pull base content,head:MicrosoftDocs:main,into:wwlpublishsync

Author: wwlpublish

.openpublishing.redirection.json

@@ -0,0 +1,37 @@
+### YamlMime:LearningPath
+uid: learn.wwl.ai-workloads-governance
+metadata:
+  title: AI workload governance and DLP
+  description: Master the art of safeguarding sensitive data and enforcing governance for AI workloads on Azure. This learning path is crafted for IT and security professionals tasked with maintaining data protection and compliance in AI environments. Discover how to prevent data exfiltration and apply governance policies that ensure consistent, secure AI deployments. Learn to combine technical controls with strategic oversight to create resilient, policy-driven AI architectures that align with organizational and regulatory standards. 
+  ms.date: 07/08/2025
+  author: vrapolinario
+  ms.author: viniap
+  ms.topic: learning-path
+title: AI workload governance and DLP
+prerequisites: |
+  - Experience navigating the Azure portal 
+  - Familiarity with Microsoft Azure Networking 
+  - Basic AI knowledge and familiarity with AI services on Azure 
+summary: |
+  AI workloads require not just performance—but precision in governance and data protection. This learning path guides Cloud Administrators through the essentials of data loss prevention (DLP) and AI policy governance in Azure. You’ll explore techniques to restrict data movement and enforce guardrails using Azure Policy. By the end of these modules, you'll be equipped to implement robust governance strategies that protect sensitive information and ensure responsible use of AI at scale. 
+iconUrl: /training/achievements/generic-trophy.svg
+levels:
+- intermediate
+roles:
+- administrator 
+- auditor 
+- devops-engineer 
+- identity-access-admin 
+- privacy-manager 
+- security-engineer 
+- security-operations-analyst 
+- solution-architect 
+- support-engineer
+products:
+- ai-services
+- azure-machine-learning
+modules:
+- learn.prevent-data-exfiltration-azure-ai-workloads
+- learn.govern-ai-services-azure-policy
+trophy:
+  uid: learn.wwl.ai-workloads-governance.trophy

learn-pr/paths/ai-workloads-governance/index.yml

@@ -0,0 +1,37 @@
+### YamlMime:LearningPath
+uid: learn.wwl.manage-network-access-ai-workloads
+metadata:
+  title: Manage Network Access for AI workloads
+  description: Strengthen your command over securing network access for AI workloads in Azure. This learning path is tailored for Cloud Administrators and IT professionals looking to enforce precise access controls and ensure isolation of sensitive AI resources. Learn how to implement private endpoints, configure virtual networks, and restrict exposure of Azure AI services and Azure Machine Learning workspaces. Whether you're designing robust hybrid networks or hardening cloud-native architectures, this path empowers you with practical skills to safeguard your AI infrastructure in today's security-first digital landscape. 
+  ms.date: 07/08/2025
+  author: vrapolinario
+  ms.author: viniap
+  ms.topic: learning-path
+title: Manage Network Access for AI workloads
+prerequisites: |
+  - Experience navigating the Azure portal 
+  - Familiarity with Microsoft Azure Networking 
+  - Basic AI knowledge and familiarity with AI services on Azure 
+summary: |
+  Managing AI workloads requires more than just compute and storage—it demands secure and well-architected network access. This learning path equips you with the knowledge to configure virtual network integration, secure access to Azure AI endpoints, and implement network-layer security controls. By the end of these modules, you'll be prepared to design and deploy AI solutions with confidence, minimizing exposure and maximizing control over your networked environments. 
+iconUrl: /training/achievements/generic-trophy.svg
+levels:
+- intermediate
+roles:
+- administrator
+- auditor 
+- devops-engineer 
+- identity-access-admin 
+- privacy-manager 
+- security-engineer 
+- security-operations-analyst 
+- solution-architect 
+- support-engineer
+products:
+- ai-services
+- azure-machine-learning
+modules:
+- learn.wwl.secure-ai-services
+- learn.restrict-azure-machine-learning-network-traffic
+trophy:
+  uid: learn.wwl.manage-network-access-ai-workloads.trophy

learn-pr/paths/manage-network-access-ai-workloads/index.yml

@@ -1,5 +1,7 @@
 [Governance](/azure/cloud-adoption-framework/govern/guides/) provides mechanisms and processes to maintain control over your applications and resources in Azure. Governance involves determining your requirements, planning your initiatives, and setting strategic priorities.
 
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=e01e84ad-b8e8-4bdf-bee9-77935d19814a]
+
 To effectively apply your governance strategies, you must first create a hierarchical structure for your organizational environment. This structure lets you apply governance strategies exactly where they're needed. The governance strategies we cover in this module are Azure policy and resource tags. 
 
 :::image type="content" source="../media/governance-strategies.png" alt-text="Diagram of the Azure hierarchy that shows the tenant root group, management groups, subscriptions, resource groups, and resources." border="false":::
@@ -15,4 +17,4 @@ A typical Azure hierarchy has four levels: management groups, subscriptions, res
 - **Resources** are instances of services that you create. For example, virtual machines, storage, and SQL databases.
 
 > [!NOTE]
-> The **tenant root group** contains all the management groups and subscriptions. This group allows global policies and Azure role assignments to be applied at the directory level.
+> The **tenant root group** contains all the management groups and subscriptions. This group allows global policies and Azure role assignments to be applied at the directory level.

learn-pr/wwl-azure/design-governance/includes/2-design-for-governance.md

@@ -1,5 +1,7 @@
 Azure Subscriptions are logical containers that serve as units of management and scale and billing boundaries. Limits and quotas can be applied, and each organization can use subscriptions to manage costs and resources by group.​ 
 
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=0261a4cd-5b40-4b47-8d20-6582443cac14]
+
 ### Things to know about subscriptions
 
 To use Azure, you must have an Azure subscription. A subscription provides you with a logical container to create and pay for Azure products and services. There are [several types of subscriptions](https://azure.microsoft.com/support/legal/offer-details/), such as Enterprise Agreement and Pay-As-You-Go. 

learn-pr/wwl-azure/design-governance/includes/4-design-for-subscriptions.md

@@ -1,7 +1,9 @@
 [Resource tags](/azure/azure-resource-manager/management/tag-resources?tabs=json) are another way to organize resources. Tags provide extra information, or metadata, about your resources. 
 
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=670885a7-e1ed-43af-b32e-6052dbd6e7a4]
+
 > [!TIP]
-> Before you start a resource tagging project, ask yourself what you want to accomplish. Will reporting or billing use tags? Can you use the tags to enable more effective searching for Tailwind Traders? Will automated scripts use tags? Be sure to clearly define your goals. 
+> Before you start a resource tagging project, ask yourself what you want to accomplish. Can you use the tags to enable more effective searching for Tailwind Traders? Do automated scripts use tags? Be sure to clearly define your goals. 
 
 ### Things to know about resource tags
 
@@ -13,15 +15,15 @@ As you plan the governance strategy for Tailwind Traders, consider these charact
 
 - Resource tags can be added, modified, and deleted. These actions can be done with PowerShell, the Azure CLI, Azure Resource Manager (ARM) templates, the REST API, or the Azure portal.
 
-- [Tags can be applied](/azure/azure-resource-manager/management/tag-resources) to a resource group. However, tags applied to a resource group aren't inherited by the resources in the group.
+- [Tags can be applied](/azure/azure-resource-manager/management/tag-resources) to a resource group. However, tags applied to a resource group aren't inherited.
 
 ### Things to consider when creating resource tags
 
 You created the organizational hierarchy for Tailwind Traders. Now you need to determine which resource tags to apply. 
 
 :::image type="content" source="../media/resource-tags.png" alt-text="Diagram that shows an example hierarchy of resource tags." border="false":::
 
-- **Consider your organization's taxonomy**. Align your resource tags with accepted department nomenclature to make it easier to understand. Are there recognized terms for compliance or cost reporting for the Tailwind Traders organization? Add tags for office locations, confidentiality levels, or other defined policies.
+- **Consider your organization's taxonomy**. Align your resource tags with accepted department nomenclature. Are there recognized terms for compliance or cost reporting for the Tailwind Traders organization? Add tags for office locations, confidentiality levels, or other defined policies.
 
 - **Consider whether you need IT-aligned or business-aligned tagging**. Implement IT-aligned tagging or business-aligned tagging, or a combination of these approaches to be most effective.
 
@@ -40,7 +42,7 @@ You created the organizational hierarchy for Tailwind Traders. Now you need to d
    | Tag type | Description |  Example name-value pairs |
    | --- | --- | --- |
    | **Functional** | Functional tags categorize resources according to their purpose within a workload. This tag shows the deployed environment for a resource, or other functionality and operational details. | - `app = catalogsearch1` <br> - `tier = web` <br> - `webserver = apache` <br> - `env = production, dev, staging` |
-   | **Classification** | Classification tags identify a resource by how it's used and what policies apply to it. | - `confidentiality = private` <br> - `SLA = 24hours` |
+   | **Classification** | Classification tags identify resource usage. | - `confidentiality = private` <br> - `SLA = 24hours` |
    | **Accounting** | Accounting tags allow a resource to be associated with specific groups within an organization for billing purposes. | - `department = finance` <br> - `program = business-initiative` <br> - `region = northamerica` | 
    | **Partnership** | Partnership tags provide information about the people (other than IT members) who are associated with a resource, or otherwise affected by the resource. | - `owner = jsmith` <br> - `contactalias = catsearchowners` <br> - `stakeholders = user1;user2;user3` |
    | **Purpose** | Purpose tags align resources to business functions to better support investment decisions. | - `businessprocess = support` <br> - `businessimpact = moderate` <br> - `revenueimpact = high` | 
@@ -52,4 +54,4 @@ You created the organizational hierarchy for Tailwind Traders. Now you need to d
 - **Consider which resources require tagging**. Keep in mind that you don't need to enforce that a specific tag is present on all Tailwind Traders resources. You might decide that only mission-critical resources have the `Impact` tag. All nontagged resources would then not be considered as mission critical.
 
 > [!NOTE]
-> To implement an effective resource tagging structure, be sure to seek input from the different stakeholders in your organization. 
+> To implement an effective resource tagging structure, be sure to seek input from the different stakeholders in your organization. 

learn-pr/wwl-azure/design-governance/includes/6-design-for-resource-tags.md

@@ -1,5 +1,8 @@
 [Azure Policy](https://azure.microsoft.com/services/azure-policy) is a service in Azure that enables you to create, assign, and manage policies to control or audit your resources. These policies enforce different rules over your resource configurations so the configurations stay compliant with corporate standards.
 
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=f76c5590-f75a-430d-ab4b-0b1e72d14b19]
+
+
 ### Things to know about Azure Policy
 
 As you plan the governance strategy for Tailwind Traders, consider these characteristics of Azure Policy:

learn-pr/wwl-azure/design-governance/includes/7-design-for-azure-policy.md

@@ -1,6 +1,6 @@
 [Azure RBAC](/azure/role-based-access-control/overview) allows you to grant access to Azure resources that you control. Azure RBAC evaluates each request for access and determines if access should be blocked, not allowed, or allowed. 
 
-:::image type="content" source="../media/role-based-access-control-flowchart.png" alt-text="Diagram of an RBAC decision tree that shows the flow from no access to access allowed." border="false":::
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=1c0458bb-8548-4e8d-8443-f1edc02e5adf]
  
 RBAC is an allow model. An _allow model_ means when a user is assigned a specific role, Azure RBAC allows the user to perform the actions associated with that role. A role assignment could grant a user read permissions to a resource group. To have write permissions, the role would need to explicitly allow write access. 
 

learn-pr/wwl-azure/design-governance/includes/8-design-for-role-based-access-control.md

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-update-maintain-resources.introduction
+title: Introduction
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Introduction
+  description: "Introduction"
+  ms.date: 07/09/2025
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/guided-project-update-maintain-resources/1-introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-update-maintain-resources.prepare
+title: Prepare
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Prepare
+  description: "Prepare"
+  ms.date: 07/09/2025
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/2-prepare.md)]