fix blocking issues

Author: ceperezb

learn-pr/wwl-sci/security-copilot-describe-agents/includes/1-introduction.md

@@ -5,7 +5,7 @@ Imagine you're a security engineer at a mid-sized financial institution. Your te
 In this module, you get an introduction to some of the Microsoft Security Copilot agents, including the Threat Intelligence briefing agent, the Conditional Access Optimization agent, and the Phishing Triage agent.
 
 > [!NOTE]
->This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Coplot, through both the standalone and embedded experience. Agents that are available through the embedded Copilot experience, are described in training that relates to the specific security solution in which it's embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution.  
+>This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Coplot, through both the standalone and embedded experience. Agents that are available through the embedded Copilot experience, are described in training that relates to the specific security solution in which it's embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution. 
 
 After completing this module, you’ll be able to:
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/3-describe-threat-intelligence-briefing-agent.md

@@ -16,31 +16,31 @@ The Threat Intelligence Briefing Agent, which is available through the standalon
 
 ### Set up
 
-Follow these steps to configure the Threat Intelligence Briefing Agent:
+Follow these steps to configure the Threat Intelligence Briefing Agent, corresponding images are shown in the tabbed images that follow:
 
-1. Navigate to the **Agents** page in the Microsoft Security Copilot portal and select **View details** under the Threat Intelligence Briefing Agent.
-2. Review the agent details and select **Set up**.
-3. Connect a user account by selecting **Next** and choosing the appropriate account.
-4. Specify parameters to customize the output, such as:
+1. Agents - Navigate to the **Agents** page in the Microsoft Security Copilot portal and select **View details** under the Threat Intelligence Briefing Agent.
+2. Details page - Review the agent details and select **Set up**.
+3. Set up - Connect a user account by selecting **Next** and choosing the appropriate account.
+4. Parameters - Specify parameters to customize the output, such as:
    - Number of insights to research.
    - Look-back period for threats.
    - Email address for report delivery.
    - Geographical region and industry scope.0
-5. After setup, access the agent overview page to run the agent manually or schedule it to run automatically.
+5. Run - After setup, access the agent overview page to run the agent manually or schedule it to run automatically.
 
-# [Step 1 - Agents](#tab/agents)
+# [Agents](#tab/agents)
 :::image type="content" source="../media/agents-copilot-v2.png" lightbox="../media/agents-copilot-v2.png" alt-text="Screen capture showing the navigation flow to access the Agents page in Microsoft Security Copilot. ":::
 
-# [Step 2 - Details page](#tab/details-page)
+# [Details page](#tab/details-page)
 :::image type="content" source="../media/threat-intelligence-agent-view-details.png" lightbox="../media/threat-intelligence-agent-view-details.png" alt-text="Screenshot of Threat Intelligence Briefing Agent details page.":::
 
-# [Step 3 - Set up](#tab/set-up-agent)
-:::image type="content" source="../media/threat-intelligence-agent-setup1.png" lightbox="../media/threat-intelligence-agent-setup1.png"alt-text="Screenshot of Threat Intelligence Briefing Agent set up page that provides information on the permissions and identity needed to run the agent.":::
+# [Set up](#tab/set-up-agent)
+:::image type="content" source="../media/threat-intelligence-agent-setup-1.png" lightbox="../media/threat-intelligence-agent-setup-1.png"alt-text="Screenshot of Threat Intelligence Briefing Agent set up page that provides information on the permissions and identity needed to run the agent.":::
 
-# [Step 4 - Parameters](#tab/parameters)
-:::image type="content" source="../media/threat-intelligence-agent-setup2.png" lightbox="../media/threat-intelligence-agent-setup2.png" alt-text="Screenshot of Threat Intelligence Briefing Agent set up parameters page.":::
+# [Parameters](#tab/parameters)
+:::image type="content" source="../media/threat-intelligence-agent-setup-2.png" lightbox="../media/threat-intelligence-agent-setup-2.png" alt-text="Screenshot of Threat Intelligence Briefing Agent set up parameters page.":::
 
-# [Step 5 - Run](#tab/run)
+# [Run](#tab/run)
 :::image type="content" source="../media/threat-intelligence-agent-first-run.png" lightbox="../media/threat-intelligence-agent-first-run.png" alt-text="Screenshot of Threat Intelligence Briefing Agent overview page.":::
 
 ---
@@ -62,7 +62,7 @@ Select a report to assess its content and view the agent’s progress by clickin
 :::image type="content" source="../media/threat-intelligence-agent-report.png" lightbox="../media/threat-intelligence-agent-report.png" alt-text="Screenshot of a Threat Intelligence Briefing Agent report.":::
 
 # [Activity](#tab/activity)
-:::image type="content" source="../media/threat-intelligence-agent-activity2.png" lightbox="../media/threat-intelligence-agent-activity2.png" alt-text="Screenshot of a Threat Intelligence Briefing Agent activity diagram.":::
+:::image type="content" source="../media/threat-intelligence-agent-activity-2.png" lightbox="../media/threat-intelligence-agent-activity-2.png" alt-text="Screenshot of a Threat Intelligence Briefing Agent activity diagram.":::
 
 ---
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/4-describe-conditional-access-optimization-agent.md

@@ -21,24 +21,27 @@ The Conditional Access Optimization Agent, which is available in Microsoft Entra
 
 Follow these steps to configure and run the Conditional Access optimization agent:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) with at least a Security Administrator role.
-1. From the home page, select **Go to agents** from the agent notification card.
-1. Select **View details** and under the Conditional Access Optimization Agent, then select **Start agent** to being your first run.
-1. When the agent overview page loads, you see most recent and next scheduled runtimes, performance highlights, recent suggestions, and recent activity.
-1. Selecting a suggestion takes you to the policy details page where you can view the agent summary, user impact, policy details, make edits, and more. 
+1. Go to agents - Once you sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) with at least a Security Administrator role, from the Microsoft Entra home page, select **Go to agents** from the agent notification card.
+1. Available agents - The Security Copilot agents page, shows tiles for the available agents. The page currently only shows the Conditional Access Optimization Agent, but more agents are coming soon.
+1. Start Agent - In the Conditional Access Optimization Agent tile, select **View details**. If you have not previously run the agent, you'll see the option to **Star agent** to begin the agent's first run.
+1. Overview page - If you have previously run the agent, selecting view details, brings you to the Overview page. The Overview page shows you see most recent and next scheduled runtimes, performance highlights, recent suggestions, and recent activity.
+1. Policy details - Selecting a suggestion takes you to the policy details page where you can view the agent summary, user impact, policy details, make edits, and more.
    1. Newly created policies are created in report-only mode. As a best practice organizations should exclude their break-glass accounts from policy to avoid being locked out due to misconfiguration.
    1. After administrators evaluate the policy settings using policy impact or report-only mode, they can move the Enable policy toggle from Report-only to On. Policies created by the agent are tagged with Conditional Access Optimization Agent in the Conditional Access policies pane.
 
-# [Step 2 - Go to agents](#tab/go-to-agents)
-:::image type="content" source="../media/conditional-access-agent-home-page.png" lightbox="../media/conditional-access-agent-home-page.png" alt-text="Screenshot showing the Microsoft Entra home page with the Copilot agent tile.":::
+# [Go to agents](#tab/go-to-agents)
+:::image type="content" source="../media/conditional-access-agent-home-page.png" lightbox="../media/conditional-access-agent-home-page.png" alt-text="Screenshot of the Microsoft Entra home page that includes the agent notification tile.":::
 
-# [Step 3 - Agent details](#tab/agent-details)
-:::image type="content" source="../media/conditional-access-agent-view-details.png" lightbox="../media/conditional-access-agent-view-details.png" alt-text="Screenshot showing the Conditional Access Optimization Agent details page.":::
+# [Available agents](#tab/available-agents)
+:::image type="content" source="../media/conditional-access-agent-tile.png" lightbox="../media/conditional-access-agent-tile.png" alt-text="Screenshot of the Security Copilot agents page showing that lists available agents.":::
 
-# [Step 4 - Overview](#tab/overview)
-:::image type="content" source="../media/conditional-access-agent-overview-page.png" lightbox="../media/conditional-access-agent-overview-page.png" alt-text="Screenshot showing the Conditional Access Optimization Agent overview page showing the most recent and next scheduled runtimes, performance highlights, recent suggestions, and recent activity.":::
+# [Start agent](#tab/start-agent)
+:::image type="content" source="../media/conditional-access-agent-view-details.png" lightbox="../media/conditional-access-agent-view-details.png" alt-text="Screenshot showing the Conditional Access Optimization Agent details page. From here, you can select start if you haven't previously run the agent.":::
 
-# [Step 5 - Policy details](#tab/policy-details)
+# [Overview page](#tab/overview-page)
+:::image type="content" source="../media/conditional-access-agent-overview-page-v2.png" lightbox="../media/conditional-access-agent-overview-page-v2.png" alt-text="Screenshot showing the Conditional Access Optimization Agent overview page showing the most recent and next scheduled runtimes, performance highlights, recent suggestions, and recent activity.":::
+
+# [Policy details](#tab/policy-details)
 :::image type="content" source="../media/conditional-access-agent-policy-details-page.png" lightbox="../media/conditional-access-agent-policy-details-page.png" alt-text="Screenshot showing the Conditional Access Optimization Agent policy details page.":::
 
 ---
@@ -49,7 +52,7 @@ The agent is configured to run every 24 hours based on when it's initially confi
 
 Use the checkboxes under Objects to specify what the agent should monitor when making policy recommendations. By default the agent looks for both new users and applications in your tenant over the previous 24 hour period.
 
-The agent runs under the Identity and permissions of the user who enabled the agent in your tenant. Because of this requirement you should avoid using an account that requires elevation like those that use PIM for just-in-time elevation.
+The agent runs under the Identity and permissions of the user who enabled the agent in your tenant. Because of this requirement, you should avoid using an account that requires elevation like those that use Privileged Identity Management (PIM) for just-in-time elevation.
 
 You can tailor policy to your needs using the optional Custom Instructions field. This allows you to provide a prompt to the agent as part of its execution. For example: "The user "Break Glass" should be excluded from policies created." When you save the custom instruction prompt Security Copilot will attempt to interpret and the results appear in the settings page.
 

learn-pr/wwl-sci/security-copilot-describe-agents/includes/5-describe-phishing-triage-agent.md

@@ -16,9 +16,9 @@ The Phishing Triage Agent uses advanced large language model (LLM)-based analysi
 The Phishing Triage Agent, which is available in Microsoft Defender XDR as part of the Copilot embedded experience, is characterized as follows:
 
 - **Trigger**: The agent is triggered when a user in your organization submits a phishing incident. The agent autonomously analyzes the submitted email to classify them as either phishing or not phishing based on its training and the context of the organization.
-- **Permissions**: This agent can read data from Defender XDR adn Microsoft Threat Intelligence.
+- **Permissions**: This agent can read data from Defender XDR and Microsoft Threat Intelligence.
 - **Identity**: Connection to an existing user account.
-- **Products**: Microsoft Defender for Office 365 Plan 2 and Microsoft Security Copilot with provisioned capacity is necessary to run the agent.  The following Microsoft Defender capabilities are required:
+- **Products**: Microsoft Defender for Office 365 Plan 2 and Microsoft Security Copilot with provisioned capacity is necessary to run the agent. The following Microsoft Defender capabilities are required:
   - Unified role-based access control (URBAC) must be enabled for managing permissions.
   - The *Monitor reported messages in Outlook* must be enabled in the User reported settings page.
   - Enable the "Email reported by user as malware or phish" alert policy.

learn-pr/wwl-sci/security-copilot-describe-agents/includes/7-summary.md

@@ -1,17 +1,17 @@
-In this module, we addressed the challenge of optimizing security workflows and automating repetitive tasks for security engineers. We explored how Microsoft Security Copilot and its specialized agents streamline processes like threat analysis, phishing triage, identity management, and conditional access optimization. By leveraging AI-driven tools and seamless integration with Microsoft Defender and Entra, we demonstrated how these agents enhance efficiency and decision-making in security operations.
+In this module, we addressed the challenge of optimizing security workflows and automating repetitive tasks for security engineers. We explored how Microsoft Security Copilot and its specialized agents streamline processes like threat analysis, phishing triage, identity management, and conditional access optimization. By using AI-driven tools and seamless integration with Microsoft Defender and Microsoft Entra, we demonstrated how these agents enhance efficiency and decision-making in security operations.
 
-The techniques learned in this module offer significant advantages, including time savings, improved threat detection, and actionable insights tailored to organizational needs. These capabilities empower security engineers to focus on critical tasks while reducing manual effort and minimizing errors. The business impact includes enhanced security posture, better collaboration across IT workflows, and alignment with Zero Trust principles, ensuring robust protection against evolving threats.
+The techniques learned in this module offer significant advantages including time savings, improved threat detection, and actionable insights tailored to organizational needs. These capabilities empower security engineers to focus on critical tasks while reducing manual effort and minimizing errors. The business impact includes enhanced security posture, better collaboration across IT workflows, and alignment with Zero Trust principles, ensuring robust protection against evolving threats.
 
 In this module, you learned about the key functionalities of Microsoft Security Copilot agents, including the Conditional Access Optimization Agent, Phishing Triage Agent, and Threat Intelligence Briefing Agent. You explored how these agents automate tasks like phishing classification, threat intelligence reporting, and identity risk mitigation through optimization of conditional access policies.
 
-After completing this module, you are able to:
+After completing this module, you're able to:
 
 - Describe the role and functionality of Microsoft Security Copilot agents in automating security workflows.
 - Describe the Threat Intelligence Briefing Agent.
 - Describe the Conditional Access Optimization Agent.
 - Describe the Phishing Triage agent.
 
-Additional Reading:  
+More Reading:  
 - [Microsoft Security Copilot agents](/copilot/security/agents-security-copilot)
 - [Microsoft Security Copilot agents overview](/copilot/security/agents-overview)
 - [Microsoft Security Copilot Agents in Microsoft Defender](/defender-xdr/security-copilot-agents-defender)