mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
updates
This commit is contained in:
Paolo Matarazzo
commit
12dfcb6221
@ -1,12 +1,10 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
The following table lists the security features that are available in Windows, and the Windows editions that support them:
|
||||
|
||||
| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
|
||||
|:---|:---:|:---:|:---:|:---:|
|
||||
|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
|
||||
@ -32,7 +30,7 @@ The following table lists the security features that are available in Windows, a
|
||||
|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
|
||||
|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
|
||||
|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
|
||||
|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
|
||||
|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
|
||||
|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
|
||||
|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
|
||||
|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
|
||||
|
||||
@ -1,12 +1,10 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
The following table lists the security features that are available in Windows, and the licensing requirements to use them:
|
||||
|
||||
|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
||||
|:---|:---:|:---:|:---:|:---:|:---:|
|
||||
|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
|
||||
@ -32,7 +30,7 @@ The following table lists the security features that are available in Windows, a
|
||||
|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
|
||||
|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
@ -15,7 +15,7 @@ The following table lists the Windows editions that support Federated sign-in:
|
||||
|
||||
Federated sign-in license entitlements are granted by the following licenses:
|
||||
|
||||
|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
||||
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
||||
|:---:|:---:|:---:|:---:|:---:|
|
||||
|No|No|No|Yes|Yes|
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 05/02/2023
|
||||
ms.date: 05/04/2023
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
@ -19,6 +19,8 @@ ms.topic: reference
|
||||
<!-- RemoteWipe-Editable-Begin -->
|
||||
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
||||
The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
|
||||
|
||||
[!INCLUDE [remote-wipe](../../../includes/licensing/remote-wipe.md)]
|
||||
<!-- RemoteWipe-Editable-End -->
|
||||
|
||||
<!-- RemoteWipe-Tree-Begin -->
|
||||
|
||||
@ -19,6 +19,8 @@ ms.topic: reference
|
||||
<!-- WindowsDefenderApplicationGuard-Editable-Begin -->
|
||||
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
||||
The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
|
||||
|
||||
[!INCLUDE [microsoft-defender-application-guard-mdag-configure-via-mdm](../../../includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md)]
|
||||
<!-- WindowsDefenderApplicationGuard-Editable-End -->
|
||||
|
||||
<!-- WindowsDefenderApplicationGuard-Tree-Begin -->
|
||||
|
||||
@ -8,9 +8,9 @@
|
||||
href: introduction/index.md
|
||||
- name: Zero Trust and Windows
|
||||
href: zero-trust-windows-device-health.md
|
||||
- name: Security features edition requirements
|
||||
- name: Security features and edition requirements
|
||||
href: introduction/security-features-edition-requirements.md
|
||||
- name: Security features licensing requirements
|
||||
- name: Security features and licensing requirements
|
||||
href: introduction/security-features-licensing-requirements.md
|
||||
- name: Hardware security
|
||||
href: hardware-security/toc.yml
|
||||
|
||||
@ -20,9 +20,7 @@ Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard
|
||||
Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article.
|
||||
|
||||
<a id="comparing-remote-credential-guard-with-other-remote-desktop-connection-options"></a>
|
||||
> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#remote-desktop-connections-and-helpdesk-support-scenarios) in this article.
|
||||
|
||||
## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options
|
||||
|
||||
@ -126,10 +124,10 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C
|
||||
|
||||
> [!NOTE]
|
||||
> Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
|
||||
> When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard.
|
||||
> When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard.
|
||||
|
||||
- If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic.
|
||||
- If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
|
||||
- If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#remote-credential-guard-requirements) listed earlier in this topic.
|
||||
- If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-windows-defender-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
|
||||
|
||||
1. Click **OK**
|
||||
1. Close the Group Policy Management Console
|
||||
|
||||
@ -19,6 +19,7 @@ items:
|
||||
href: smart-cards/toc.yml
|
||||
- name: Virtual smart cards
|
||||
href: virtual-smart-cards/toc.yml
|
||||
displayName: VSC
|
||||
- name: Enterprise Certificate Pinning
|
||||
href: enterprise-certificate-pinning.md
|
||||
- name: Advanced credential protection
|
||||
@ -28,13 +29,16 @@ items:
|
||||
- name: Technical support policy for lost or forgotten passwords
|
||||
href: password-support-policy.md
|
||||
- name: Windows LAPS (Local Administrator Password Solution) 🔗
|
||||
displayName: LAPS
|
||||
href: /windows-server/identity/laps/laps-overview
|
||||
- name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
|
||||
href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
|
||||
displayName: EPP
|
||||
- name: Access Control
|
||||
items:
|
||||
- name: Overview
|
||||
href: access-control/access-control.md
|
||||
displayName: ACL
|
||||
- name: Local Accounts
|
||||
href: access-control/local-accounts.md
|
||||
- name: Security policy settings 🔗
|
||||
|
||||
@ -4,6 +4,7 @@ description: System security book.
|
||||
ms.date: 04/24/2023
|
||||
ms.topic: tutorial
|
||||
ms.author: paoloma
|
||||
ms.custom: ai-gen-docs
|
||||
author: paolomatarazzo
|
||||
appliesto:
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||
@ -11,47 +12,46 @@ appliesto:
|
||||
|
||||
# Introduction to Windows security
|
||||
|
||||
The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
|
||||
The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
|
||||
|
||||
Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](../threat-protection/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
|
||||
|
||||
## How Windows 11 enables Zero Trust protection
|
||||
|
||||
A Zero Trust security model gives the right people the right access at the right time. Zero Trust security is based on three principles:
|
||||
|
||||
1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception
|
||||
2. When verified, give people and devices access to only necessary resources for the necessary amount of time
|
||||
3. Use continuous analytics to drive threat detection and improve defenses
|
||||
1. When verified, give people and devices access to only necessary resources for the necessary amount of time
|
||||
1. Use continuous analytics to drive threat detection and improve defenses
|
||||
|
||||
You should continue to strengthen your Zero Trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility.
|
||||
For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides *chip-to-cloud security*, enabling IT administrators to implement strong authorization and authentication processes with features like [Windows Hello for Business](../identity-protection/hello-for-business/hello-overview.md). IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. Windows 11 works out-of-the-box with Microsoft Intune and Azure Active Directory, which enable timely and seamless access decisions. Furthermore, IT administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
|
||||
|
||||
For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
|
||||
### Security, by default
|
||||
|
||||
Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy.
|
||||
Windows 11 is a natural evolution of its predecessor, Windows 10. We have collaborated with our manufacturer and silicon partners to incorporate extra hardware security measures that address the increasingly complex security threats of today. These measures not only enable the hybrid work and learning that many organizations now embrace but also help bolster our already strong foundation and resilience against attacks.
|
||||
|
||||
## Security, by default
|
||||
### Enhanced hardware and operating system security
|
||||
|
||||
Nearly 90% of security decision makers surveyed say outdated hardware leaves organizations more open to attacks and using modern hardware would help protect against future threats. Building on the innovations of Windows 10, we've worked with our manufacturer and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 supports new ways of working with a foundation that is even stronger and more resilient to attacks.
|
||||
With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind other barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
|
||||
|
||||
## Enhanced hardware and operating system security
|
||||
In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs) and [Secure Boot](../trusted-boot.md) built-in and enabled by default to contain and limit malware exploits.
|
||||
|
||||
With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind additional barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
|
||||
|
||||
In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits. <sup>[\[1\]](#note1)</sup>
|
||||
|
||||
## Robust application security and privacy controls
|
||||
### Robust application security and privacy controls
|
||||
|
||||
To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
|
||||
|
||||
In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) <sup>[\[2\]](#note2)</sup> uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
|
||||
In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
|
||||
|
||||
## Secured identities
|
||||
### Secured identities
|
||||
|
||||
Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. And with Windows Hello, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. <sup>[\[3\]](#note3)</sup>
|
||||
Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](../information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Windows Defender Credential Guard](../identity-protection/credential-guard/credential-guard.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](../identity-protection/hello-for-business/hello-overview.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
|
||||
|
||||
## Connecting to cloud services
|
||||
### Connecting to cloud services
|
||||
|
||||
Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows 11 devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Endpoint Manager, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud. <sup>[\[4\]](#note4)</sup>
|
||||
Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Intune, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud.
|
||||
|
||||
<sup><a name="note1"></a>[1]</sup> Hypervisor-protected coder integrity, which activates virtualization-based security, is enabled by default on clean installations only.\
|
||||
<sup><a name="note2"></a>[2]</sup> Windows 10 Pro and above support Application Guard protection for Microsoft Edge. Microsoft Defender Application Guard for Office requires Windows 10 Enterprise, and Microsoft 365 E5 or Microsoft 365 E5 Security.\
|
||||
<sup><a name="note3"></a>[3]</sup> Windows Hello supports multi-factor authentication including facial recognition, fingerprint, and PIN. Requires specialized hardware such as fingerprint reader, illuminated IT sensor or other biometric sensors and capable devices.\
|
||||
<sup><a name="note4"></a>[4]</sup> Microsoft Endpoint Manager and Microsoft Azure Active Directory subscriptions sold separately.\
|
||||
## Next steps
|
||||
|
||||
To learn more about the security features included in Windows 11, download the [Windows 11 Security Book: Powerful security from chip to cloud](https://aka.ms/Windows11SecurityBook).
|
||||
|
||||
[!INCLUDE [ai-disclaimer-generic](../../../includes/ai-disclaimer-generic.md)]
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows edition requirements
|
||||
title: Windows security features and edition requirements
|
||||
description: Learn about Windows edition requirements for the feature included in Windows.
|
||||
ms.prod: windows-client
|
||||
author: paolomatarazzo
|
||||
@ -8,12 +8,19 @@ manager: aaroncz
|
||||
ms.collection:
|
||||
- tier3
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/03/2023
|
||||
ms.date: 05/04/2023
|
||||
appliesto:
|
||||
- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
# Security features Windows edition requirements
|
||||
# Windows security features and edition requirements
|
||||
|
||||
[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
|
||||
This article lists the security features that are available in Windows, and the Windows editions that support them.
|
||||
|
||||
> [!NOTE]
|
||||
> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
|
||||
|
||||
[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
|
||||
|
||||
For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows security licensing requirements
|
||||
title: Windows security features and licensing requirements
|
||||
description: Learn about Windows features and licensing requirements for the feature included in Windows.
|
||||
ms.prod: windows-client
|
||||
author: paolomatarazzo
|
||||
@ -14,6 +14,13 @@ appliesto:
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
# Windows security licensing requirements
|
||||
# Windows security features and licensing requirements
|
||||
|
||||
[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
|
||||
This article lists the security features that are available in Windows, and the licensing requirements to use them.
|
||||
|
||||
> [!NOTE]
|
||||
> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
|
||||
|
||||
[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
|
||||
|
||||
For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
|
||||
|
||||
@ -8,7 +8,7 @@ manager: aaroncz
|
||||
ms.collection:
|
||||
- tier2
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/24/2023
|
||||
ms.date: 05/04/2023
|
||||
appliesto:
|
||||
- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||
ms.technology: itpro-security
|
||||
@ -19,7 +19,7 @@ ms.technology: itpro-security
|
||||
This document provides an overview of the products and use rights available through Microsoft Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
|
||||
|
||||
> [!NOTE]
|
||||
> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
|
||||
> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms][EXT-4].
|
||||
|
||||
## Windows 11 editions
|
||||
|
||||
@ -31,7 +31,7 @@ The following table lists the editions of Windows 11 available through each Micr
|
||||
|
||||
## Windows desktop offerings available through Commercial Licensing
|
||||
|
||||
The following offerings are available for purchase through [Microsoft Commercial Licensing](https://www.microsoft.com/licensing):
|
||||
The following offerings are available for purchase through [Microsoft Commercial Licensing][EXT-5]:
|
||||
|
||||
|Product|Description|Availability|
|
||||
|-|-|-|
|
||||
@ -67,13 +67,13 @@ The following table describes the unique Windows Enterprise edition features:
|
||||
|
||||
| OS-based feature | Description |
|
||||
|-|-|
|
||||
|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
|
||||
|**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
|
||||
|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |
|
||||
|**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
|
||||
|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
|
||||
|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.|
|
||||
|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.|
|
||||
|**[Windows Defender Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
|
||||
|**[Managed Microsoft Defender Application Guard for Microsoft Edge][EDGE-1]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
|
||||
|**[Modern BitLocker Management][WIN-2]** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |
|
||||
|**[Personal Data Encryption][WIN-3]**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
|
||||
|**[Direct Access][WINS-1]**|Connect remote users to the organization network without the need for traditional VPN connections.|
|
||||
|**[Always-On VPN device tunnel][WINS-2]**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.|
|
||||
|**[Windows Experience customization][WIN-4]**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.|
|
||||
|
||||
#### Windows 11 Enterprise cloud-based capabilities
|
||||
|
||||
@ -81,13 +81,13 @@ The following table describes the unique Windows Enterprise cloud-based features
|
||||
|
||||
|Cloud-based feature | Description |
|
||||
|-|-|
|
||||
|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
|
||||
|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
|
||||
|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
|
||||
|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
|
||||
|**[Microsoft Connected Cache](/windows/deployment/do/waas-delivery-optimization)**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
|
||||
|**[Endpoint analytics proactive remediation](/mem/analytics/proactive-remediations)**|Helps you fix common support issues before end-users notice them.|
|
||||
|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.|
|
||||
|**[Windows subscription activation][WIN-5]**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
|
||||
|**[Windows Autopatch][WIN-6]**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
|
||||
|**[Windows Update For Business deployment service][WIN-7]**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
|
||||
|**[Universal Print][UP-1]**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
|
||||
|**[Microsoft Connected Cache][WIN-8]**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
|
||||
|**[Endpoint analytics proactive remediation][MEM-1]**|Helps you fix common support issues before end-users notice them.|
|
||||
|**[Organizational messages][MEM-2]**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.|
|
||||
|
||||
#### Windows 11 Enterprise licensing use rights
|
||||
|
||||
@ -95,17 +95,17 @@ The following table describes the Windows Enterprise licensing use rights:
|
||||
|
||||
|Licensing use rights|Description|
|
||||
|-|-|
|
||||
|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
|
||||
|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|Get extra time to deploy feature releases.|
|
||||
|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of
|
||||
|**[Five Windows instances per licensed user][EXT-1]**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
|
||||
|**[36 months (3 years) support on annual feature releases][WIN-9]**|Get extra time to deploy feature releases.|
|
||||
|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of
|
||||
Windows user profiles in virtual desktop environments.|
|
||||
|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
|
||||
|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
|
||||
|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
|
||||
|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification|
|
||||
|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
|
||||
|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
|
||||
|**[Windows feature update device readiness report][MEM-3]**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
|
||||
|**[Windows feature update compatibility risks reports][MEM-3]**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
|
||||
|**[Windows LTSC Enterprise][WIN-10]**|Intended for highly specialized devices that require limited changes due to regulations and certification|
|
||||
|**[Microsoft Desktop Optimization Pack (MDOP) ][MDOP-1]**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
|
||||
|
||||
Learn more about [Windows 11 Enterprise E3](https://windows.com/enterprise).
|
||||
Learn more about [Windows 11 Enterprise E3][EXT-3].
|
||||
|
||||
### Windows 11 Enterprise E5
|
||||
|
||||
@ -141,42 +141,42 @@ The following table lists the Windows 11 Enterprise features and their Windows e
|
||||
|
||||
| OS-based feature |Windows Pro|Windows Enterprise|
|
||||
|-|-|-|
|
||||
|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|
|
||||
|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
|
||||
|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
|
||||
|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|
|
||||
|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes|
|
||||
|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|
|
||||
|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|❌|Yes|
|
||||
|**[Windows Defender Credential Guard][WIN-1]**|❌|Yes|
|
||||
|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][EDGE-1]**|Yes|Yes|
|
||||
|**[Modern BitLocker Management][WIN-2]**|Yes|Yes|
|
||||
|**[Personal data encryption (PDE)][WIN-3]**|❌|Yes|
|
||||
|**[Direct Access][WINS-1]**|Yes|Yes|
|
||||
|**[Always On VPN][WINS-2]**|Yes|Yes|
|
||||
|**[Windows Experience customization][WIN-4]**|❌|Yes|
|
||||
|
||||
The following table lists the Windows 11 Enterprise cloud-based features and their Windows edition requirements:
|
||||
|
||||
| Cloud-based feature |Windows Pro|Windows Enterprise|
|
||||
|-|-|-|
|
||||
|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|
|
||||
|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|Yes|Yes|
|
||||
|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|
|
||||
|**[Universal Print](/universal-print/)**|Yes|Yes|
|
||||
|**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
|
||||
|**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
|
||||
|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|
|
||||
|**[Windows subscription activation][WIN-5]**|Yes|Yes|
|
||||
|**[Windows Autopatch][WIN-6]**|Yes|Yes|
|
||||
|**[Windows Update For Business deployment service][WIN-7]**|Yes|Yes|
|
||||
|**[Universal Print][UP-1]**|Yes|Yes|
|
||||
|**[Microsoft Connected Cache][WIN-8]**|Yes|Yes|
|
||||
|**[Endpoint analytics proactive remediation][MEM-1]**|Yes|Yes|
|
||||
|**[Organizational messages][MEM-2]**|❌|Yes|
|
||||
|
||||
The following table lists the Windows 11 Enterprise E3 licensing use rights and their Windows edition requirements:
|
||||
|
||||
|Licensing use rights|Windows Pro|Windows Enterprise|
|
||||
|-|-|-|
|
||||
|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a|
|
||||
|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|❌|Yes|
|
||||
|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|n/a|n/a|
|
||||
|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a|
|
||||
|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
|
||||
|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
|
||||
|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|n/a|n/a|
|
||||
|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Yes|Yes|
|
||||
|**[Five Windows instances per licensed user][EXT-1]**|n/a|n/a|
|
||||
|**[36 months (3 years) support on annual feature releases][WIN-9]**|❌|Yes|
|
||||
|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|n/a|n/a|
|
||||
|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|n/a|n/a|
|
||||
|**[Windows feature update device readiness report][MEM-3]**|Yes|Yes|
|
||||
|**[Windows feature update compatibility risks reports][MEM-3]**|Yes|Yes|
|
||||
|**[Windows LTSC Enterprise][WIN-10]**|n/a|n/a|
|
||||
|**[Microsoft Desktop Optimization Pack (MDOP)][MDOP-1]**|Yes|Yes|
|
||||
|
||||
## Next steps
|
||||
|
||||
To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide](https://aka.ms/WindowsLicensingGuide). The guide provides additional information to complement the information in this article, including:
|
||||
To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide][EXT-6]. The guide provides additional information to complement the information in this article, including:
|
||||
|
||||
- Description of qualifying operating systems
|
||||
- Availability of Windows desktop operating system products in licensing programs
|
||||
@ -184,3 +184,29 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
|
||||
- Windows 11 downgrade rights
|
||||
- Volume license activation methods
|
||||
- How to acquire licenses through Commercial Licensing
|
||||
|
||||
[AZ-1]: /azure/virtual-desktop/prerequisites#operating-systems-and-licenses
|
||||
[EDGE-1]: /deployedge/microsoft-edge-security-windows-defender-application-guard
|
||||
[EXT-1]: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS
|
||||
[EXT-2]: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-release-health-now-available-in-the-microsoft-365-admin/ba-p/2235908
|
||||
[EXT-3]: https://windows.com/enterprise
|
||||
[EXT-4]: https://www.microsoft.com/licensing/product-licensing/products.aspx
|
||||
[EXT-5]: https://www.microsoft.com/licensing
|
||||
[EXT-6]: https://aka.ms/WindowsLicensingGuide
|
||||
[MDOP-1]: /microsoft-desktop-optimization-pack
|
||||
[MEM-1]: /mem/analytics/proactive-remediations
|
||||
[MEM-2]: /mem/intune/remote-actions/organizational-messages-overview
|
||||
[MEM-3]: /mem/intune/protect/windows-update-compatibility-reports
|
||||
[UP-1]: /universal-print/
|
||||
[WIN-1]: /windows/security/identity-protection/credential-guard/credential-guard
|
||||
[WIN-2]: /windows/security/information-protection/bitlocker/bitlocker-overview
|
||||
[WIN-3]: /windows/security/information-protection/personal-data-encryption/overview-pde
|
||||
[WIN-4]: /windows/client-management/mdm/policy-csp-experience
|
||||
[WIN-5]: /windows/deployment/windows-10-subscription-activation
|
||||
[WIN-6]: /windows/deployment/windows-autopatch
|
||||
[WIN-7]: /windows/deployment/update/deployment-service-overview
|
||||
[WIN-8]: /windows/deployment/do/waas-microsoft-connected-cache
|
||||
[WIN-9]: /windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions
|
||||
[WIN-10]: /windows/whats-new/ltsc/
|
||||
[WINS-1]: /windows-server/remote/remote-access/directaccess/directaccess
|
||||
[WINS-2]: /windows-server/remote/remote-access/vpn/always-on-vpn/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user