update units

Author: ceperezb

learn-pr/wwl-sci/security-copilot-describe-agents/3-describe-threat-intelligence-briefing-agent.yml

@@ -1,6 +1,6 @@
 ### YamlMime:ModuleUnit
 uid: learn.security-copilot-describe-agents.describe-threat-intelligence-briefing-agent
-title: Describe
+title: Describe the Threat Intelligence Briefing Agent
 metadata:
   title: Describe the Threat Intelligence Briefing Agent
   description: Describe the Threat Intelligence Briefing Agent.
@@ -10,6 +10,6 @@ metadata:
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot
-durationInMinutes: 1
+durationInMinutes: 4
 content: |
   [!include[](includes/3-describe-threat-intelligence-briefing-agent.md)]

learn-pr/wwl-sci/security-copilot-describe-agents/4-describe-conditional-access-optimization-agent.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.security-copilot-describe-agents.describe-conditional-access-optimization-agent
-title: Describe
+title: Describe the Conditional Access Optimization Agent
 metadata:
-  title: Describe the Threat Intelligence Briefing Agent
-  description: Describe the Threat Intelligence Briefing Agent.
+  title: Describe the Conditional Access Optimization Agent
+  description: Describe the Conditional Access Optimization Agent.
   author: wwlpublish
   ms.author: ceperezb
   ms.date: 05/08/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot
-durationInMinutes: 1
+durationInMinutes: 6
 content: |
   [!include[](includes/4-describe-conditional-access-optimization-agent.md)]

learn-pr/wwl-sci/security-copilot-describe-agents/5-describe-phishing-triage-agent.yml

@@ -1,16 +1,16 @@
 ### YamlMime:ModuleUnit
 uid: learn.security-copilot-describe-agents.describe-phishing-triage-agent
-title: Describe
+title: Describe the Phishing Triage agent
 metadata:
-  title: Describe the Threat Intelligence Briefing Agent
-  description: Describe the Threat Intelligence Briefing Agent.
+  title: Describe the Phishing Triage agent
+  description: Describe the Phishing Triage agent.
   author: wwlpublish
   ms.author: ceperezb
   ms.date: 05/08/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot
-durationInMinutes: 1
+durationInMinutes: 4
 content: |
   [!include[](includes/5-describe-phishing-triage-agent.md)]
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/1-introduction.md

@@ -1,8 +1,11 @@
 Microsoft Security Copilot is a cutting-edge AI-driven platform designed to enhance security workflows by automating tasks and providing actionable insights, making it an essential tool for security engineers.
 
-Imagine you're a security engineer at a mid-sized financial institution. Your team is overwhelmed with the sheer volume of security alerts, phishing attempts, and identity access requests that need to be analyzed daily. Recently, a phishing attack slipped through the cracks, leading to a data breach that could have been prevented with better tools and processes. You’re tasked with finding a solution that not only streamlines your team’s workload but also improves the accuracy and speed of threat detection and response. This is where Microsoft Security Copilot comes in. By leveraging specialized agents like the Phishing Triage Agent and Conditional Access Optimization Agent, you can automate repetitive tasks, generate detailed threat intelligence reports, and optimize access policies—all while integrating seamlessly with tools like Microsoft Defender and Entra. These capabilities allow your team to focus on high-priority issues, reduce false positives, and strengthen your organization’s overall security posture.
+Imagine you're a security engineer at a mid-sized financial institution. Your team is overwhelmed with the sheer volume of security alerts, phishing attempts, and identity access requests that need to be analyzed daily. Recently, a phishing attack slipped through the cracks, leading to a data breach that could have been prevented with better tools and processes. You’re tasked with finding a solution that not only streamlines your team’s workload but also improves the accuracy and speed of threat detection and response. This is where Microsoft Security Copilot comes in. By using specialized agents like the Phishing Triage Agent and Conditional Access Optimization Agent, you can automate repetitive tasks, generate detailed threat intelligence reports, and optimize access policies—all while integrating seamlessly with tools like Microsoft Defender and Microsoft Entra. These capabilities allow your team to focus on high-priority issues, reduce false positives, and strengthen your organization’s overall security posture.
 
-In this module, you will get an introduction to some of the Microsoft Security Copilot agents, including the Threat Intelligence briefing agent, the Conditional Access Optimization agent, and the Phishing Triage agent.
+In this module, you get an introduction to some of the Microsoft Security Copilot agents, including the Threat Intelligence briefing agent, the Conditional Access Optimization agent, and the Phishing Triage agent.
+
+> [!NOTE]
+>This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Coplot, through both the standalone and embedded experience. Agents that are available through the embedded Copilot experience, are described in training that relates to the specific security solution in which it's embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution.  
 
 After completing this module, you’ll be able to:
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/2-describe-agents.md

@@ -20,7 +20,7 @@ To effectively use Security Copilot agents, it's essential to understand the ter
 
 ### Agents in Microsoft Security Copilot
 
- You can discover Microsoft Security Copilot agents through the standalone and embedded experiences. Copilot agents are also available from partners.
+You can discover Microsoft Security Copilot agents through the standalone and embedded experiences. Copilot agents are also available from partners.
 
 To access the full list of available agents, select Agents from the home menu. Copilot displays the list of available Microsoft and partner agents.
 
@@ -34,7 +34,7 @@ Security Copilot includes agents that are seamlessly integrated with Microsoft s
 - **Conditional Access Optimization Agent**: Embedded in Microsoft Entra, the  Conditional Access optimization agent ensures all users are protected by policy. It recommends policies and changes based on best practices aligned with Zero Trust and Microsoft's learnings. In preview, the agent evaluates policies requiring multifactor authentication (MFA), enforces device based controls (device compliance, app protection policies, and Domain Joined Devices), and blocks legacy authentication and device code flow.
 - **Phishing Triage Agent**: Embedded in Microsoft Defender, the Phishing Triage Agent helps security operations analysts to triage and classify user-submitted phishing incidents. The agent operates autonomously, provides a transparent rationale for its classification verdicts in natural language, and continuously learns and improves its accuracy based on feedback provided by analysts.
 
-This list isn't all-inclusive. More Microsoft agents are planned.
+This list is not all-inclusive.
 
 ### Partner agents
 
@@ -51,4 +51,4 @@ Helps organizations forecast and prioritize the most critical threat alerts to r
 - Privacy Breach Response Agent by OneTrust
 Analyzes data breaches to generate guidance for the privacy team on how to meet regulatory requirements.
 
-This list isn't all-inclusive. More partner agents
+This list is not all-inclusive.

learn-pr/wwl-sci/security-copilot-describe-agents/includes/3-describe-threat-intelligence-briefing-agent.md

@@ -5,7 +5,7 @@ The Threat Intelligence Briefing Agent addresses these challenges by applying dy
 
 ### Information about the agent and prerequisites
 
-The Threat Intelligence Briefing Agent is characterized as follows:
+The Threat Intelligence Briefing Agent, which is available through the standalone experience in Security Copilot, is characterized as follows:
 
 - **Trigger**: The agent can be triggered manually or set to run at scheduled intervals.
 - **Permissions**: This agent can read data from Defender External Attack Surface Management and Defender Vulnerability Management.

learn-pr/wwl-sci/security-copilot-describe-agents/includes/4-describe-conditional-access-optimization-agent.md

@@ -8,12 +8,12 @@ The Conditional Access optimization agent, a Security Copilot Agent embedded in
 
 ### Information about the agent and prerequisites
 
-The Conditional Access Optimization Agent is characterized as follows:
+The Conditional Access Optimization Agent, which is available in Microsoft Entra as part of the Copilot embedded experience, is characterized as follows:
 
 - **Trigger**: The agent runs every 24 hours but can also run manually.
 - **Permissions**: The agent reviews your policy configuration but acts only with your approval of the suggestions.
 - **Identity**: The agent runs in the context of the administrator who configured the agent.
-- **Products**: You must have Microsoft Entra Conditional Access (at least Microsoft Entra ID P1). Device-based controls in Conditional Access require Microsoft Intune licenses. You must also have Security Copilot available provisioned with security compute units (SCU). On average, each agent run consumes less than one SCU. 
+- **Products**: You must have Microsoft Entra Conditional Access (at least Microsoft Entra ID P1). Device-based controls in Conditional Access require Microsoft Intune licenses. You must also have Security Copilot available and provisioned with security compute units (SCU). On average, each agent run consumes less than one SCU. 
 - **Plugins**: The Microsoft Entra is mandatory.
 - **Role-based access**: You must be assigned the Security Administrator or Global Administrator role during the preview. These roles also have access to Security Copilot by default.
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/5-describe-phishing-triage-agent.md

@@ -13,7 +13,7 @@ The Phishing Triage Agent uses advanced large language model (LLM)-based analysi
 
 ### Information about the agent and prerequisites
 
-The Phishing Triage Agent is characterized as follows:
+The Phishing Triage Agent, which is available in Microsoft Defender XDR as part of the Copilot embedded experience, is characterized as follows:
 
 - **Trigger**: The agent is triggered when a user in your organization submits a phishing incident. The agent autonomously analyzes the submitted email to classify them as either phishing or not phishing based on its training and the context of the organization.
 - **Permissions**: This agent can read data from Defender XDR adn Microsoft Threat Intelligence.