changed files by pdets auto publish service, publishid[4438bd8f-9b34-45a8-8f1f-a712695c05bf] and do [publish].

wwlpublish · web-flow · commit 033034cc5179 · 2025-04-19T04:05:42.000+08:00
diff --git a/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/3-exercise-work-with-security-defaults.md b/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/3-exercise-work-with-security-defaults.md
@@ -1,6 +1,6 @@
 In this exercise, try enabling security defaults.
 
- **Note**: Security Defaults are enabled on new subscriptions, so you will mainly be reviewing the process.
+ **Note**: Security Defaults are enabled on new subscriptions, so you can review the process of enabling and disabling.
 
 To enable security defaults in your directory:
 
diff --git a/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/4-plan-conditional-access-policies.md b/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/4-plan-conditional-access-policies.md
@@ -6,7 +6,7 @@ Microsoft Entra Conditional Access (CA) analyzes signals, such as user, device,
 
 :::image type="content" source="../media/conditional-access-overview-how-it-works.png" alt-text="Diagram of how Conditional Access works. Centralize identity provider verifies rules before access is granted.":::
 
-Although security defaults ensure a basic level of security, your organization needs more flexibility than security defaults offer. You can use CA to customize security defaults with more granularity and to configure new policies that meet your requirements.
+Although security defaults ensure a basic level of security, your organization needs more flexibility than security defaults offer. You can use CA to customize security defaults with more granularities and to configure new policies that meet your requirements.
 
 ### Benefits
 
@@ -40,7 +40,7 @@ Access tokens enable clients to securely call protected web APIs, and they're us
 
 It’s important to understand how access tokens are issued.
 
-:::image type="content" source="../media/access-policy-token-issuance.png" alt-text="Diagram of the flow of issues an access token for conditional access, and how it is used.":::
+:::image type="content" source="../media/access-policy-token-issuance.png" alt-text="Diagram of the flow of issues an access token for conditional access, and how it's used.":::
 
 > [!NOTE]
 > If no assignment is required, and no CA policy is in effect, the default behavior is to issue an access token.
@@ -109,7 +109,7 @@ The test plan is important to have a comparison between the expected results and
 
 | **Name of policy**              | **Scenario**                                                                         | **Expected result**                                                                                                                                   |
 | ------------------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Require MFA when working        | Authorized user signs into app while on a trusted location / work                    | User is not prompted to MFA. User is authorized for access. User is connecting from a trusted location. You could choose to require MFA in this case. |
+| Require MFA when working        | Authorized user signs into app while on a trusted location / work                    | User isn't prompted to MFA. User is authorized for access. User is connecting from a trusted location. You could choose to require MFA in this case. |
 | Require MFA when working        | Authorized user signs into app while not on a trusted location / work                | User is prompted to MFA and can sign in successfully                                                                                                  |
 | Require MFA (for admin)         | Global Admin signs into app                                                          | Admin is prompted to MFA                                                                                                                              |
 | Risky sign-ins                  | User signs into app using an unapproved browser                                      | User is prompted to MFA                                                                                                                               |
diff --git a/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/8-implement-application-controls.md b/learn-pr/wwl-sci/plan-implement-administer-conditional-access/includes/8-implement-application-controls.md
@@ -2,7 +2,7 @@ Conditional Access App Control enables user app access and sessions to be monito
 
 ## Conditional Access App Control
 
-:::image type="content" source="../media/conditional-access-app-control.png" alt-text="Screenshot of the Use Conditional Access App Control selected in the conditional access wizard.":::
+:::image type="content" source="../media/conditional-access-app-control.png" alt-text="Screenshot of the Conditional Access App Control selected in the conditional access wizard.":::
 
 Conditional Access App Control uses a reverse proxy architecture and is uniquely integrated with Microsoft Entra Conditional Access. Microsoft Entra Conditional Access allows you to enforce access controls on your organization’s apps based on certain conditions. The conditions define who (user or group of users) and what (which cloud apps) and where (which locations and networks) a Conditional Access policy is applied to. After you’ve determined the conditions, you can route users to Microsoft Defender for Cloud Apps where you can protect data with Conditional Access App Control by applying access and session controls.
 
