From 2d3bb237cd5178605cebea11ffd30b6be0ccbd85 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 1 Aug 2018 14:16:39 -0700 Subject: [PATCH 1/3] moved topics to info --- .openpublishing.redirection.json | 31 ++++++++++-------- .../encrypted-hard-drive.md | 0 .../dn168167.boot_process(en-us,MSDN.10).png | Bin .../dn168167.measure_boot(en-us,MSDN.10).png | Bin .../secure-the-windows-10-boot-process.md | 0 ...ackup-tpm-recovery-information-to-ad-ds.md | 0 .../tpm/change-the-tpm-owner-password.md | 0 .../tpm/how-windows-uses-the-tpm.md | 0 ...t-software-and-configuration-using-tpm.png | Bin .../tpm/images/tpm-capabilities.png | Bin ...lize-and-configure-ownership-of-the-tpm.md | 0 .../tpm/manage-tpm-commands.md | 0 .../tpm/manage-tpm-lockout.md | 0 .../switch-pcr-banks-on-tpm-2-0-devices.md | 0 .../tpm/tpm-fundamentals.md | 0 .../tpm/tpm-recommendations.md | 0 .../tpm/trusted-platform-module-overview.md | 0 ...m-module-services-group-policy-settings.md | 0 .../tpm/trusted-platform-module-top-node.md | 0 19 files changed, 18 insertions(+), 13 deletions(-) rename windows/security/{identity-protection => information-protection}/encrypted-hard-drive.md (100%) rename windows/security/{identity-protection => information-protection}/images/dn168167.boot_process(en-us,MSDN.10).png (100%) rename windows/security/{identity-protection => information-protection}/images/dn168167.measure_boot(en-us,MSDN.10).png (100%) rename windows/security/{identity-protection => information-protection}/secure-the-windows-10-boot-process.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/backup-tpm-recovery-information-to-ad-ds.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/change-the-tpm-owner-password.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/how-windows-uses-the-tpm.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png (100%) rename windows/security/{identity-protection => information-protection}/tpm/images/tpm-capabilities.png (100%) rename windows/security/{identity-protection => information-protection}/tpm/initialize-and-configure-ownership-of-the-tpm.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/manage-tpm-commands.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/manage-tpm-lockout.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/switch-pcr-banks-on-tpm-2-0-devices.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/tpm-fundamentals.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/tpm-recommendations.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/trusted-platform-module-overview.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/trusted-platform-module-services-group-policy-settings.md (100%) rename windows/security/{identity-protection => information-protection}/tpm/trusted-platform-module-top-node.md (100%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 31b8576dbe..50e104e045 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -17,67 +17,72 @@ }, { "source_path": "windows/security/hardware-protection/encrypted-hard-drive.md", -"redirect_url": "/windows/security/identity-protection/encrypted-hard-drived", +"redirect_url": "/windows/security/information-protection/encrypted-hard-drive", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md", +"redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md", -"redirect_url": "/windows/security/identity-protection/tpm/backup-tpm-recovery-information-to-ad-ds", +"redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md", -"redirect_url": "/windows/security/identity-protection/tpm/change-the-tpm-owner-password", +"redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md", -"redirect_url": "/windows/security/identity-protection/tpm/how-windows-uses-the-tpm", +"redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md", -"redirect_url": "/windows/security/identity-protection/tpm/initialize-and-configure-ownership-of-the-tpm", +"redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md", -"redirect_url": "/windows/security/identity-protection/tpm/manage-tpm-commands", +"redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md", -"redirect_url": "/windows/security/identity-protection/tpm/manage-tpm-lockout", +"redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md", -"redirect_url": "/windows/security/identity-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices", +"redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md", -"redirect_url": "/windows/security/identity-protection/tpm/tpm-fundamentals", +"redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md", -"redirect_url": "/windows/security/identity-protection/tpm/tpm-recommendations", +"redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md", -"redirect_url": "/windows/security/identity-protection/tpm/trusted-platform-module-overview", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md", -"redirect_url": "/windows/security/identity-protection/tpm/trusted-platform-module-services-group-policy-settings", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings", "redirect_document_id": true }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md", -"redirect_url": "/windows/security/identity-protection/tpm/trusted-platform-module-top-node", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-top-node", "redirect_document_id": true }, { diff --git a/windows/security/identity-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md similarity index 100% rename from windows/security/identity-protection/encrypted-hard-drive.md rename to windows/security/information-protection/encrypted-hard-drive.md diff --git a/windows/security/identity-protection/images/dn168167.boot_process(en-us,MSDN.10).png b/windows/security/information-protection/images/dn168167.boot_process(en-us,MSDN.10).png similarity index 100% rename from windows/security/identity-protection/images/dn168167.boot_process(en-us,MSDN.10).png rename to windows/security/information-protection/images/dn168167.boot_process(en-us,MSDN.10).png diff --git a/windows/security/identity-protection/images/dn168167.measure_boot(en-us,MSDN.10).png b/windows/security/information-protection/images/dn168167.measure_boot(en-us,MSDN.10).png similarity index 100% rename from windows/security/identity-protection/images/dn168167.measure_boot(en-us,MSDN.10).png rename to windows/security/information-protection/images/dn168167.measure_boot(en-us,MSDN.10).png diff --git a/windows/security/identity-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md similarity index 100% rename from windows/security/identity-protection/secure-the-windows-10-boot-process.md rename to windows/security/information-protection/secure-the-windows-10-boot-process.md diff --git a/windows/security/identity-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md similarity index 100% rename from windows/security/identity-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md rename to windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md diff --git a/windows/security/identity-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md similarity index 100% rename from windows/security/identity-protection/tpm/change-the-tpm-owner-password.md rename to windows/security/information-protection/tpm/change-the-tpm-owner-password.md diff --git a/windows/security/identity-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md similarity index 100% rename from windows/security/identity-protection/tpm/how-windows-uses-the-tpm.md rename to windows/security/information-protection/tpm/how-windows-uses-the-tpm.md diff --git a/windows/security/identity-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png b/windows/security/information-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png similarity index 100% rename from windows/security/identity-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png rename to windows/security/information-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png diff --git a/windows/security/identity-protection/tpm/images/tpm-capabilities.png b/windows/security/information-protection/tpm/images/tpm-capabilities.png similarity index 100% rename from windows/security/identity-protection/tpm/images/tpm-capabilities.png rename to windows/security/information-protection/tpm/images/tpm-capabilities.png diff --git a/windows/security/identity-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md similarity index 100% rename from windows/security/identity-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md rename to windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md diff --git a/windows/security/identity-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md similarity index 100% rename from windows/security/identity-protection/tpm/manage-tpm-commands.md rename to windows/security/information-protection/tpm/manage-tpm-commands.md diff --git a/windows/security/identity-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md similarity index 100% rename from windows/security/identity-protection/tpm/manage-tpm-lockout.md rename to windows/security/information-protection/tpm/manage-tpm-lockout.md diff --git a/windows/security/identity-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md similarity index 100% rename from windows/security/identity-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md rename to windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md diff --git a/windows/security/identity-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md similarity index 100% rename from windows/security/identity-protection/tpm/tpm-fundamentals.md rename to windows/security/information-protection/tpm/tpm-fundamentals.md diff --git a/windows/security/identity-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md similarity index 100% rename from windows/security/identity-protection/tpm/tpm-recommendations.md rename to windows/security/information-protection/tpm/tpm-recommendations.md diff --git a/windows/security/identity-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md similarity index 100% rename from windows/security/identity-protection/tpm/trusted-platform-module-overview.md rename to windows/security/information-protection/tpm/trusted-platform-module-overview.md diff --git a/windows/security/identity-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md similarity index 100% rename from windows/security/identity-protection/tpm/trusted-platform-module-services-group-policy-settings.md rename to windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md diff --git a/windows/security/identity-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md similarity index 100% rename from windows/security/identity-protection/tpm/trusted-platform-module-top-node.md rename to windows/security/information-protection/tpm/trusted-platform-module-top-node.md From f2c8ed40304a29a64410382d5aa495aee62252a5 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 1 Aug 2018 14:48:36 -0700 Subject: [PATCH 2/3] fixed toc --- windows/security/identity-protection/TOC.md | 18 ------------------ windows/security/information-protection/TOC.md | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/identity-protection/TOC.md b/windows/security/identity-protection/TOC.md index 61c2b1d12b..91f27e52b9 100644 --- a/windows/security/identity-protection/TOC.md +++ b/windows/security/identity-protection/TOC.md @@ -13,8 +13,6 @@ ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) -## [Encrypted Hard Drive](encrypted-hard-drive.md) - ## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md) ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) @@ -30,11 +28,8 @@ ### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) ### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md) - ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) -## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) - ## [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) ### [How Smart Card Sign-in Works in Windows](smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md) #### [Smart Card Architecture](smart-cards/smart-card-architecture.md) @@ -48,19 +43,6 @@ #### [Smart Card Group Policy and Registry Settings](smart-cards/smart-card-group-policy-and-registry-settings.md) #### [Smart Card Events](smart-cards/smart-card-events.md) -## [Trusted Platform Module](tpm/trusted-platform-module-top-node.md) -### [Trusted Platform Module Overview](tpm/trusted-platform-module-overview.md) -### [TPM fundamentals](tpm/tpm-fundamentals.md) -### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md) -### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md) -### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md) -### [Manage TPM commands](tpm/manage-tpm-commands.md) -### [Manage TPM lockout](tpm/manage-tpm-lockout.md) -### [Change the TPM owner password](tpm/change-the-tpm-owner-password.md) -### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md) -### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md) -### [TPM recommendations](tpm/tpm-recommendations.md) - ### [User Account Control](user-account-control\user-account-control-overview.md) #### [How User Account Control works](user-account-control\how-user-account-control-works.md) #### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md) diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md index 636404ef31..b9c98da745 100644 --- a/windows/security/information-protection/TOC.md +++ b/windows/security/information-protection/TOC.md @@ -28,6 +28,7 @@ #### [Choose the Right BitLocker Countermeasure](bitlocker\choose-the-right-bitlocker-countermeasure.md) ### [Protecting cluster shared volumes and storage area networks with BitLocker](bitlocker\protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md) +## [Encrypted Hard Drive](encrypted-hard-drive.md) ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md) ### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md) @@ -53,3 +54,20 @@ #### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md) ### [Fine-tune Windows Information Protection (WIP) with WIP Learning](windows-information-protection\wip-learning.md) +## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) + +## [Trusted Platform Module](tpm/trusted-platform-module-top-node.md) +### [Trusted Platform Module Overview](tpm/trusted-platform-module-overview.md) +### [TPM fundamentals](tpm/tpm-fundamentals.md) +### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md) +### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md) +### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md) +### [Manage TPM commands](tpm/manage-tpm-commands.md) +### [Manage TPM lockout](tpm/manage-tpm-lockout.md) +### [Change the TPM owner password](tpm/change-the-tpm-owner-password.md) +### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md) +### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md) +### [TPM recommendations](tpm/tpm-recommendations.md) + + + From a5230748463eaebe4b8a583c2024c1541ef1a2d4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 1 Aug 2018 14:56:54 -0700 Subject: [PATCH 3/3] fixed links --- .../how-hardware-based-containers-help-protect-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index de63a69f6f..76c8253720 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: justinha -ms.date: 07/31/2018 +ms.date: 08/01/2018 --- # Windows Defender System Guard: How hardware-based containers help protect Windows 10 @@ -25,7 +25,7 @@ Windows Defender System Guard reorganizes the existing Windows 10 system integri With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system. This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege. -With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) we have a hardware-based root of trust that helps us ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. This hardware-based root of trust comes from the device’s [Secure Boot feature](secure-the-windows-10-boot-process.md), which is part of the Unified Extensible Firmware Interface (UEFI). +With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) we have a hardware-based root of trust that helps us ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). After successful verification and startup of the device’s firmware and Windows bootloader, the next opportunity for attackers to tamper with the system’s integrity is while the rest of the Windows operating system and defenses are starting. As an attacker, embedding your malicious code using a rootkit within the boot process enables you to gain the maximum level of privilege and gives you the ability to more easily persist and evade detection.