new unit updates for CA agent

ceperezb · ceperezb · commit 16ec144c8bc7 · 2025-06-27T17:02:34.000-04:00
diff --git a/learn-pr/wwl-sci/security-copilot-describe-agents/includes/4a-explore-conditional-access-optimization-agent.md b/learn-pr/wwl-sci/security-copilot-describe-agents/includes/4a-explore-conditional-access-optimization-agent.md
@@ -1,10 +1,6 @@
 
-
-
 In this exercise, you explore key capabilities of the Microsoft Security Copilot Conditional Access optimization agent that is embedded in Microsoft Entra.
 
-**As you explore, keep in mind that unless otherwise stated, the information displayed and the configuration settings are for the currently logged in Security Administrator**.
-
 > [!NOTE]
 > The environment for this exercise is a simulation generated from the product. As a limited simulation, not all links on a page are enabled and text-based inputs that fall outside of the specified script aren't supported. A pop-up stating, "This feature isn't available within the simulation" message displays. When you receive this message, select OK and continue the exercise steps.
 >
@@ -13,26 +9,20 @@ In this exercise, you explore key capabilities of the Microsoft Security Copilot
 
 ### Exercise
 
-For this exercise, you're logged in as Avery Howard and have the Copilot owner role (security administrator role in Microsoft Entra) for the active workspace, SecurityCopilot_Workspace where you explore the key capabilities of the Microsoft Security Copilot Conditional Access optimization agent.
+For this exercise, you're logged in as Avery Howard and have the Copilot owner role (security administrator role in Microsoft Entra) where you explore the key capabilities of the Microsoft Security Copilot Conditional Access optimization agent. As you explore, keep in mind that the information displayed and the configuration settings are based on the Copilot owner (security administrator) role of Avery Howard.
 
 This exercise should take approximately **10** minutes to complete.
 
 > [!NOTE]
 > When a lab instruction calls for opening a link to the simulated environment, it's recommended that you open the link in a new browser window so that you can simultaneously view the instructions and the exercise environment. To do so, select the right mouse key and select the option.
 
-1. Open the simulated environment by selecting  [Microsoft Entra admin center](https://app.highlights.guide/start/673ccf96-b6de-43aa-b267-5c8efe51639c?token=16d48b6c-eace-4a1f-8050-098d29d23a89&azure-portal=true).
- 
+#### Task: Exploring the Conditional Access Agent
 
+1. Open the simulated environment by selecting  [Microsoft Entra admin center](https://app.highlights.guide/start/673ccf96-b6de-43aa-b267-5c8efe51639c?token=16d48b6c-eace-4a1f-8050-098d29d23a89&azure-portal=true).
 
-### Option-1:
-1. Select the "free 60 day trial" button.
-1. Select **View Details** on the page:
- 
-### Option-2:
-1.	Open the **Conditional Access** item in the left-side menu.
-2.	On the **Overview** tab, select **Conditional Access Optimization Agent**.
- 
-### Exploring the Conditional Access Agent
+1. There are two ways to access the agent:
+    1. From the left navigation panel, select **Conditional Access** then from the **Overview** tab, select **Conditional Access Optimization Agent**.
+    1. From the main landing page of the Microsoft Entra admin center, select **Go to agents** then from the Security Copilot agents page, select **View details**.
 
 1. Review the **Overview** tab.
 
@@ -50,56 +40,42 @@ This exercise should take approximately **10** minutes to complete.
       1. User drift – new users were found, or user rights changed that leave them unprotected by policy.
       1. Policy merge – places where two or more policies could be merged to provide the same result, with easier management.
 
-1. Select the breadcrumb **Conditional Access Optimization Agent** to return to the Overview page.
+1. From the breadcrumb, select **Conditional Access Optimization Agent** to return to the **Overview** page.
 
-1. Select the Activities tab in the top menu. Review the history of when the Conditional Access Optimization agent ran and the results.
-
-1. Select several different **View activity** buttons to see the progression of the Conditional Access Optimization agent as it runs each 24-hour period.
-
-1. Open the second item on the list. Notice, four new applications were found, and recommended policy changes over time.
-
-1. Use the breadcrumbs to return to the Overview page.
+1. Select the **Activities** tab in the top menu. The list shows when the agent ran, the duration of the run, the number of suggestions offer, and status. You can also view the activity map for each completed run.
+    1. Select **View activity** to view the activity map for that run.
+    1. Close the activity map by selecting **X**.
 
 1. Select the **Suggestions** from the tab menu.
+    1. Select the **Review suggestion** button for the first item on the list, "Add 2 users to existing policy: CA99 - Mitigate Risk Users with Password Reset."
+    1. A panel opens to the **Policy details** tab that provides more information on the selected suggestion. The policy wants to add two users to CA99 – Mitigate Risk Users with Password Reset policy.
+    1. Select the **Policy impact** tab at the top of the page to see a graph of this policy change over time.
+    1. Switch back to the **Policy details** tab, then select the **Review policy changes** to see the proposed changes.
+    1. Select the **JSON view** tab to view the JSON updates that would be applied if the suggestions were approved. The changes are highlighted.
+    1. Close this page by selecting the **X** on the top-right corner of the page to return to the Suggestions page.
 
-1. Explore the suggestion history. You have one item for each day the agent ran.
-
-1. Select the **Review suggestion** button for the first item.
+1. Select the **Settings** tab to view information on agent settings.
 
-1. Notice, the policy wants to add two users to an existing Conditional Access policy. The goal is to add users to CA99 – Mitigate Risk Users with Password Reset policy.
+1. Select the **X** in the upper right of the screen to return the Security Copilots agents page that shows the tile for the Conditional Access agent.
 
-1. Select the **Policy impact** tab at the top of the page to see a graph of this policy change over time.
+1. Keep the browser tab open, you need it for the next task.
 
-1. Switch back to the **Policy details** tab, then select the **Review policy changes** to see the proposed changes and the JSON update to be made.
+#### Task: Explore Conditional Access Optimization Agents in CA-Policies
 
-1. Use the browser **Back** button to return to the **Overview** page.
+1. From the left navigational panel on the Microsoft Entra admin center page, select **Conditional Access** then select **Policies**.
 
-1. Select **Suggestions** from the menu.
-
-1. Select the **X** in the upper right of the screen to close the dialog.
-
-### Explore Conditional Access Optimization Agents in CA-Policies 
-
-1. Open Conditional Access from the menu on the left.
-
-1. Select **Policies** from the Conditional Access menu.
-
-1. Review the list of policies, you should see three types:
+1. Review the list of policies, you should see three types (you'll need to scroll-down on the page to view all the types of policies):
 
    1. Microsoft – global policies sent out by Microsoft, like require MFA.
    1. User – conditional access policies created by an authorized user in your organization.
    1. Conditional Access Optimization Agent – Report Only policies created by the agent for your review. You can choose to apply them depending on business and security goals.
 
-1. Scroll down the list to find the CA99 policy we reviewed earlier.
- 
-1. Select the **New agent suggestion** item.
+1. Scroll down the list to find the "CA99 - Mitigate Risk Users with Password Reset" policy we reviewed earlier and from that line item, select **New agent suggestion**.
+    1. This time, the information listed includes multiple suggestions. On four occasions the Conditional Access Optimization agent found new users that aren't in scope of a policy requiring a password change for high risk uses, and has an **Apply suggestion** for each.
+    1. Select the **Apply suggestion** button for one or more of these suggestions to have the agent apply the change to the policy.
 
-1. On four occasions the Conditional Access Optimization agent found new user, and has an **Apply suggestion** for each.
-
-1. Read over the description of what the suggestion is going to do.
-
-1. Select the **Apply suggestion** button.
+1. Exit Microsoft Entra to finish the simulation.
 
-    **Result** – The agent, monitors your users each day and found users that weren't protected by Risky User policies. It suggested you update your policy to include the new users, and provided you with a button to make the change. In one button you added protection for the users.
+#### Review
 
-1. Exit Microsoft Entra to finish the simulation.
+In this exercise, you explored the Conditional Access Optimization agent. This agent scans your tenant for new users and applications and determines if Conditional Access policies are applicable, suggests updates to applicable policies, and enables quick remediation through the "Apply suggestions" option. By selecting the "Apply suggestions" button, you add protection for the impacted users and improve security for your organization.
