Merge pull request #47853 from wwlpublish/e9e5b729bc804a82ecb03327c78b190d3d76b94b86974e236f09737e685bef70-live

 Modules/M07-guided-project-configure-secure-access-workloads

Author: JamesJBarnett

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/1-introduction.yml

@@ -2,14 +2,14 @@
 uid: learn.wwl.guided-project-configure-secure-access-workloads.introduction
 title: Introduction
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
   title: Introduction
   description: "Introduction"
-  ms.date: 03/08/2024
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 3
 content: |
-  [!include[](includes/1-introduction.md)]
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/2-exercise-vnet.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.guided-project-configure-secure-access-workloads.exercise1
-title: Exercise - Provide network isolation and segmentation for the web application
+title: Exercise 01 - Create and configure virtual networks
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
-  title: Exercise - Provide network isolation and segmentation for the web application
-  description: "Exercise - Provide network isolation and segmentation for the web application"
-  ms.date: 03/08/2024
+  title: Exercise 01 - Create and configure virtual networks
+  description: "Create and configure virtual networks"
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 10
 content: |
-  [!include[](includes/2-exercise-vnet.md)]
+  [!include[](includes/2-exercise-vnet.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/3-exercise-security-groups.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.guided-project-configure-secure-access-workloads.exercise2
-title: Exercise - Control the network traffic to and from the web application
+title: Exercise 02 - Create and configure network security groups
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
-  title: Exercise - Control the network traffic to and from the web application
-  description: "Exercise - Control the network traffic to and from the web application"
-  ms.date: 03/08/2024
+  title: Exercise 02 - Create and configure network security groups
+  description: "Create and configure network security groups"
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 15
 content: |
-  [!include[](includes/3-exercise-security-groups.md)]
+  [!include[](includes/3-exercise-security-groups.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/4-exercise-firewall.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.guided-project-configure-secure-access-workloads.exercise3
-title: Exercise - Protect the web application from malicious traffic and block unauthorized access
+title: Exercise 03 - Create and configure Azure Firewall
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
-  title: Exercise - Protect the web application from malicious traffic and block unauthorized access
-  description: "Exercise - Protect the web application from malicious traffic and block unauthorized access"
-  ms.date: 03/08/2024
+  title: Exercise 03 - Create and configure Azure Firewall
+  description: "Create and configure Azure Firewall"
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 30
 content: |
-  [!include[](includes/4-exercise-firewall.md)]
+  [!include[](includes/4-exercise-firewall.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/5-exercise-policy.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.guided-project-configure-secure-access-workloads.exercise4
-title: Exercise - Operationalize and enforce policy to filter traffic
+title: Exercise 04 - Configure network routing
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
-  title: Exercise - Operationalize and enforce policy to filter traffic
-  description: "Exercise - Operationalize and enforce policy to filter traffic"
-  ms.date: 03/08/2024
+  title: Exercise 04 - Configure network routing
+  description: "Configure network routing"
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 15
 content: |
-  [!include[](includes/5-exercise-policy.md)]
+  [!include[](includes/5-exercise-policy.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/6-exercise-domain-names.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.guided-project-configure-secure-access-workloads.exercise5
-title: Exercise - Record and resolve domain names internally
+title: 'Exercise 05 - DNS zones '
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
-  title: Exercise - Record and resolve domain names internally
-  description: "Exercise - Record and resolve domain names internally"
-  ms.date: 03/08/2024
+  title: Exercise 05 - DNS zones
+  description: "DNS zones"
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 15
 content: |
-  [!include[](includes/6-exercise-domain-names.md)]
+  [!include[](includes/6-exercise-domain-names.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/7-knowledge-check.yml

@@ -2,14 +2,14 @@
 uid: learn.wwl.guided-project-configure-secure-access-workloads.knowledge-check
 title: Knowledge check
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
   title: Knowledge check
   description: "Knowledge check"
-  ms.date: 03/08/2024
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 8
 content: |
   [!include[](includes/7-knowledge-check.md)]
@@ -34,7 +34,7 @@ quiz:
       explanation: "Incorrect. Rules are processed according to the specified priority."
     - content: "The deny rule takes precedence."
       isCorrect: true
-      explanation: "Correct. The deny rule takes precedence because it's processed first. The rule with priority 150 is processed before the rule with priority 200."
+      explanation: "Correct. The deny rule takes precedence. The rule with priority 150 is processed before the rule with priority 200."
     - content: "The rule that was created first takes precedence."
       isCorrect: false
       explanation: "Incorrect. Rules are processed according to the specified priority."
@@ -59,4 +59,4 @@ quiz:
       explanation: "Incorrect. A NAT rule can be used to translate and filter inbound internet traffic based on your firewall's public IP address and a specified port number."
     - content: "Application rule"
       isCorrect: true
-      explanation: "Correct. You can use an application rule to filter traffic based on an FQDN address such as server1.database.windows.net."
+      explanation: "Correct. You can use an application rule to filter traffic based on an FQDN address such as server1.database.windows.net."

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/8-summary.yml

@@ -2,14 +2,14 @@
 uid: learn.wwl.guided-project-configure-secure-access-workloads.summary
 title: Summary and resources
 metadata:
-  adobe-target: true
-  prefetch-feature-rollout: true
   title: Summary and resources
   description: "Summary"
-  ms.date: 03/08/2024
+  ms.date: 11/08/2024
   author: wwlpublish
   ms.author: jileary
   ms.topic: unit
+  ms.custom:
+  - N/A
 durationInMinutes: 3
 content: |
-  [!include[](includes/8-summary.md)]
+  [!include[](includes/8-summary.md)]

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/2-exercise-vnet.md

@@ -1,19 +1,27 @@
 ## Scenario 
 
-The IT department needs network isolation and segmentation for the web application. Once the virtual network is created, the next step would be to configure virtual network peering. This peering allows the virtual networks to communicate with each other securely and privately.
+Your organization is migrating a web-based application to Azure. Your first task is to put in place the virtual networks and subnets. You also need to securely peer the virtual networks. You identify these requirements.
 
-To provide network isolation and segmentation for the web application, you create an Azure virtual network and configure subnets and virtual network peering. 
++ Two virtual networks are required, **app-vnet** and **hub-vnet**. 
++ The app-vnet hosts the application. This virtual network requires two subnets. The **frontend** subnet hosts the web servers. The **backend** subnet hosts the database servers.
++ The hub-vnet only requires a subnet for the firewall. 
++ The two virtual networks must be able to communicate with each other securely and privately through virtual network peering. 
++ Both virtual networks should be in the same region. 
 
-### Architecture diagram
+## Skilling Tasks
 
-| Network solution  | Tasks|
-| --- | --- |
-| :::image type="content" source="../media/task-1.png" alt-text="Diagram that shows two virtual networks that are peered." border="true"::: | <ul><li>Create a virtual network. </li><li> Create a subnet. </li><li>Configure virtual network peering. </li></ul> |
++ Create a virtual network. 
++ Create a subnet. 
++ Configure virtual network peering. 
+ 
+## Architecture diagram
+
+:::image type="content" source="../media/task-1.png" alt-text="Diagram that shows two virtual networks that are peered." border="true"::: 
 
 Launch the exercise and follow the instructions. When you're done, be sure to return to this page so you can continue learning.
 
 > [!NOTE]
-> To complete this lab you will need an [Azure subscription](https://azure.microsoft.com/free/).
+> To complete this lab you need an [Azure subscription](https://azure.microsoft.com/free/).
 
 [![Button to launch exercise.](../media/launch-exercise.png)](https://go.microsoft.com/fwlink/?linkid=2261590)
 

learn-pr/wwl-azure/guided-project-configure-secure-access-workloads/includes/3-exercise-security-groups.md

@@ -1,17 +1,28 @@
 ## Scenario
 
-Your organization requires control of the network traffic to and from the web application. To further enhance the security of the web application, network security groups (NSG) and application security groups (ASG) can be configured. NSG is a security layer that filters network traffic to and from Azure resources, while ASG allows grouping of resources to be managed collectively. These security groups provide fine-grained control over the network traffic to and from the web application components.
+Your organization requires the network traffic in the app-vnet to be tightly controlled. You identify these requirements.
++ The frontend subnet has web servers that can be accessed from the internet. An application security group (ASG) is required for those servers. The ASG should be associated with any virtual machine interface that is part of the group. 
++ An NSG rule is required to allow inbound HTTPS traffic to the ASG. This rule uses the TCP protocol on port 443. 
++ The backend subnet has database servers used by the frontend web servers. A network security group (NSG) is required to control this traffic. The NSG should be associated with any virtual machine interface accessed by the web servers. 
++ An NSG rule is required to allow inbound network traffic from the ASG to the backend servers. This rule uses the MS SQL service and port 1443. 
++ A virtual machine should be installed in the frontend subnet (VM1) and the backend subnet (VM2). The IT group has an Azure Resource Manager template to deploy these Ubuntu servers. 
 
-### Architecture diagram
+## Skilling Tasks
 
-| Network solution  | Tasks|
-| --- | --- |
-| :::image type="content" source="../media/task-2.png" alt-text="Diagram that shows one ASG and NSG associated to a virtual network." border="true"::: | <ul><li>Create an NSG. </li><li> Create NSG rules. </li><li> Associate an NSG to a subnet. </li><li> Create and use Application Security Groups in NSG rules. </li></ul> |
++ Create an NSG. 
++ Create NSG rules. 
++ Associate an NSG to a subnet. 
++ Create and use Application Security Groups in NSG rules. 
+
+
+## Architecture diagram
+
+:::image type="content" source="../media/task-2.png" alt-text="Diagram that shows one ASG and NSG associated to a virtual network." border="true":::
 
 
 Launch the exercise and follow the instructions. When you're done, be sure to return to this page so you can continue learning.
 
 > [!NOTE]
-> To complete this lab you will need an [Azure subscription](https://azure.microsoft.com/free/).
+> To complete this lab you need an [Azure subscription](https://azure.microsoft.com/free/).
 
 [![Button to launch exercise.](../media/launch-exercise.png)](https://go.microsoft.com/fwlink/?linkid=2261960)