Merge pull request #53963 from ceperezb/CEPEREZB-sc900-explore-access-management

module update

Author: Carolyn135

learn-pr/wwl-sci/explore-access-management-capabilities/1-introduction.yml

@@ -1,13 +1,13 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: "Introduction to access management with Microsoft Entra"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-durationInMinutes: 1
-content: |
-  [!include[](includes/1-introduction.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction to access management with Microsoft Entra"
+  ms.date: 03/24/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-sci/explore-access-management-capabilities/2-describe-conditional-access-azure-ad.yml

@@ -1,13 +1,13 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-conditional-access-its-benefits
-title: Describe Conditional Access
-metadata:
-  title: Describe Conditional Access
-  description: "Describe Conditional Access"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-durationInMinutes: 6
-content: |
-  [!include[](includes/2-describe-conditional-access-azure-ad.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-conditional-access-its-benefits
+title: Describe Conditional Access
+metadata:
+  title: Describe Conditional Access
+  description: "Describe Conditional Access"
+  ms.date: 03/24/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 7
+content: |
+  [!include[](includes/2-describe-conditional-access-azure-ad.md)]

learn-pr/wwl-sci/explore-access-management-capabilities/2a-describe-global-secure-access.yml

@@ -1,13 +1,13 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-global-secure-access
-title: Describe Global Secure Access in Microsoft Entra
-metadata:
-  title: Describe Global Secure Access in Microsoft Entra
-  description: "Describe Global Secure Access in Microsoft Entra"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-durationInMinutes: 9
-content: |
-  [!include[](includes/2a-describe-global-secure-access.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-global-secure-access
+title: Describe Global Secure Access in Microsoft Entra
+metadata:
+  title: Describe Global Secure Access in Microsoft Entra
+  description: "Describe Global Secure Access in Microsoft Entra"
+  ms.date: 03/24/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 6
+content: |
+  [!include[](includes/2a-describe-global-secure-access.md)]

learn-pr/wwl-sci/explore-access-management-capabilities/3-describe-azure-role-based-access-control.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-azure-role-based-access-control-rbac
-title: Describe Microsoft Entra roles and role-based access control (RBAC)
-metadata:
-  title: Describe Microsoft Entra roles and role-based access control (RBAC)
-  description: "Describe Microsoft Entra roles and role-based access control (RBAC)"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-  ms.custom: sfi-ga-nochange
-durationInMinutes: 7
-content: |
-  [!include[](includes/3-describe-azure-role-based-access-control.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.describe-azure-role-based-access-control-rbac
+title: Describe Microsoft Entra roles and role-based access control (RBAC)
+metadata:
+  title: Describe Microsoft Entra roles and role-based access control (RBAC)
+  description: "Describe Microsoft Entra roles and role-based access control (RBAC)"
+  ms.date: 03/24/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+  ms.custom: sfi-ga-nochange
+durationInMinutes: 8
+content: |
+  [!include[](includes/3-describe-azure-role-based-access-control.md)]

learn-pr/wwl-sci/explore-access-management-capabilities/4-knowledge-check.yml

@@ -2,11 +2,9 @@
 uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.knowledge-check
 title: Module assessment
 metadata:
-  hidden_question_numbers: ["2928D6EB_10","2928D6EB_14","2928D6EB_18","2928D6EB_79","2928D6EB_104"]
-  ai_generated_module_assessment: true
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 08/02/2024
+  ms.date: 03/24/2026
   author: wwlpublish
   ms.author: ceperezb
   ms.topic: unit
@@ -64,5 +62,17 @@ quiz:
       explanation: "That's incorrect. VPN is a method of network access, not a feature of Microsoft Entra Private Access that allows for granular control of access policies."
     - content: "Global Secure Access app"
       isCorrect: true
-      explanation: "That's correct. The Global Secure Access app, also referred to as Per-app Access, provides a more granular approach. The admin can create multiple enterprise apps and for each of these aps, assign users and groups and assign specific conditional access policies."
+      explanation: "That's correct. The Global Secure Access app, also referred to as Per-app Access, provides a more granular approach. The admin can create multiple enterprise apps and for each of these apps, assign users, and groups and assign specific Conditional Access policies."
+  
+  - content: "An organization wants to ensure that only phishing-resistant authentication methods are used to access a highly sensitive application. Which Conditional Access grant control should they use?"
+    choices:
+    - content: "Require authentication strength"
+      isCorrect: true
+      explanation: "Correct. Authentication strength is a Conditional Access grant control that specifies which combinations of authentication methods can be used. The built-in phishing-resistant MFA strength restricts access to methods like Windows Hello for Business, FIDO2 security keys, and certificate-based authentication."
+    - content: "Require multifactor authentication"
+      isCorrect: false
+      explanation: "Incorrect. The required multifactor authentication control accepts any MFA method, including less secure methods like Short Message Service (SMS). Authentication strength provides the granular control needed to restrict to phishing-resistant methods only."
+    - content: "Session controls"
+      isCorrect: false
+      explanation: "Incorrect. Session controls limit the user experience within cloud applications, such as blocking downloads. They don't control which authentication methods are used."
 

learn-pr/wwl-sci/explore-access-management-capabilities/5-summary-resources.yml

@@ -1,13 +1,13 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.summary-resources
-title: Summary & resources
-metadata:
-  title: Summary & resources
-  description: "Summary & resources"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-durationInMinutes: 1
-content: |
-  [!include[](includes/5-summary-resources.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-access-management-capabilities-of-azure-ad.summary-resources
+title: Summary & resources
+metadata:
+  title: Summary & resources
+  description: "Summary & resources"
+  ms.date: 03/24/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/5-summary-resources.md)]

learn-pr/wwl-sci/explore-access-management-capabilities/includes/1-introduction.md

@@ -1,7 +1,7 @@
 
-The security perimeter has shifted away from organizational boundaries to user, device, and service identities. Also, applications and data are moving to the cloud. These shifts require more secure and granular access control solutions.
+The security perimeter has shifted away from organizational boundaries to user, device, and service identities. Applications and data are moving to the cloud, and AI-powered tools are expanding how users interact with organizational resources. These shifts require more secure and granular access control solutions.
 
-This module introduces you to Conditional Access, Microsoft's Zero Trust policy engine that takes signals from various sources into account when enforcing policy decisions. You learn about Global Secure Access, Microsoft's Security Service Edge solution, which combines the identity controls you have with Conditional Access together with network controls to provide advanced protections for your internet-based resources and resources running in your private cloud or on-premises infrastructure. You also learn about Microsoft Entra roles and role-based access control, which are key to implementing least privilege access, a guiding principle of a Zero Trust strategy security.
+In this module, you learn about Conditional Access, Microsoft's Zero Trust policy engine that evaluates signals from various sources to enforce access decisions. You learn about authentication strengths, which allow administrators to require specific authentication methods for sensitive resources, and how Conditional Access can protect AI services. You also learn about Global Secure Access, Microsoft's Security Service Edge solution that combines identity and network controls to secure access to internet, SaaS, and private corporate resources. Finally, you learn about Microsoft Entra roles and role-based access control, which are key to implementing least privilege access.
 
 In this module, you learn how to: