It provides a comprehensive security best practice framework with specific configuration settings and guidance that you can monitor across multiple cloud platforms.
+The [Microsoft cloud security benchmark v2 (MCSB)](/security/benchmark/azure/overview) is a collection of high-impact security recommendations you can use to help secure your cloud services in Azure and other cloud environments like AWS and GCP. It provides a comprehensive security best practice framework with specific configuration settings and guidance that you can monitor across multiple cloud platforms.
 
 The **Microsoft cloud security benchmark** provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multicloud environment. This benchmark focuses on cloud-centric security areas with input from an extensive set of holistic Microsoft and industry security frameworks and guidance, including:
 
@@ -24,7 +24,7 @@ As a cybsecurity architect, common use cases for the Microsoft cloud security be
 - Looking to improve security posture of existing cloud deployments to prioritize top risks and mitigations.
 - Using multicloud environments (such as Azure and AWS) and facing challenges in aligning security control monitoring and evaluation using a single pane of glass.
 - Evaluating the security features and capabilities of Azure (and other major cloud platforms, such as AWS) before onboarding or approving a service into the cloud service catalog.
-- Having to meet compliance requirements in highly regulated industries, such as government, finance, and healthcare. These customers need to ensure their service configurations of Azure and other clouds to meet the security specification defined in framework such as CIS, NIST, or PCI. MCSB  provides an efficient approach with the controls already pre-mapped to these industry benchmarks.
+- Having to meet compliance requirements in highly regulated industries, such as government, finance, and healthcare. These customers need to ensure their service configurations of Azure and other clouds to meet the security specification defined in framework such as CIS, NIST, or PCI. MCSB  provides an efficient approach with the controls already premapped to these industry benchmarks.
 
 ## Terminology
 
@@ -49,7 +49,7 @@ The following table summarizes the security domains in MCSB:
 | [Data Protection (DP)](/security/benchmark/azure/mcsb-data-protection) | Data Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key management and certificate management. |
 | [Asset Management (AM)](/security/benchmark/azure/mcsb-asset-management) | Asset Management covers controls to ensure security visibility and governance over your resources. That includes recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct). |
 | [Logging and Threat Detection (LT)](/security/benchmark/azure/mcsb-logging-threat-detection) | Logging and Threat Detection covers controls for detecting threats on cloud, and enabling, collecting, and storing audit logs for cloud services, including enabling detection, investigation, and remediation processes with controls to generate high-quality alerts with native threat detection in cloud services; it also includes collecting logs with a cloud monitoring service, centralizing security analysis with a SIEM, time synchronization, and log retention. |
-| [Incident Response (IR)](/security/benchmark/azure/mcsb-incident-response) | Incident Response covers controls in incident response life cycle - preparation, detection and analysis, containment, and post-incident activities, including using Azure services (such as Microsoft Defender for Cloud and Sentinel) and/or other cloud services to automate the incident response process. |
+| [Incident Response (IR)](/security/benchmark/azure/mcsb-incident-response) | Incident Response covers controls in incident response life cycle - preparation, detection and analysis, containment, and post-incident activities, including using cloud services to automate the incident response process. |
 | [Posture and Vulnerability Management (PV)](/security/benchmark/azure/mcsb-posture-vulnerability-management) | Posture and Vulnerability Management focuses on controls for assessing and improving cloud security posture, including vulnerability scanning, penetration testing and remediation, as well as security configuration tracking, reporting, and correction in cloud resources. |
 | [Endpoint Security (ES)](/security/benchmark/azure/mcsb-endpoint-security) | Endpoint Security covers controls in endpoint detection and response, including use of endpoint detection and response (EDR) and anti-malware service for endpoints in cloud environments. |
 | [Backup and Recovery (BR)](/security/benchmark/azure/mcsb-backup-recovery) | Backup and Recovery cover controls to ensure that data and configuration backups at the different service tiers are performed, validated, and protected. |