changed files by pdets auto publish service, publishid[d453c266-2fbe-4bfe-8887-eabe082fcb52] and do [publish].

Author: wwlpublish

learn-pr/wwl-azure/configure-storage-security/6-create-customer-managed-keys.yml

@@ -12,6 +12,6 @@ metadata:
   ms.topic: unit
   ms.custom:
   - N/A
-durationInMinutes: 2
+durationInMinutes: 3
 content: |
   [!include[](includes/6-create-customer-managed-keys.md)]

learn-pr/wwl-azure/configure-storage-security/9-knowledge-check.yml

@@ -28,15 +28,15 @@ quiz:
       explanation: "Incorrect. Storage access keys should be encrypted with limited access."
     - content: "Hard code access keys in your application code."
       isCorrect: false
-      explanation: "Incorrect. Hard-coding access keys in an application isn't a good best practice."
+      explanation: "Incorrect. Hard-coding access keys in an application isn't a best practice."
   - content: "What is the recommended way to authorize access to data in Azure Storage?"
     choices:
     - content: "Using either Microsoft Entra ID or a shared access signature SAS."
       isCorrect: true
       explanation: "Correct. Entra ID and SAS are great ways to access storage."
     - content: "Using Shared Key authorization."
       isCorrect: false
-      explanation: "Incorrect. Shared key authorization is not a best practice."
+      explanation: "Incorrect. Shared key authorization isn't a best practice."
     - content: "Using access keys and connection strings for all apps accessing production or sensitive data."
       isCorrect: false
       explanation: "Incorrect. Entra ID and SAS are better ways to authorize access."

learn-pr/wwl-azure/configure-storage-security/includes/2-review-strategies.md

@@ -2,7 +2,8 @@ Administrators use different strategies to ensure their data is secure. Common a
 
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=f0ef7956-ecdf-43cb-82e5-d0f9cb34bf3c]
 
-> [!NOTE] The video refers to Active Directory, which is now branded as Microsoft Entra ID. 
+> [!NOTE] 
+> The video refers to Active Directory, which is now branded as Microsoft Entra ID. 
 
 ### Things to know about Azure Storage security strategies
 

learn-pr/wwl-azure/configure-storage-security/includes/3-create-shared-access-signatures.md

@@ -25,7 +25,5 @@ Let's look at some recommendations that can help mitigate risks when working wit
 | **Require clients automatically renew the SAS** | Require your clients to renew the SAS well before the expiration date. By renewing early, you allow time for retries if the service providing the SAS is unavailable. |
 | **Plan carefully for the SAS start time** | If you set the start time for a SAS to now, then due to clock skew (differences in current time according to different machines), failures might be observed intermittently for the first few minutes. In general, set the start time to at least 15 minutes in the past. Or, don't set a specific start time, which causes the SAS to be valid immediately in all cases. The same conditions generally apply to the expiry time. You might observe up to 15 minutes of clock skew in either direction on any request. For clients that use a REST API version earlier than 2012-02-12, the maximum duration for a SAS that doesn't reference a stored access policy is 1 hour. Any policies that specify a longer term fail. |
 | **Define minimum access permissions for resources** | A security best practice is to provide a user with the minimum required privileges. If a user only needs read access to a single entity, then grant them read access to that single entity, and not read/write/delete access to all entities. This practice also helps lessen the damage if a SAS is compromised because the SAS has less power in the hands of an attacker. |
-| **Understand account billing for usage, including a SAS** | Provide limited permissions to help mitigate the potential actions of malicious users. Read and write permissions can cause billing charges. Use a short-lived SAS to reduce this threat. |
 | **Validate data written by using a SAS** | When a client application writes data to your Azure storage account, keep in mind there can be problems with the data. If your application requires validated or authorized data, validate the data after written, but before used. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS. |
 | **Don't assume a SAS is always the correct choice** | In some scenarios, the risks associated with a particular operation against your Azure storage account outweigh the benefits of using a SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's easier to manage access in other ways. If you want to make all blobs in a container publicly readable, you can make the container Public, rather than providing a SAS to every client for access. |
-| **Monitor your applications with Azure Storage Analytics** | You can use logging and metrics to observe any spike in authentication failures. You might see spikes from an outage in your SAS provider service or to the inadvertent removal of a stored access policy. |

learn-pr/wwl-azure/configure-storage-security/includes/7-apply-best-practices.md

@@ -1,22 +1,22 @@
-[Storage insights](/azure/storage/common/storage-insights-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json) provides comprehensive monitoring of your Azure Storage accounts. Storage insigths delivers a unified view of your Azure Storage services performance, capacity, and availability. 
+[Storage insights](/azure/storage/common/storage-insights-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json) provides comprehensive monitoring of your Azure Storage accounts. Storage Insights delivers a unified view of your Azure Storage services performance, capacity, and availability. 
 
 :::image type="content" source="../media/storage-insights.png" alt-text="Screenshot of storage insights in the portal." border="false":::
 
 ### What are the benefits of Storage insights?
 
-- **Detailed Metrics and Logs**. Azure Storage Insights offers detailed metrics, logs, and diagnostic information that enhance visibility into storage operations. This helps in monitoring key performance indicators (KPIs) such as latency, throughput, capacity utilization, and transactions 1.
+- **Detailed Metrics and Logs**. Azure Storage Insights offers detailed metrics, logs, and diagnostic information that enhance visibility into storage operations. This helps in monitoring key performance indicators (KPIs) such as latency, throughput, capacity utilization, and transactions.
 
-- **Enhanced Security and Compliance**. By leveraging Azure Storage Insights, you can ensure enhanced security and compliance. It provides actionable insights and alerts that help in swiftly identifying and resolving security issues 1.
+- **Enhanced Security and Compliance**. By using Azure Storage Insights, you can ensure enhanced security and compliance. It provides actionable insights and alerts that help in swiftly identifying and resolving security issues.
 
-- **Role-Based Access Control (RBAC)**. Azure Storage Insights integrates with Azure's security features, including role-based access control (RBAC), Microsoft Entra ID, connection strings, and access control list (ACL) permissions. This ensures secure access to your data and resources 
+- **Role-Based Access Control (RBAC)**. Azure Storage Insights integrates with Azure's security features, including role-based access control (RBAC), Microsoft Entra ID, connection strings, and access control list (ACL) permissions. RBAC ensures secure access to your data and resources.
 
-- **Unified View**. It delivers a unified view of your Azure Storage services' performance, capacity, and availability, which is crucial for maintaining the security and efficiency of your storage accounts 3.
+- **Unified View**. It delivers a unified view of your Azure Storage services' performance, capacity, and availability, which is crucial for maintaining the security and efficiency of your storage accounts.
 
 ### Security uses for Storage Insights
 
-- **Real-Time Monitoring**. Azure Storage Insights enables real-time monitoring of storage accounts, allowing you to track usage trends, monitor performance, and set up alerts for any anomalies 
+- **Real-Time Monitoring**. Azure Storage Insights enables real-time monitoring of storage accounts, allowing you to track usage trends, monitor performance, and set up alerts for any anomalies.
 
-- **Security Auditing**. It aids in security auditing by providing comprehensive monitoring and detailed logs, which are essential for ensuring compliance and identifying any security issues 
+- **Security Auditing**. It aids in security auditing by providing comprehensive monitoring and detailed logs, which are essential for ensuring compliance and identifying any security issues.
 
-- **Health Analysis and Optimization**. The tool helps in health analysis and optimization of storage accounts, ensuring that they are secure and performing optimally 1.
+- **Health Analysis and Optimization**. The tool helps in health analysis and optimization of storage accounts, ensuring security and optimal performance. 
 

learn-pr/wwl-azure/configure-storage-security/includes/8-simulation-storage.md

@@ -1,9 +1,9 @@
 ## Lab scenario
 
-In this lab you learn to create storage accounts for Azure blobs and Azure files. You learn to configure and secure blob containers. You also learn to use Storage Browser to configure and secure Azure file shares.
+In this lab, you learn to create storage accounts for Azure blobs and Azure files. You learn to configure and secure blob containers. You also learn to use Storage Browser to configure and secure Azure file shares.
 
 > [!NOTE]
-> This lab covers storage accounts, blobs, and files. As you go through the steps consider the security features you learned about. 
+> This lab covers storage accounts, blobs, and files. As you go through the steps, consider the security features you learned about. 
 
 ## Architecture diagram