review-2

v-thpra · v-thpra · commit 429e4afbd905 · 2025-05-12T15:07:44.000-07:00
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/1-introduction.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/1-introduction.yml
@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: Learn how to secure your system with a threat modeling framework
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/1b-threat-modeling-framework.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/1b-threat-modeling-framework.yml
@@ -4,7 +4,7 @@ title: Threat modeling framework
 metadata:
   title: Threat modeling framework
   description: Learn about each threat category with their corresponding security controls
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/2-spoofing-pretending-to-be-someone-or-something-else.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/2-spoofing-pretending-to-be-someone-or-something-else.yml
@@ -4,7 +4,7 @@ title: Spoofing - pretending to be someone or something else
 metadata:
   title: Spoofing - pretending to be someone or something else
   description: Learn about Spoofing and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/3-tampering-changing-data-without-authorization.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/3-tampering-changing-data-without-authorization.yml
@@ -4,7 +4,7 @@ title: Tampering - changing data without authorization
 metadata:
   title: Tampering - changing data without authorization
   description: Learn about Tampering and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
@@ -16,12 +16,12 @@ quiz:
   questions:
   - content: "Which statement describes a potential security control against tampering?"
     choices:
-    - content: "Sender encrypts the attachment of an email so the receiver knows it came from them"
+    - content: "Sender encrypts the attachment of an email so the receiver knows it came from them."
       isCorrect: false
-      explanation: "Encrypting the attachment isn't enough. Digitally sign a message to ensure tampering doesn't happen"
-    - content: "System logs all actions and users to keep everyone accountable"
+      explanation: "Encrypting the attachment isn't enough. Digitally sign a message to ensure tampering doesn't happen."
+    - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: false
-      explanation: "This statement applies to repudiation"
-    - content: "System grants administrative access to users listed on the access control list"
+      explanation: "This statement applies to repudiation."
+    - content: "System grants administrative access to users listed on the access control list."
       isCorrect: true
-      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege "
+      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege."
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/4-repudiation-not-claiming-responsibility-for-an-action-taken.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/4-repudiation-not-claiming-responsibility-for-an-action-taken.yml
@@ -4,7 +4,7 @@ title: Repudiation - not claiming responsibility for an action taken
 metadata:
   title: Repudiation - not claiming responsibility for an action taken
   description: Learn about Repudiation and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
@@ -16,12 +16,12 @@ quiz:
   questions:
   - content: "Which statement describes a potential security control against repudiation?"
     choices:
-    - content: "Sender digitally signs a message so the receiver knows who the message came from"
+    - content: "Sender digitally signs a message so the receiver knows who the message came from."
       isCorrect: false
-      explanation: "This message applies to spoofing"
-    - content: "System logs all actions and users to keep everyone accountable"
+      explanation: "This message applies to spoofing."
+    - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: true
-      explanation: "This statement applies to repudiation"
-    - content: "System grants administrative access to users listed on the access control list"
+      explanation: "This statement applies to repudiation."
+    - content: "System grants administrative access to users listed on the access control list."
       isCorrect: false
-      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege "
+      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege."
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/5-information-disclosure-seeing-data-i-am-not-supposed-to-see.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/5-information-disclosure-seeing-data-i-am-not-supposed-to-see.yml
@@ -4,7 +4,7 @@ title: Information disclosure - seeing data I'm not supposed to see
 metadata:
   title: Information disclosure - seeing data I'm not supposed to see
   description: Learn about Information Disclosure and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
@@ -18,10 +18,10 @@ quiz:
     choices:
     - content: "Sender digitally signs a message so the receiver knows who the message came from."
       isCorrect: false
-      explanation: "This message applies to spoofing"
+      explanation: "This message applies to spoofing."
     - content: "System grants administrative access to users listed on the access control list."
       isCorrect: true
-      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege"
+      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege."
     - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: false
-      explanation: "This statement applies to repudiation"
+      explanation: "This statement applies to repudiation."
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/6-denial-of-service-overwhelming-the-system.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/6-denial-of-service-overwhelming-the-system.yml
@@ -4,7 +4,7 @@ title: Denial of Service - overwhelming the system
 metadata:
   title: Denial of Service - Overwhelming the System
   description: Learn about Denial of Service and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
@@ -16,12 +16,12 @@ quiz:
   questions:
   - content: "Which statement describes a potential security control against denial of service?"
     choices:
-    - content: "Sender digitally signs a message so the receiver knows who the message came from"
+    - content: "Sender digitally signs a message so the receiver knows who the message came from."
       isCorrect: false
-      explanation: "This message applies to spoofing"
-    - content: "System logs all actions and users to keep everyone accountable"
+      explanation: "This message applies to spoofing."
+    - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: false
-      explanation: "This statement applies to repudiation"
-    - content: "System relies on elastic resources to handle more requests as they arrive"
+      explanation: "This statement applies to repudiation."
+    - content: "System relies on elastic resources to handle more requests as they arrive."
       isCorrect: true
-      explanation: "This statement applies to denial of service"
+      explanation: "This statement applies to denial of service."
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/7-elevation-of-privilege-having-permissions-i-should-not-have.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/7-elevation-of-privilege-having-permissions-i-should-not-have.yml
@@ -4,7 +4,7 @@ title: Elevation of privilege - having permissions I should not have
 metadata:
   title: Elevation of Privilege - Having Permissions I Should Not Have
   description: Learn about Elevation of Privilege and its corresponding security control
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
@@ -16,12 +16,12 @@ quiz:
   questions:
   - content: "Which statement describes a potential security control against elevation of privilege?"
     choices:
-    - content: "System runs a process with the least possible amount of privilege"
+    - content: "System runs a process with the least possible amount of privilege."
       isCorrect: true
-      explanation: "This statement applies to elevation of privilege"
-    - content: "Sender digitally signs a message so the receiver knows who the message came from"
+      explanation: "This statement applies to elevation of privilege."
+    - content: "Sender digitally signs a message so the receiver knows who the message came from."
       isCorrect: false
-      explanation: "This message applies to spoofing"
-    - content: "System logs all actions and users to keep everyone accountable"
+      explanation: "This message applies to spoofing."
+    - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: false
-      explanation: "This statement applies to repudiation"
+      explanation: "This statement applies to repudiation."
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/8-summary.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/8-summary.yml
@@ -3,8 +3,8 @@ uid: learn.tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eli
 title: Summary
 metadata:
   title: Summary
-  description: Review what you've learned about each threat category with their corresponding security controls
-  ms.date: 07/17/2023
+  description: Review what you learned about each threat category with their corresponding security controls.
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: unit
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/3-tampering-changing-data-without-authorization.md b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/3-tampering-changing-data-without-authorization.md
@@ -14,26 +14,26 @@ Examples include:
 
 |Name|Shape|Definition|
 |----|-----|----------|
-|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output|
-|Data store|![Data store.](../media/data-store50.png)|Permanent or temporary data storage|
-|Data-flow|![Data-flow.](../media/data-flow50.png)|Data movement between elements|
+|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output.|
+|Data store|![Data store.](../media/data-store50.png)|Permanent or temporary data storage.|
+|Data-flow|![Data-flow.](../media/data-flow50.png)|Data movement between elements.|
 
 ### Interaction
 
 |Name|Interaction|Definition|
 |----|-----------|----------|
-|Process <-> Data store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store|
-|Data-flow <-> Trust boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa)|
+|Process <-> Data store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store.|
+|Data-flow <-> Trust boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa).|
 
 ## How to prevent tampering
 
 **Integrity** prevents data from being maliciously modified. Examples include:
 
-- Validating input to prevent the processing of malicious payloads and mishandling of unexpected behavior
-- Signing messages with digital signatures to ensure messages aren't tampered with
-- Using access-control lists to apply permissions
-- Using SSL/TLS to secure transmission
-- Creating an IPSec tunnel to secure communication between endpoints
+- Validating input to prevent the processing of malicious payloads and mishandling of unexpected behavior.
+- Signing messages with digital signatures to ensure messages aren't tampered with.
+- Using access-control lists to apply permissions.
+- Using TLS/SSL to secure transmission.
+- Creating an IPSec tunnel to secure communication between endpoints.
 
 ### Common security controls to reduce or eliminate risk
 
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/4-repudiation-not-claiming-responsibility-for-an-action-taken.md b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/4-repudiation-not-claiming-responsibility-for-an-action-taken.md
@@ -23,9 +23,9 @@ Examples include:
 
 |Name|Interaction|Definition|
 |----|-----------|----------|
-|Process <-> Process|![Process to Process Interaction.](../media/process-process.png)|A task sends or receives data to or from another task|
-|Process <-> External Entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user|
-|Process <-> Data Store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store|
+|Process <-> Process|![Process to Process Interaction.](../media/process-process.png)|A task sends or receives data to or from another task.|
+|Process <-> External Entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user.|
+|Process <-> Data Store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store.|
 
 ## How to prevent repudiation
 
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/5-information-disclosure-seeing-data-i-am-not-supposed-to-see.md b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/5-information-disclosure-seeing-data-i-am-not-supposed-to-see.md
@@ -1,4 +1,4 @@
-**Information disclosure** occurs when sensitive data is exposed to unauthorized individuals. It can happen with or without intention. 
+**Information disclosure** occurs when sensitive data is exposed to unauthorized individuals. It can happen with or without intention.
 
 Examples include:
 
@@ -12,18 +12,18 @@ Examples include:
 
 |Name|Shape|Definition|
 |----|-----|----------|
-|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output|
-|Data store|![Data Store.](../media/data-store50.png)|Permanent or temporary data storage|
-|Data-flow|![Data-Flow.](../media/data-flow50.png)|Data movement between elements|
+|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output.|
+|Data store|![Data Store.](../media/data-store50.png)|Permanent or temporary data storage.|
+|Data-flow|![Data-Flow.](../media/data-flow50.png)|Data movement between elements.|
 
 ### Interaction
 
 |Name|Interaction|Definition|
 |----|-----------|----------|
-|Process -> Process|![Process to Process Unilateral Interaction.](../media/process-process-unilateral.png)|A task sends data to another task|
-|Process <-> External entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user|
-|Process <-> Data store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store|
-|Data Flow <-> Trust boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa)|
+|Process -> Process|![Process to Process Unilateral Interaction.](../media/process-process-unilateral.png)|A task sends data to another task.|
+|Process <-> External entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user.|
+|Process <-> Data store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store.|
+|Data Flow <-> Trust boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa).|
 
 ## How to prevent information disclosure
 
@@ -33,7 +33,7 @@ Examples include:
 
 - Applying access-control lists to ensure the right users can access the right data.
 - Encrypting data at rest, in transit, and in use.
-- Enforcing SSL/TLS to secure transmission.
+- Enforcing TLS/SSL to secure transmission.
 - Using IPSec tunnels to secure communication across endpoints.
 
 ### Common security controls to reduce or eliminate risk
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/6-denial-of-service-overwhelming-the-system.md b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/6-denial-of-service-overwhelming-the-system.md
@@ -12,25 +12,25 @@ Examples include:
 
 |Name|Shape|Definition|
 |----|-----|----------|
-|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output|
-|Data store|![Data Store.](../media/data-store50.png)|Permanent or temporary data storage|
+|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output.|
+|Data store|![Data Store.](../media/data-store50.png)|Permanent or temporary data storage.|
 |Data-flow|![Data-Flow.](../media/data-flow50.png)|Data movement between elements|
 
 ### Interaction
 
 |Name|Interaction|Definition|
 |----|-----------|----------|
-|Process -> Process|![Process to Process Unilateral Interaction.](../media/process-process-unilateral.png)|A task sends data to another task|
-|Process <-> External Entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user|
-|Process <-> Data Store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store|
-|Data Flow <-> Trust Boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa)|
+|Process -> Process|![Process to Process Unilateral Interaction.](../media/process-process-unilateral.png)|A task sends data to another task.|
+|Process <-> External Entity|![Process to External Entity Interaction.](../media/process-externalentity.png)|A task sends or receives data to or from a user.|
+|Process <-> Data Store|![Process to Data Store Interaction.](../media/process-datastore.png)|A task sends or receives data to or from a data store.|
+|Data Flow <-> Trust Boundary|![Data-Flow to Trust Boundary Interaction.](../media/flow-trustboundary.png)|Data is transmitted from a trusted environment to someone over the internet (and vice-versa).|
 
 ## How to prevent denial of service
 
 **Availability** ensures your system is up and running for users. Examples include:
 
 - Using network access-control lists to control incoming and outgoing traffic.
-- Using elastic resources to manage growing or shrinking usage.
+- Using elastic resources to manage usage when it grows or shrinks.
 - Monitoring the system to detect anomalies.
 - Enabling operating-system flags to handle memory and CPU processes.
 
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/7-elevation-of-privilege-having-permissions-i-should-not-have.md b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/7-elevation-of-privilege-having-permissions-i-should-not-have.md
@@ -9,15 +9,15 @@
 
 |Name|Shape|Definition|
 |----|-----|----------|
-|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output|
+|Process|![Process.](../media/process50.png)|Activity that modifies or redirects input to an output.|
 
 ### Interaction
 
 |Name|Interaction|Definition|
 |----|-----------|----------|
-|Process <-> Process|![Process to Process Interaction.](../media/process-process.png)|A task sends data to another task|
-|Process <- External entity|![Process to External Entity Unilateral Interaction.](../media/process-externalentity-unilateral.png)|A task receives data from a user|
-|Process <- Data store|![Process to Data Store Unilateral Interaction.](../media/process-datastore-unilateral.png)|A task receives data from a data store|
+|Process <-> Process|![Process to Process Interaction.](../media/process-process.png)|A task sends data to another task.|
+|Process <- External entity|![Process to External Entity Unilateral Interaction.](../media/process-externalentity-unilateral.png)|A task receives data from a user.|
+|Process <- Data store|![Process to Data Store Unilateral Interaction.](../media/process-datastore-unilateral.png)|A task receives data from a data store.|
 
 ## How to prevent elevation of privilege
 
diff --git a/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/index.yml b/learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/index.yml
@@ -3,16 +3,17 @@ uid: learn.tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eli
 metadata:
   title: Use a framework to identify threats and find ways to reduce or eliminate risk
   description: Threat modeling helps you generate a list of potential threats using STRIDE and find ways to reduce or eliminate risk with corresponding security controls.
-  ms.date: 07/17/2023
+  ms.date: 05/12/2025
   author: rodsan
   ms.author: rodsan
   ms.topic: module
+  ms.service: azure
 title: Use a framework to identify threats and find ways to reduce or eliminate risk
 summary: Threat modeling helps you generate a list of potential threats using the threat modeling framework and find ways to reduce or eliminate risk with corresponding security controls.
 abstract: |
   By the end of this module, you're able to:
-  - Discuss each threat category in the threat modeling framework
-  - Learn about the security controls to help reduce or eliminate risk
+  - Discuss each threat category in the threat modeling framework.
+  - Learn about the security controls to help reduce or eliminate risk.
 prerequisites: None
 iconUrl: /training/achievements/use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk.svg
 levels:
