retire permissions management

Author: ceperezb

learn-pr/wwl-sci/.openpublishing.redirection.wwl-sci.json

@@ -311,6 +311,16 @@
       {
         "source_path_from_root": "/learn-pr/paths/purview-implement-manage-dlp-retention/index.yml",
         "redirect_url": "/training/paths/purview-implement-manage-dlp/"
-      } 
+      }, 
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/design-solutions-secure-privileged-access/5-design-solution-cloud-infrastructure-entitlement-management.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/design-solutions-secure-privileged-access/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/5a-describe-entra-permissions-management.yml",
+        "redirect_url": "https://learn.microsoft.com/training/paths/describe-capabilities-of-microsoft-identity-access/",
+        "redirect_document_id": false
+      }
     ]
 }

learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/5a-describe-entra-permissions-management.yml

@@ -1,76 +1,64 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.describe-identity-protection-governance-capabilities-of-azure-ad.knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: "Knowledge check"
-  ms.date: 08/02/2024
-  author: wwlpublish
-  ms.author: ceperezb
-  ms.topic: unit
-durationInMinutes: 3
-content: |
-  [!include[](includes/6-knowledge-check.md)]
-quiz:
-  title: "Check your knowledge"
-  questions:
-  - content: "Your organization has implemented important changes in their customer facing web-based applications. You want to ensure that any user who wishes to access these applications agrees to the legal disclaimers. Which Microsoft Entra feature should you implement?"
-    choices:
-    - content: "Entitlement management."
-      isCorrect: false
-      explanation: "Incorrect. Entitlement management automates access request workflows, access assignments, reviews, and expiration but doesn't address the business requirement for users to agree to terms of use."
-    - content: "Microsoft Entra Terms of Use."
-      isCorrect: true
-      explanation: "Correct. Microsoft Entra Terms of Use presents information to users before they access data and can be configured to require users to accept the terms of use."
-    - content: "Identity Protection."
-      isCorrect: false
-      explanation: "Incorrect. Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats."
-  
-  - content: "An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization’s resources?"
-    choices:
-    - content: "Microsoft Entra Terms of Use."
-      isCorrect: false
-      explanation: "Incorrect. Microsoft Entra Terms of Use presents information to users before they access data but doesn't manage access rights."
-    - content: "Identity Protection."
-      isCorrect: false
-      explanation: "Incorrect. Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats."
-    - content: "Entitlement management."
-      isCorrect: true
-      explanation: "Correct. Entitlement management is well suited to handling project-based access needs. Entitlement management automates access requests, access assignments, reviews, and expiration for bundles of resources relevant to a project."
-  
-  - content: "An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles. The users have now been deleted but the IT organization has been asked to recommend a solution to prevent a similar security lapse happening in future. Which solution should they recommend?"
-    choices:
-    - content: "Entitlement management."
-      isCorrect: false
-      explanation: "Incorrect. Entitlement management automates access request workflows, access assignments, reviews, and expiration but doesn't prevent users who have left the organization retaining access rights."
-    - content: "Privileged Identity Management."
-      isCorrect: true
-      explanation: "Correct. Privileged Identity Management mitigates the risks of excessive, unnecessary, or misused access permissions."
-    - content: "Identity Protection."
-      isCorrect: false
-      explanation: "Incorrect. Identity Protection allows you to detect identity-based risk but doesn't mitigate the risk of inappropriate privileges being assigned to users who have left the organization."
-  
-  - content: "Your IT organization recently discovered that several user accounts in the finance department have been compromised. The CTO has asked for a solution to reduce the impact of compromised user accounts. The IT admin team is looking into Microsoft Entra features. Which one should they recommend?"
-    choices:
-    - content: "Identity Protection."
-      isCorrect: true
-      explanation: "Correct. Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. This includes user risk, the probability that a given identity or account is compromised, and sign-in risk, the probability that a given authentication request isn't authorized by the identity owner."
-    - content: "Conditional Access."
-      isCorrect: false
-      explanation: "Incorrect. Conditional Access policies are used to enforce organizational rules for access."
-    - content: "Entitlement management."
-      isCorrect: false
-      explanation: "Incorrect. Entitlement management is an Azure tool that automates access to the applications and data needed for someone to be productive in a particular project or role."
-
-  - content: An organization is adopting a multicloud strategy and struggling with managing access permissions. They want to implement least privilege access across their entire infrastructure. What should they do to ensure secure and compliant access to their expanding cloud estate?
-    choices:
-    - content: Rely solely on cloud providers' native access management models.
-      isCorrect: false
-      explanation: Incorrect. These models can be inconsistent and may not provide the level of control needed for a Zero Trust security strategy.
-    - content: Manually review and adjust permissions for each identity and resource on a regular basis.
-      isCorrect: false
-      explanation: Incorrect. This approach isn't scalable and doesn't provide comprehensive visibility or control over permissions.
-    - content: Implement a cloud infrastructure entitlement management (CIEM) product like Microsoft Entra Permissions Management that provides comprehensive visibility and control over permissions for any identity and any resource in Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP).
-      isCorrect: true
-      explanation: Correct. This product helps organizations address the Zero Trust principle of least privilege access by detecting, automatically right-sizing (remediating), and continuously monitoring unused and excessive permissions.
-
+### YamlMime:ModuleUnit
+uid: learn.wwl.describe-identity-protection-governance-capabilities-of-azure-ad.knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: "Knowledge check"
+  ms.date: 08/02/2024
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/6-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "Your organization has implemented important changes in their customer facing web-based applications. You want to ensure that any user who wishes to access these applications agrees to the legal disclaimers. Which Microsoft Entra feature should you implement?"
+    choices:
+    - content: "Entitlement management."
+      isCorrect: false
+      explanation: "Incorrect. Entitlement management automates access request workflows, access assignments, reviews, and expiration but doesn't address the business requirement for users to agree to terms of use."
+    - content: "Microsoft Entra Terms of Use."
+      isCorrect: true
+      explanation: "Correct. Microsoft Entra Terms of Use presents information to users before they access data and can be configured to require users to accept the terms of use."
+    - content: "Identity Protection."
+      isCorrect: false
+      explanation: "Incorrect. Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats."
+  
+  - content: "An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization’s resources?"
+    choices:
+    - content: "Microsoft Entra Terms of Use."
+      isCorrect: false
+      explanation: "Incorrect. Microsoft Entra Terms of Use presents information to users before they access data but doesn't manage access rights."
+    - content: "Identity Protection."
+      isCorrect: false
+      explanation: "Incorrect. Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats."
+    - content: "Entitlement management."
+      isCorrect: true
+      explanation: "Correct. Entitlement management is well suited to handling project-based access needs. Entitlement management automates access requests, access assignments, reviews, and expiration for bundles of resources relevant to a project."
+  
+  - content: "An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles. The users have now been deleted but the IT organization has been asked to recommend a solution to prevent a similar security lapse happening in future. Which solution should they recommend?"
+    choices:
+    - content: "Entitlement management."
+      isCorrect: false
+      explanation: "Incorrect. Entitlement management automates access request workflows, access assignments, reviews, and expiration but doesn't prevent users who have left the organization retaining access rights."
+    - content: "Privileged Identity Management."
+      isCorrect: true
+      explanation: "Correct. Privileged Identity Management mitigates the risks of excessive, unnecessary, or misused access permissions."
+    - content: "Identity Protection."
+      isCorrect: false
+      explanation: "Incorrect. Identity Protection allows you to detect identity-based risk but doesn't mitigate the risk of inappropriate privileges being assigned to users who have left the organization."
+  
+  - content: "Your IT organization recently discovered that several user accounts in the finance department have been compromised. The CTO has asked for a solution to reduce the impact of compromised user accounts. The IT admin team is looking into Microsoft Entra features. Which one should they recommend?"
+    choices:
+    - content: "Identity Protection."
+      isCorrect: true
+      explanation: "Correct. Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. This includes user risk, the probability that a given identity or account is compromised, and sign-in risk, the probability that a given authentication request isn't authorized by the identity owner."
+    - content: "Conditional Access."
+      isCorrect: false
+      explanation: "Incorrect. Conditional Access policies are used to enforce organizational rules for access."
+    - content: "Entitlement management."
+      isCorrect: false
+      explanation: "Incorrect. Entitlement management is an Azure tool that automates access to the applications and data needed for someone to be productive in a particular project or role."
+

learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/6-knowledge-check.yml

@@ -7,4 +7,3 @@ In this module, you'll learn how to:
 - Describe the capabilities of Microsoft Entra ID Governance.
 - Describe Privileged Identity Management (PIM).
 - Describe the capabilities of Microsoft Entra ID Protection.
-- Describe permissions management.

learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/includes/1-introduction.md

@@ -1,11 +1,10 @@
-In this module, you learned how Microsoft Entra ID provides tools to help you protect and govern identities. You learned about identity life-cycle management and how Identity Protection can detect potential identity risks. Finally, you learned how solutions such as access reviews, privileged identity management, and permissions management all help organizations adhere to the concepts of least privilege access, a core principle of a Zero Trust security strategy.
+In this module, you learned how Microsoft Entra ID provides tools to help you protect and govern identities. You learned about identity life-cycle management and how Identity Protection can detect potential identity risks. Finally, you learned how solutions such as access reviews and privileged identity management help organizations adhere to the concepts of least privilege access, a core principle of a Zero Trust security strategy.
 
 Now that you've completed this module, you're able to:
 
 - Describe the capabilities of Microsoft Entra ID Governance.
 - Describe Privileged Identity Management (PIM).
 - Describe the capabilities of Microsoft Entra ID Protection.
-- Describe permissions management.
 
 ### Learn more
 
@@ -18,5 +17,4 @@ For more information about the topics raised in this module, see:
 - [Microsoft Entra Privileged Identity Management](/azure/active-directory/privileged-identity-management/pim-configure)
 - [What is Identity Protection?](/azure/active-directory/identity-protection/overview-identity-protection)
 - [Microsoft Copilot in Microsoft Entra](/training/modules/security-copilot-embedded-experiences/4-copilot-for-entra)
-- [What's Permissions Management?](/azure/active-directory/cloud-infrastructure-entitlement-management/overview)
 - [Describe the concepts behind Microsoft Entra Verified ID](/training/modules/describe-verified-id-concepts/)