pull base content,head:MicrosoftDocs:main,into:wwlpublishsync

Author: wwlpublish

learn-pr/aspnetcore/build-web-api-minimal-api/includes/2-what-is-minimal-api.md

@@ -146,6 +146,7 @@ To use Swagger and the Swagger UI in your API, you do two things:
          {
            c.SwaggerDoc("v1", new OpenApiInfo { Title = "Todo API", Description = "Keep track of your tasks", Version = "v1" });
          });
+     }
      ```
 
    - Add `UseSwagger()` and `UseSwaggerUI()`. These two code lines tell the API project to use Swagger and also where to find the specification file *swagger.json*.

learn-pr/azure-networking/introduction-azure-web-application-firewall/1-introduction.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.1-introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: Introduction to the Introduction to Azure Web Application Firewall module.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/1-introduction.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.1-introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: Introduction to the Introduction to Azure Web Application Firewall module.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/1-introduction.md)]
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/2-what-is-azure-web-application-firewall.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.2-what-is-azure-web-application-firewall
-title: What is Azure Web Application Firewall?
-metadata:
-  title: What is Azure Web Application Firewall?
-  description: Learn the basics of Azure Web Application Firewall including key features and common attacks it protects against.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 10
-content: |
-  [!include[](includes/2-what-is-azure-web-application-firewall.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.2-what-is-azure-web-application-firewall
+title: What is Azure Web Application Firewall?
+metadata:
+  title: What is Azure Web Application Firewall?
+  description: Learn the basics of Azure Web Application Firewall including key features and common attacks it protects against.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/2-what-is-azure-web-application-firewall.md)]
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/3-how-azure-web-application-firewall-works.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.3-how-azure-web-application-firewall-works
-title: How Azure Web Application Firewall works
-metadata:
-  title: How Azure Web Application Firewall works
-  description: Learn how Azure Web Application Firewall works. In particular, learn about core rule sets and rule groups.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 12
-content: |
-  [!include[](includes/3-how-azure-web-application-firewall-works.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.3-how-azure-web-application-firewall-works
+title: How Azure Web Application Firewall works
+metadata:
+  title: How Azure Web Application Firewall works
+  description: Learn how Azure Web Application Firewall works. In particular, learn about core rule sets and rule groups.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 12
+content: |
+  [!include[](includes/3-how-azure-web-application-firewall-works.md)]
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/4-when-to-use-azure-web-application-firewall.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.4-when-to-use-azure-web-application-firewall
-title: When to use Azure Web Application Firewall
-metadata:
-  title: When to use Azure Web Application Firewall
-  description: Learn about common scenarios for using Azure Web Application Firewall.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 8
-content: |
-  [!include[](includes/4-when-to-use-azure-web-application-firewall.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.4-when-to-use-azure-web-application-firewall
+title: When to use Azure Web Application Firewall
+metadata:
+  title: When to use Azure Web Application Firewall
+  description: Learn about common scenarios for using Azure Web Application Firewall.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 8
+content: |
+  [!include[](includes/4-when-to-use-azure-web-application-firewall.md)]
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/5-knowledge-check.yml

@@ -1,50 +1,50 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.5-knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: Check your knowledge.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/5-knowledge-check.md)]
-quiz:
-  title: Check your knowledge
-  questions:
-  - content: "Suppose a company wants to stop threat actors from submitting malicious requests to a web app. Which of the following Azure Web Application Firewall modes should the company use?"
-    choices:
-    - content: "Detection"
-      isCorrect: false
-      explanation: "Incorrect. Detection mode only logs a rule violation. It doesn't stop a request from being submitted."
-    - content: "Prevention"
-      isCorrect: true
-      explanation: "Correct. Prevention mode not only logs a rule violation, but it also stops the request from being submitted to the web app."
-    - content: "Exclusions"
-      isCorrect: false
-      explanation: "Incorrect. Exclusions are an Azure Web Application Firewall feature that enables you to ignore specified HTTP/HTTPS request attributes."
-  - content: "Suppose a company wants to deploy Azure Web Application Firewall to protect a web application that accepts user data from a form. Which of the following best describes how Azure Web Application Firewall protects the app?"
-    choices:
-    - content: "Custom rules"
-      isCorrect: false
-      explanation: "Incorrect. A custom rule is a user-defined firewall rule that helps protect an app from a threat not covered by the managed rules offered by Azure Web Application Firewall."
-    - content: "Remote file inclusion"
-      isCorrect: false
-      explanation: "Incorrect. Remote file inclusion is an exploit where an attacker sends the server specially configured text that passes a remote file to a script's `include` statement."
-    - content: "Sanitizing input"
-      isCorrect: true
-      explanation: "Correct. Sanitizing input refers to removing or disabling dangerous text elements of user-generated input."
-  - content: "Suppose a company wants to deploy a web app and is trying to decide whether to use in-house developers to code against common exploits. Which of the following scenarios isn't an argument in favor of using Azure Web Application Firewall?" 
-    choices:
-    - content: "Your web app includes user accounts and stores sensitive or proprietary data."
-      isCorrect: false
-      explanation: "Incorrect. User credentials, sensitive personal information, and proprietary company data are coveted by malicious users, so Azure Web Application Firewall is a good choice for protecting that data."
-    - content: "Your web app is made available to employees, customers, and vendors using a private network connection."
-      isCorrect: true
-      explanation: "Correct. Private access to the virtual network where the web app resides means that app traffic never goes over the public internet. There is no need to protect the app against common web exploits."
-    - content: "Your web app development team lacks security expertise, time, and money."
-      isCorrect: false
-      explanation: "Incorrect. A lack of expertise, time, and money can prevent your team from covering all possible exploits, which can leave your app vulnerable. Azure Web Application Firewall protects against all OWASP exploits and can be deployed quickly and cost-effectively."
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.5-knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: Check your knowledge.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/5-knowledge-check.md)]
+quiz:
+  title: Check your knowledge
+  questions:
+  - content: "Suppose a company wants to stop threat actors from submitting malicious requests to a web app. Which of the following Azure Web Application Firewall modes should the company use?"
+    choices:
+    - content: "Detection"
+      isCorrect: false
+      explanation: "Incorrect. Detection mode only logs a rule violation. It doesn't stop a request from being submitted."
+    - content: "Prevention"
+      isCorrect: true
+      explanation: "Correct. Prevention mode not only logs a rule violation, but it also stops the request from being submitted to the web app."
+    - content: "Exclusions"
+      isCorrect: false
+      explanation: "Incorrect. Exclusions are an Azure Web Application Firewall feature that enables you to ignore specified HTTP/HTTPS request attributes."
+  - content: "Suppose a company wants to deploy Azure Web Application Firewall to protect a web application that accepts user data from a form. Which of the following best describes how Azure Web Application Firewall protects the app?"
+    choices:
+    - content: "Custom rules"
+      isCorrect: false
+      explanation: "Incorrect. A custom rule is a user-defined firewall rule that helps protect an app from a threat not covered by the managed rules offered by Azure Web Application Firewall."
+    - content: "Remote file inclusion"
+      isCorrect: false
+      explanation: "Incorrect. Remote file inclusion is an exploit where an attacker sends the server specially configured text that passes a remote file to a script's `include` statement."
+    - content: "Sanitizing input"
+      isCorrect: true
+      explanation: "Correct. Sanitizing input refers to removing or disabling dangerous text elements of user-generated input."
+  - content: "Suppose a company wants to deploy a web app and is trying to decide whether to use in-house developers to code against common exploits. Which of the following scenarios isn't an argument in favor of using Azure Web Application Firewall?" 
+    choices:
+    - content: "Your web app includes user accounts and stores sensitive or proprietary data."
+      isCorrect: false
+      explanation: "Incorrect. Malicious users covet user credentials, sensitive personal information, and proprietary company data. Azure Web Application Firewall is a good choice for protecting that data."
+    - content: "Your web app is made available to employees, customers, and vendors using a private network connection."
+      isCorrect: true
+      explanation: "Correct. Private access to the virtual network where the web app resides means that app traffic never goes over the public internet. There's no need to protect the app against common web exploits."
+    - content: "Your web app development team lacks security expertise, time, and money."
+      isCorrect: false
+      explanation: "Incorrect. A lack of expertise, time, and money can prevent your team from covering all possible exploits, which can leave your app vulnerable. Azure Web Application Firewall protects against all OWASP exploits and can be deployed quickly and cost-effectively."
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/6-summary.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-web-application-firewall.6-summary
-title: Summary
-metadata:
-  title: Summary
-  description: Summary.
-  ms.date: 02/14/2024
-  author: vhorne
-  ms.author: victorh
-  ms.topic: unit
-durationInMinutes: 2
-content: |
-  [!include[](includes/6-summary.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-web-application-firewall.6-summary
+title: Summary
+metadata:
+  title: Summary
+  description: Summary.
+  ms.date: 05/01/2025
+  author: vhorne
+  ms.author: robmcm
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/6-summary.md)]
+

learn-pr/azure-networking/introduction-azure-web-application-firewall/includes/1-introduction.md

@@ -1,12 +1,12 @@
-Azure Web Application Firewall is an Azure service that protects web applications from common attacks such as SQL injection and cross-site scripting. The protection extends beyond OWASP (Open Worldwide Application Security Project) top 10 attacks.  It can also detect malicious bot attacks, API attacks, and application layer DDoS attacks.
+Azure Web Application Firewall is an Azure service that protects web applications from common attacks such as SQL injection and cross-site scripting. The protection extends beyond OWASP (Open Worldwide Application Security Project) top 10 attacks. It can also detect malicious bot attacks, API attacks, and application layer DDoS attacks.
 
 Suppose you work for Contoso, Ltd., a financial-services company in Seattle with major offices located throughout the world. Contoso's compute environment runs as Azure virtual network resources. These resources include several existing and planned web applications that serve customers, vendors, and employees.
 
 The Contoso IT staff is concerned that their web applications are the target of malicious attacks using common exploits such as SQL injection. IT wants to protect their apps. However, their web development team lacks the expertise, time, and budget to write the necessary protection code.
 
 Suppose you're a senior Contoso web developer. You're responsible for researching and recommending a way to protect Contoso's web applications. You've been asked to evaluate whether Azure Web Application Firewall can protect your web apps from attacks that use common exploits.
 
-In this module, you learn the basics of Azure Web Application Firewall. Those basics consist of what it is, how it works, and when you should use it. By the end of this module, you'll have the knowledge needed evaluate whether Azure Web Application Firewall can protect Contoso's web apps from common attacks.
+In this module, you learn the basics of Azure Web Application Firewall. Those basics consist of what it is, how it works, and when you should use it. By the end of this module, you'll have the knowledge needed to evaluate whether Azure Web Application Firewall can protect Contoso's web apps from common attacks.
 
 ## Learning objectives
 

learn-pr/azure-networking/introduction-azure-web-application-firewall/includes/2-what-is-azure-web-application-firewall.md

@@ -26,19 +26,18 @@ You can deploy Azure Web Application Firewall in minutes. Your web apps immediat
 
 To help you evaluate Azure Web Application Firewall, here are some of its important features:
 
-- **Managed rules**: The rules that Azure Web Application Firewall uses to detect and prevent common exploits are created, maintained, and updated by Microsoft's security team. If a rule changes, or a rule set (refer to the following description) is modified, Microsoft updates Azure Web Application Firewall automatically and seamlessly.
+- **Managed rules**: Microsoft's security team creates, maintains, and updates the rules that Azure Web Application Firewall uses to detect and prevent common exploits. If a rule changes, or a rule set (refer to the following description) is modified, Microsoft updates Azure Web Application Firewall automatically and seamlessly.
 
     > [!NOTE]
-    > You can't modify or delete the managed rules offered by Azure Web Application Firewall. However, if a particular rule is problematic for your environment (for example, it blocks legitimate traffic to your web app) you can create exclusions or disable the rule, or rule set. You can also create custom rules to overwrite the default behavior.
+    > You can't modify or delete the managed rules offered by Azure Web Application Firewall. However, if a particular rule is problematic for your environment (for example, it blocks legitimate traffic to your web app) you can create exclusions or disable the rule or rule set. You can also create custom rules to overwrite the default behavior.
 
 - **Bot rules**: The bot rules identify good bots and protect from bad bots. Bad bots are detected based on Microsoft Threat Intelligence.
-
 - **Custom rules**: If the managed rules offered by Azure Web Application Firewall don't cover a specific threat to your web application, you can create a custom rule.
-- **Modes**: Azure Web Application Firewall can operate in one of two modes: detection mode only logs requests that violate a rule, while prevention mode both logs and blocks requests that violate a rule.
+- **Modes**: Azure Web Application Firewall can operate in one of two modes. Detection mode only logs requests that violate a rule, while prevention mode both logs and blocks requests that violate a rule.
 - **Exclusion lists**: You can configure Azure Web Application Firewall to ignore specific attributes when it checks requests.
 - **Policies**: You can combine a set of managed rules, custom rules, exclusions, and other Azure Web Application Firewall settings into a single element called an Azure Web Application Firewall policy. You can then apply that policy to multiple web apps for easy management and maintenance.
 - **Request size limits**: You can configure Azure Web Application Firewall to flag requests that are either too small or too large.
-- **Alerts**: Azure Web Application Firewall integrates with Azure Monitor. This integration gives you near-real-time alerts when the WAF detects a threat.
+- **Alerts**: Azure Web Application Firewall integrates with Azure Monitor. This integration gives you near-real-time alerts when the WAF (Web Application Firewall) detects a threat.
 
 ## Common attacks prevented by Azure Web Application Firewall