From 15ba2a8464cdc4d9de07a5d6f1c3de8ca39191bf Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 10 Jul 2024 07:34:35 -0400 Subject: [PATCH 01/14] Windows 11 ui update --- .../configuration/start/includes/hide-lock.md | 2 +- .../configuration/start/policy-settings.md | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/windows/configuration/start/includes/hide-lock.md b/windows/configuration/start/includes/hide-lock.md index e43dff0cfa..52a8be809e 100644 --- a/windows/configuration/start/includes/hide-lock.md +++ b/windows/configuration/start/includes/hide-lock.md @@ -9,5 +9,5 @@ ms.topic: include | | Path | |--|--| -| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideSignOut](/windows/client-management/mdm/policy-csp-start#hidelock) | +| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideLock](/windows/client-management/mdm/policy-csp-start#hidelock) | | **GPO** | Not available. | diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md index 9dd5437ffc..4000e5d049 100644 --- a/windows/configuration/start/policy-settings.md +++ b/windows/configuration/start/policy-settings.md @@ -132,6 +132,16 @@ Select one of the tabs to see the list of available settings: #### [:::image type="icon" source="../images/icons/user.svg"::: **Account options**](#tab/user) +::: zone pivot="windows-11" +|Policy name| CSP | GPO | +|-|-|-| +|[Hide **Change account settings**](#hide-change-account-settings)|✅|❌| +|[Hide **Sign out**](#hide-sign-out)|✅|✅| +|[Hide **Switch account**](#hide-switch-account)|✅|❌| +|[Hide user tile](#hide-user-tile)|✅|❌| +::: zone-end + +::: zone pivot="windows-10" |Policy name| CSP | GPO | |-|-|-| |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌| @@ -139,9 +149,14 @@ Select one of the tabs to see the list of available settings: |[Hide **Sign out**](#hide-sign-out)|✅|✅| |[Hide **Switch account**](#hide-switch-account)|✅|❌| |[Hide user tile](#hide-user-tile)|✅|❌| +::: zone-end [!INCLUDE [hide-change-account-settings](includes/hide-change-account-settings.md)] + +::: zone pivot="windows-10" [!INCLUDE [hide-lock](includes/hide-lock.md)] +::: zone-end + [!INCLUDE [hide-signout](includes/hide-signout.md)] [!INCLUDE [hide-switch-user](includes/hide-switch-account.md)] [!INCLUDE [hide-switch-user](includes/hide-user-tile.md)] @@ -174,6 +189,21 @@ Select one of the tabs to see the list of available settings: #### [:::image type="icon" source="../images/icons/power.svg"::: **Power options**](#tab/power) + +::: zone pivot="windows-11" +|Policy name| CSP | GPO | +|-|-|-| +|[Hide **Hibernate** ](#hide-hibernate)|✅|❌| +|[Hide **Lock**](#hide-lock)|✅|❌| +|[Hide **Power** button](#hide-power-button)|✅|❌| +|[Hide **Restart**](#hide-restart)|✅|❌| +|[Hide **Shut down**](#hide-shut-down)|✅|❌| +|[Hide **Sleep**](#hide-sleep)|✅|❌| +|[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅| +::: zone-end + +::: zone pivot="windows-10" + |Policy name| CSP | GPO | |-|-|-| |[Hide **Hibernate** ](#hide-hibernate)|✅|❌| @@ -183,7 +213,12 @@ Select one of the tabs to see the list of available settings: |[Hide **Sleep**](#hide-sleep)|✅|❌| |[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅| +::: zone-end + [!INCLUDE [hide-hibernate](includes/hide-hibernate.md)] +::: zone pivot="windows-11" +[!INCLUDE [hide-lock](includes/hide-lock.md)] +::: zone-end [!INCLUDE [hide-power-button](includes/hide-power-button.md)] [!INCLUDE [hide-restart](includes/hide-restart.md)] [!INCLUDE [hide-shut-down](includes/hide-shut-down.md)] From 52ac86059f6d975c533da6f7c3723cb9e4fd3da6 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 10 Jul 2024 07:34:59 -0400 Subject: [PATCH 02/14] date update --- windows/configuration/start/policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md index 4000e5d049..b9a8351ca5 100644 --- a/windows/configuration/start/policy-settings.md +++ b/windows/configuration/start/policy-settings.md @@ -2,7 +2,7 @@ title: Start policy settings description: Learn about the policy settings to configure the Windows Start menu. ms.topic: reference -ms.date: 04/10/2024 +ms.date: 07/10/2024 appliesto: zone_pivot_groups: windows-versions-11-10 --- From fb135f390739b2e68b904006018be7e6954f9e7d Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:01:17 -0400 Subject: [PATCH 03/14] updates --- ...ide-entry-points-for-fast-user-switching.md | 18 ++++++++++++++++++ windows/configuration/start/policy-settings.md | 6 +++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md new file mode 100644 index 0000000000..32369ab006 --- /dev/null +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -0,0 +1,18 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 07/11/2024 +ms.topic: include +--- + +### Hide entry points for Fast User Switching + +With this policy setting you can hide the **Switch User** interface in the Logon UI, the Start menu and the Task Manager: + +- If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied +- If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations + +| | Path | +|--|--| +| **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) | +| **GPO** | **User Configuration** > **Administrative Templates** > **Logon** > **Hide entry points for Fast User Switching** | diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md index b9a8351ca5..7a84522c4a 100644 --- a/windows/configuration/start/policy-settings.md +++ b/windows/configuration/start/policy-settings.md @@ -148,6 +148,7 @@ Select one of the tabs to see the list of available settings: |[Hide **Lock**](#hide-lock)|✅|❌| |[Hide **Sign out**](#hide-sign-out)|✅|✅| |[Hide **Switch account**](#hide-switch-account)|✅|❌| +|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅| |[Hide user tile](#hide-user-tile)|✅|❌| ::: zone-end @@ -159,7 +160,10 @@ Select one of the tabs to see the list of available settings: [!INCLUDE [hide-signout](includes/hide-signout.md)] [!INCLUDE [hide-switch-user](includes/hide-switch-account.md)] -[!INCLUDE [hide-switch-user](includes/hide-user-tile.md)] +::: zone pivot="windows-10" +[!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)] +::: zone-end +[!INCLUDE [hide-user-tile](includes/hide-user-tile.md)] #### [:::image type="icon" source="../images/icons/folder.svg"::: **Pinned folders**](#tab/folders) From abd0adf750c465154092a350ac03994f606dbce4 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:09:31 -0400 Subject: [PATCH 04/14] chore: Update wording in hide-entry-points-for-fast-user-switching.md --- .../includes/hide-entry-points-for-fast-user-switching.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index 32369ab006..720fd5d721 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -7,10 +7,10 @@ ms.topic: include ### Hide entry points for Fast User Switching -With this policy setting you can hide the **Switch User** interface in the Logon UI, the Start menu and the Task Manager: +With this policy setting you can hide the **Switch User** interface from the sign in screen, the Start menu, and the Task Manager: -- If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied -- If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations +- If enabled, the **Switch User** option is hidden +- If disabled or not configured, the **Switch User** option is available to the user in the three locations | | Path | |--|--| From 91ae797ae8c766f1ab0e3f51f28a8dc992147f9e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 11 Jul 2024 13:45:28 -0400 Subject: [PATCH 05/14] chore: Update wording in hide-entry-points-for-fast-user-switching.md --- .../includes/hide-entry-points-for-fast-user-switching.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index 720fd5d721..807451ecc4 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -10,9 +10,11 @@ ms.topic: include With this policy setting you can hide the **Switch User** interface from the sign in screen, the Start menu, and the Task Manager: - If enabled, the **Switch User** option is hidden -- If disabled or not configured, the **Switch User** option is available to the user in the three locations +- If disabled or not configured, the **Switch User** option is available to the user in the sign in screen, the Start menu, and the Task Manager | | Path | |--|--| | **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) | | **GPO** | **User Configuration** > **Administrative Templates** > **Logon** > **Hide entry points for Fast User Switching** | + +To learn more, see [Fast User Switching](/windows/win32/shell/fast-user-switching). From 730760c67cc48be893f6bfa7e1e2ca89b3ced41e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:21:55 -0400 Subject: [PATCH 06/14] update --- .../includes/hide-entry-points-for-fast-user-switching.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index 807451ecc4..412516a39f 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -7,10 +7,10 @@ ms.topic: include ### Hide entry points for Fast User Switching -With this policy setting you can hide the **Switch User** interface from the sign in screen, the Start menu, and the Task Manager: +With this policy setting you can hide the list of user accounts from the sign in screen, the Start menu, and the Task Manager: -- If enabled, the **Switch User** option is hidden -- If disabled or not configured, the **Switch User** option is available to the user in the sign in screen, the Start menu, and the Task Manager +- If enabled, the list of signed in users is hidden +- If disabled or not configured, the list of currently signed in users is available in the sign in screen, the Start menu, and the Task Manager | | Path | |--|--| From 3103b7c5beca03e347afd82b52cde2a1b9142e1f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:50:44 -0400 Subject: [PATCH 07/14] chore: Update wording in hide-entry-points-for-fast-user-switching.md --- .../includes/hide-entry-points-for-fast-user-switching.md | 8 ++++---- .../{hide-switch-account.md => hide-switch-user.md} | 7 ++++++- windows/configuration/start/policy-settings.md | 6 +++--- 3 files changed, 13 insertions(+), 8 deletions(-) rename windows/configuration/start/includes/{hide-switch-account.md => hide-switch-user.md} (53%) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index 412516a39f..7510bc272f 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -7,14 +7,14 @@ ms.topic: include ### Hide entry points for Fast User Switching -With this policy setting you can hide the list of user accounts from the sign in screen, the Start menu, and the Task Manager: +With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature. -- If enabled, the list of signed in users is hidden -- If disabled or not configured, the list of currently signed in users is available in the sign in screen, the Start menu, and the Task Manager +- If enabled, only one user can sign in at a time. The list of local users and currently signed in users is hidden from the sign in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first +- If disabled or not configured, multiple users can sign in at the same time. The list of local users and currently signed in users is available in the sign in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in | | Path | |--|--| | **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) | -| **GPO** | **User Configuration** > **Administrative Templates** > **Logon** > **Hide entry points for Fast User Switching** | +| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **Logon** > **Hide entry points for Fast User Switching** | To learn more, see [Fast User Switching](/windows/win32/shell/fast-user-switching). diff --git a/windows/configuration/start/includes/hide-switch-account.md b/windows/configuration/start/includes/hide-switch-user.md similarity index 53% rename from windows/configuration/start/includes/hide-switch-account.md rename to windows/configuration/start/includes/hide-switch-user.md index 5bbe1c5e7a..49188235e2 100644 --- a/windows/configuration/start/includes/hide-switch-account.md +++ b/windows/configuration/start/includes/hide-switch-user.md @@ -5,7 +5,12 @@ ms.date: 04/10/2024 ms.topic: include --- -### Hide Switch account +### Hide Switch user + +With this policy setting you can hide the **Switch user** option from the user tile in the start menu: + +- If enabled, the **Switch user** option is hidden +- If disabled or not configured, the **Switch user** option is available | | Path | |--|--| diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md index 7a84522c4a..fb6ea5fa62 100644 --- a/windows/configuration/start/policy-settings.md +++ b/windows/configuration/start/policy-settings.md @@ -137,7 +137,7 @@ Select one of the tabs to see the list of available settings: |-|-|-| |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌| |[Hide **Sign out**](#hide-sign-out)|✅|✅| -|[Hide **Switch account**](#hide-switch-account)|✅|❌| +|[Hide **Switch user**](#hide-switch-user)|✅|❌| |[Hide user tile](#hide-user-tile)|✅|❌| ::: zone-end @@ -147,7 +147,7 @@ Select one of the tabs to see the list of available settings: |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌| |[Hide **Lock**](#hide-lock)|✅|❌| |[Hide **Sign out**](#hide-sign-out)|✅|✅| -|[Hide **Switch account**](#hide-switch-account)|✅|❌| +|[Hide **Switch user**](#hide-switch-user)|✅|❌| |[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅| |[Hide user tile](#hide-user-tile)|✅|❌| ::: zone-end @@ -159,7 +159,7 @@ Select one of the tabs to see the list of available settings: ::: zone-end [!INCLUDE [hide-signout](includes/hide-signout.md)] -[!INCLUDE [hide-switch-user](includes/hide-switch-account.md)] +[!INCLUDE [hide-switch-user](includes/hide-switch-user.md)] ::: zone pivot="windows-10" [!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)] ::: zone-end From 767d4a34f13c414fd7aa92f720f99a3632c87c6a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:53:08 -0400 Subject: [PATCH 08/14] chore: Hide entry points for Fast User Switching --- windows/configuration/start/policy-settings.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md index fb6ea5fa62..5d0b4b6bf0 100644 --- a/windows/configuration/start/policy-settings.md +++ b/windows/configuration/start/policy-settings.md @@ -138,6 +138,7 @@ Select one of the tabs to see the list of available settings: |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌| |[Hide **Sign out**](#hide-sign-out)|✅|✅| |[Hide **Switch user**](#hide-switch-user)|✅|❌| +|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅| |[Hide user tile](#hide-user-tile)|✅|❌| ::: zone-end @@ -160,9 +161,7 @@ Select one of the tabs to see the list of available settings: [!INCLUDE [hide-signout](includes/hide-signout.md)] [!INCLUDE [hide-switch-user](includes/hide-switch-user.md)] -::: zone pivot="windows-10" [!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)] -::: zone-end [!INCLUDE [hide-user-tile](includes/hide-user-tile.md)] #### [:::image type="icon" source="../images/icons/folder.svg"::: **Pinned folders**](#tab/folders) From 2301d4f39056d57360ae8ce0083081874d41a5ee Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 15 Jul 2024 17:44:46 -0400 Subject: [PATCH 09/14] Update Fast User Switching entry points description --- .../includes/hide-entry-points-for-fast-user-switching.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index 7510bc272f..ec07566ed5 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -9,8 +9,8 @@ ms.topic: include With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature. -- If enabled, only one user can sign in at a time. The list of local users and currently signed in users is hidden from the sign in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first -- If disabled or not configured, multiple users can sign in at the same time. The list of local users and currently signed in users is available in the sign in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in +- If enabled, only one user can sign in at a time. The Fast User Switching entry points are hidden from the sign-in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first +- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are availabe from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in | | Path | |--|--| From 5cb22dcc7a2ab5b14bd7ca11517d0067678e47fb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 22 Jul 2024 12:37:55 -0400 Subject: [PATCH 10/14] Update Universal Print data handling link --- .../book/cloud-services-protect-your-work-information.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md index 789ac396b8..97aafdbec1 100644 --- a/windows/security/book/cloud-services-protect-your-work-information.md +++ b/windows/security/book/cloud-services-protect-your-work-information.md @@ -232,7 +232,7 @@ Universal Print has integrated with Administrative Units in Microsoft Entra ID t :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** - [Universal Print](https://www.microsoft.com/microsoft-365/windows/universal-print) -- [Data storage in Universal Print](/universal-print/fundamentals/universal-print-encryption) +- [Data handling in Universal Print](/universal-print/data-handling) - [Delegate Printer Administration with Administrative Units](/universal-print/portal/delegated-admin) For customers who want to stay on Print Servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM. From e403e0bd0e351f63f9a83a993e03a5f22b72eb01 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:50:07 -0400 Subject: [PATCH 11/14] Update Windows security introduction --- windows/security/introduction.md | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/windows/security/introduction.md b/windows/security/introduction.md index 073a4309b9..53edc2cc2c 100644 --- a/windows/security/introduction.md +++ b/windows/security/introduction.md @@ -1,24 +1,17 @@ --- title: Introduction to Windows security description: System security book. -ms.date: 09/01/2023 -ms.topic: tutorial +ms.date: 07/22/2024 +ms.topic: overview ms.author: paoloma -ms.collection: - - essentials-security -content_well_notification: - - AI-contribution author: paolomatarazzo -appliesto: - - ✅ Windows 11 -ai-usage: ai-assisted --- # Introduction to Windows security The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks. -Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud. +Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud. ## How Windows 11 enables Zero Trust protection @@ -44,11 +37,11 @@ In Windows 11, hardware and software work together to protect the operating syst To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need. -In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone. +In Windows 11, [Microsoft Defender Application Guard](application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone. ### Secured identities -Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication. +Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) and [passkeys](identity-protection/passkeys/index.md) for passwordless authentication. ### Connecting to cloud services @@ -58,4 +51,4 @@ Microsoft offers comprehensive cloud services for identity, storage, and access To learn more about the security features included in Windows 11, read the [Windows 11 Security Book](book/index.md). - + From e2e86743558a5a846d2cfc68d77a2ca735d38b92 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:53:53 -0400 Subject: [PATCH 12/14] Update Windows 11 version in education/windows/index.yml and fix date in windows/security/operating-system-security/data-protection/encrypted-hard-drive.md --- education/windows/index.yml | 6 +++--- .../data-protection/encrypted-hard-drive.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/education/windows/index.yml b/education/windows/index.yml index 0cd20e659d..1c2008d3c9 100644 --- a/education/windows/index.yml +++ b/education/windows/index.yml @@ -12,16 +12,16 @@ metadata: author: paolomatarazzo ms.author: paoloma manager: aaroncz - ms.date: 10/30/2023 + ms.date: 07/22/2024 highlightedContent: items: - title: Get started with Windows 11 SE itemType: get-started url: windows-11-se-overview.md - - title: Windows 11, version 22H2 + - title: Windows 11, version 23H2 itemType: whats-new - url: /windows/whats-new/whats-new-windows-11-version-22H2 + url: /windows/whats-new/whats-new-windows-11-version-23h2 - title: Explore all Windows trainings and learning paths for IT pros itemType: learn url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md index 368b0d1c10..61a6b9a820 100644 --- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md +++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md @@ -1,7 +1,7 @@ --- title: Encrypted hard drives description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management. -ms.date: 10/18/2023 +ms.date: 07/22/2024 ms.topic: concept-article --- @@ -75,7 +75,7 @@ To configure encrypted hard drives as startup drives, use the same methods as st There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: -- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives) +- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives) - [Configure use of hardware-based encryption for removable data drives](bitlocker/configure.md?tabs=removable#configure-use-of-hardware-based-encryption-for-removable-data-drives) - [Configure use of hardware-based encryption for operating system drives](bitlocker/configure.md?tabs=os#configure-use-of-hardware-based-encryption-for-operating-system-drives) From 883b3902f6ae9db6fc4c7bd0f504a780dce3dd29 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:55:25 -0400 Subject: [PATCH 13/14] Update education index.yml with new date --- education/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/index.yml b/education/index.yml index adc8d30041..1da8d77fdb 100644 --- a/education/index.yml +++ b/education/index.yml @@ -8,7 +8,7 @@ metadata: title: Microsoft 365 Education Documentation description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. ms.topic: hub-page - ms.date: 11/06/2023 + ms.date: 07/22/2024 productDirectory: title: For IT admins From a9450b5e08bd7fe2b68ce449e1dd4d68ee22b452 Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 23 Jul 2024 17:54:26 +0530 Subject: [PATCH 14/14] Pencil edit --- .../start/includes/hide-entry-points-for-fast-user-switching.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md index ec07566ed5..a914eb1c31 100644 --- a/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md +++ b/windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md @@ -10,7 +10,7 @@ ms.topic: include With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature. - If enabled, only one user can sign in at a time. The Fast User Switching entry points are hidden from the sign-in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first -- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are availabe from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in +- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are available from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in | | Path | |--|--|