fix for acrolinx

ceperezb · ceperezb · commit f40cfceb3e57 · 2026-02-05T23:11:09.000-05:00
diff --git a/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/10-summary.yml b/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/10-summary.yml
@@ -1,9 +1,9 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.design-solutions-securing-server-client-endpoints.summary
-title: Summary - Design solutions for securing server and client endpoints
+title: Summary
 metadata:
-  title: Summary - Design solutions for securing server and client endpoints
-  description: "Review what you learned about designing endpoint security solutions and explore additional resources for servers, clients, IoT, OT, security baselines, remote access, and Windows LAPS."
+  title: Summary
+  description: "Summary of Design Solutions for Securing Server and Client Endpoints."
   ms.date: 02/05/2026
   author: ceperezb
   ms.author: ceperezb
diff --git a/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/9-knowledge-check.yml b/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/9-knowledge-check.yml
@@ -45,38 +45,38 @@ quiz:
       choices:
         - content: "Firewall management"
           isCorrect: false
-          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but does not include firewall management."
+          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but doesn't include firewall management."
         - content: "Anti-malware protection"
           isCorrect: true
           explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, including anti-malware protection."
         - content: "Web filtering"
           isCorrect: false
-          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but does not include web filtering."
+          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but doesn't include web filtering."
         - content: "Email filtering"
           isCorrect: false
-          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but does not include email filtering."
+          explanation: "Defender for IoT provides threat protection, vulnerability management, and configuration management for IoT devices, but doesn't include email filtering."
     - content: "What are Windows security baselines in Intune?"
       choices:
         - content: "Templates that define a set of security configurations that can be applied to devices."
           isCorrect: true
           explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, helping to ensure that they meet organizational security requirements."
-        - content: "Windows operating system images that have been pre-configured for security."
+        - content: "Windows operating system images that have been preconfigured for security."
           isCorrect: false
           explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, helping to ensure that they meet organizational security requirements."
         - content: "A set of default security configurations that are applied to all Windows devices in an organization."
           isCorrect: false
-          explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, but they are not applied by default to all Windows devices in an organization."
+          explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, but they aren't applied by default to all Windows devices in an organization."
         - content: "A set of security configurations that are only applicable to Windows servers."
           isCorrect: false
-          explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, but they are not applied by default to all Windows devices in an organization."
+          explanation: "Windows security baselines in Intune are templates that define a set of security configurations that can be applied to devices, but they aren't applied by default to all Windows devices in an organization."
     - content: "What is Microsoft Defender for IoT?"
       choices:
         - content: "An endpoint security solution for Windows devices."
           isCorrect: false
           explanation: "Microsoft Defender for IoT is a cloud-based security solution for Internet of Things (IoT) devices that helps protect against cyber threats."
         - content: "An endpoint security solution for Mac devices."
           isCorrect: false
-          explanation: "Microsoft Defender for IoT is not an endpoint security solution for Mac devices, but rather a cloud-based security solution for Internet of Things (IoT) devices that helps protect against cyber threats."
+          explanation: "Microsoft Defender for IoT isn't an endpoint security solution for Mac devices, but rather a cloud-based security solution for Internet of Things (IoT) devices that helps protect against cyber threats."
         - content: "A cloud-based security solution for Internet of Things (IoT) devices."
           isCorrect: true
           explanation: "Microsoft Defender for IoT is a cloud-based security solution for Internet of Things (IoT) devices that helps protect against cyber threats."
diff --git a/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/2-specify-server-security-requirements.md b/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/2-specify-server-security-requirements.md
@@ -45,9 +45,9 @@ Windows Server environments require specific attention to:
 
 Linux security requirements vary by distribution but should address:
 
-- **SSH hardening**: Require key-based authentication, disable root login, and limit SSH access to specific users or groups
+- **SSH hardening**: Require key-based authentication, disable root sign-in, and limit SSH access to specific users or groups
 - **SELinux or AppArmor**: Specify mandatory access control requirements based on your distribution (SELinux for RHEL-based distributions, AppArmor for Ubuntu/SUSE)
-- **Firewall configuration**: Require firewalld or iptables rules that implement least-privilege network access
+- **Firewall configuration**: Require firewall or iptables rules that implement least-privilege network access
 - **Package management**: Specify approved repositories and require signed packages
 - **File system permissions**: Define requirements for sensitive file permissions and the use of access control lists (ACLs)
 
@@ -57,7 +57,7 @@ Server security requirements vary based on where servers are deployed. Your spec
 
 ### Azure virtual machines
 
-For Azure-hosted servers, leverage platform capabilities in your requirements:
+For Azure-hosted servers, use platform capabilities in your requirements:
 
 - **Microsoft Defender for Servers**: Require either Plan 1 or Plan 2 based on protection needs. Plan 1 provides Defender for Endpoint integration for EDR capabilities. Plan 2 adds agentless scanning, file integrity monitoring, and just-in-time VM access.
 - **Network security groups**: Require NSGs on all subnets with rules that follow least-privilege principles
@@ -91,7 +91,7 @@ Beyond baseline security, specify requirements for active threat protection:
 
 **Vulnerability scanning**: Specify scanning frequency and remediation timelines:
 
-- Critical vulnerabilities: Remediate within 7 days
+- Critical vulnerabilities: Remediate within seven days
 - High vulnerabilities: Remediate within 30 days
 - Medium vulnerabilities: Remediate within 90 days
 
@@ -106,7 +106,7 @@ Your server security requirements must address applicable regulations:
 | Regulation | Key server requirements |
 | --- | --- |
 | **PCI-DSS** | Quarterly vulnerability scans, file integrity monitoring, strong cryptography, audit logging |
-| **HIPAA** | Access controls, audit controls, encryption, automatic logoff |
+| **HIPAA** | Access controls, audit controls, encryption, automatic sign out |
 | **SOC 2** | Logical access controls, system monitoring, change management, encryption |
 | **ISO 27001** | Asset management, access control, cryptography, operations security |
 
diff --git a/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/4-specify-embedded-device-security-requirements.md b/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/4-specify-embedded-device-security-requirements.md
@@ -7,7 +7,7 @@ Security requirements for IoT and embedded systems should begin with threat mode
 Divide your IoT architecture into security zones:
 
 - **Device zone**: Physical devices and their immediate environment
-- **Gateway zone**: Edge devices that aggregate and process data locally
+- **Gateway zone**: Microsoft Edge devices that aggregate and process data locally
 - **Cloud zone**: Cloud-based services for data processing and management
 - **Operations zone**: User interfaces and management systems
 
@@ -36,7 +36,7 @@ Strong device identity forms the foundation of IoT security. Unlike user authent
 - Track device health, patch status, and security state
 - Enable query-based grouping for scaled operations and access control
 
-For legacy devices that cannot support strong identity, require IoT gateways to act as guardians. The gateway authenticates to cloud services on behalf of less-capable devices while enforcing security policies locally.
+For legacy devices that can't support strong identity, require IoT gateways to act as guardians. The gateway authenticates to cloud services on behalf of less-capable devices while enforcing security policies locally.
 
 ## Define network security requirements
 
@@ -64,7 +64,7 @@ For operational technology (OT) environments, require alignment with the Purdue
 
 ## Specify threat detection and monitoring
 
-Continuous monitoring is essential for detecting threats in IoT environments, particularly for legacy devices that cannot run security agents.
+Continuous monitoring is essential for detecting threats in IoT environments, particularly for legacy devices that can't run security agents.
 
 **Network-based detection**: Require agentless network sensors that:
 
@@ -90,7 +90,7 @@ Microsoft Defender for IoT provides these capabilities through OT network sensor
 
 ## Define update management requirements
 
-Devices that cannot receive security updates become permanent vulnerabilities. Specify update mechanisms that support the full device lifecycle.
+Devices that can't receive security updates become permanent vulnerabilities. Specify update mechanisms that support the full device lifecycle.
 
 **Update capabilities**: Require devices to support:
 
@@ -108,7 +108,7 @@ Devices that cannot receive security updates become permanent vulnerabilities. S
 
 - Supported device lifetime with committed security updates
 - Decommissioning procedures for devices reaching end of support
-- Replacement timelines for devices that cannot be updated
+- Replacement timelines for devices that can't be updated
 
 ## Apply zero-trust principles
 
@@ -142,7 +142,7 @@ Zero-trust architecture assumes breach and requires verification for every acces
 
 When specifying IoT and embedded security requirements, consider:
 
-**Device constraints**: Many IoT devices have limited processing power, memory, and storage. Requirements must account for devices that cannot run full security agents or support complex cryptographic operations.
+**Device constraints**: Many IoT devices have limited processing power, memory, and storage. Requirements must account for devices that can't run full security agents or support complex cryptographic operations.
 
 **Operational continuity**: Industrial and OT environments prioritize availability. Security controls must not disrupt critical processes. Plan for maintenance windows and gradual rollouts.
 
diff --git a/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/5-design-solution-securing-operational-technology-industrial-control-systems.md b/learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/5-design-solution-securing-operational-technology-industrial-control-systems.md
@@ -1,4 +1,4 @@
-Security architects evaluating solutions for operational technology (OT) and industrial control systems (ICS) face unique challenges. Traditional security tools designed for IT environments often cannot monitor specialized industrial protocols or deploy agents on embedded controllers. Microsoft Defender for IoT addresses these challenges through agentless network monitoring purpose-built for OT environments.
+Security architects evaluating solutions for operational technology (OT) and industrial control systems (ICS) face unique challenges. Traditional security tools designed for IT environments often can't monitor specialized industrial protocols or deploy agents on embedded controllers. Microsoft Defender for IoT addresses these challenges through agentless network monitoring purpose-built for OT environments.
 
 ## Evaluate the solution architecture
 
@@ -14,7 +14,7 @@ Defender for IoT uses a distributed architecture with network sensors deployed a
 
 **Sensor capabilities**: OT sensors perform deep packet inspection across 100+ industrial protocols including Modbus, OPC-UA, BACnet, DNP3, and proprietary SCADA protocols. The sensors use machine learning to establish behavioral baselines and detect anomalies without requiring signatures for every threat variant.
 
-**Agentless monitoring**: Evaluate whether agentless monitoring addresses your security requirements. Defender for IoT monitors traffic passively—it requires no agents on endpoints, no changes to device configurations, and no impact on production systems. This approach is essential for environments with legacy programmable logic controllers (PLCs), remote terminal units (RTUs), and embedded controllers that cannot support endpoint agents.
+**Agentless monitoring**: Evaluate whether agentless monitoring addresses your security requirements. Defender for IoT monitors traffic passively—it requires no agents on endpoints, no changes to device configurations, and no impact on production systems. This approach is essential for environments with legacy programmable logic controllers (PLCs), remote terminal units (RTUs), and embedded controllers that can't support endpoint agents.
 
 ## Assess deployment model options
 
@@ -150,6 +150,6 @@ When evaluating Defender for IoT for your organization, consider:
 
 **Change management**: Plan for initial learning mode where sensors establish baselines. Alert tuning reduces false positives after deployment.
 
-**Operational impact**: Validate that passive monitoring does not introduce latency or affect deterministic behavior of control systems.
+**Operational impact**: Validate that passive monitoring doesn't introduce latency or affect deterministic behavior of control systems.
 
 **Licensing**: Defender for IoT licenses based on committed devices. Plan capacity based on expected device count across all sites.
