From 2114ee54eebcb7db72a81997b3c959ea8a03d604 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 25 Jul 2024 12:25:34 -0400 Subject: [PATCH] updates --- ...security-application-and-driver-control.md | 2 +- ...lication-security-application-isolation.md | 2 +- windows/security/book/application-security.md | 2 +- ...vices-protect-your-personal-information.md | 2 +- ...-services-protect-your-work-information.md | 10 +- windows/security/book/cloud-services.md | 2 +- ...ardware-security-hardware-root-of-trust.md | 2 +- ...ware-security-silicon-assisted-security.md | 2 +- windows/security/book/hardware-security.md | 2 +- ...otection-advanced-credential-protection.md | 2 +- ...dentity-protection-passwordless-sign-in.md | 2 +- windows/security/book/identity-protection.md | 2 +- ...security-encryption-and-data-protection.md | 2 +- ...rating-system-security-network-security.md | 2 +- ...erating-system-security-system-security.md | 2 +- ...em-security-virus-and-threat-protection.md | 2 +- .../book/operating-system-security.md | 2 +- windows/security/book/privacy-controls.md | 2 +- windows/security/book/privacy.md | 2 +- .../book/security-foundation-certification.md | 2 +- .../security-foundation-offensive-research.md | 2 +- ...security-foundation-secure-supply-chain.md | 2 +- windows/security/book/security-foundation.md | 2 +- windows/security/book/subject-index.md | 140 ++++++++++++++++++ windows/security/book/toc.yml | 4 +- 25 files changed, 170 insertions(+), 28 deletions(-) create mode 100644 windows/security/book/subject-index.md diff --git a/windows/security/book/application-security-application-and-driver-control.md b/windows/security/book/application-security-application-and-driver-control.md index 3c3de387fa..1296639789 100644 --- a/windows/security/book/application-security-application-and-driver-control.md +++ b/windows/security/book/application-security-application-and-driver-control.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Application and driver control -:::image type="content" source="images/application-security.png" alt-text="Diagram of containing a list of application security features." lightbox="images/application-security.png" border="false"::: +:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of application security features." lightbox="images/application-security.png" border="false"::: Windows 11 offers a rich application platform with layers of security like isolation and code integrity that help protect your valuable data. Developers can also take advantage of these capabilities to build in security from the ground up to protect against breaches and malware. diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md index e97ee67e98..64aee24457 100644 --- a/windows/security/book/application-security-application-isolation.md +++ b/windows/security/book/application-security-application-isolation.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Application isolation -:::image type="content" source="images/application-security.png" alt-text="Diagram of containing a list of application security features." lightbox="images/application-security.png" border="false"::: +:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of application security features." lightbox="images/application-security.png" border="false"::: ## Win32 app isolation diff --git a/windows/security/book/application-security.md b/windows/security/book/application-security.md index 5b8a5238ab..a23b836b09 100644 --- a/windows/security/book/application-security.md +++ b/windows/security/book/application-security.md @@ -9,7 +9,7 @@ ms.date: 04/09/2024 :::image type="content" source="images/application-security-cover.png" alt-text="Cover of the application security chapter." border="false"::: -:::image type="content" source="images/application-security-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/application-security.png" border="false"::: +:::image type="content" source="images/application-security-on.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false"::: Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows 11, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts so that PCs run with the least amount of privileges to prevent malicious applications from accessing sensitive resources. diff --git a/windows/security/book/cloud-services-protect-your-personal-information.md b/windows/security/book/cloud-services-protect-your-personal-information.md index 001632baed..b0f2a1b7a9 100644 --- a/windows/security/book/cloud-services-protect-your-personal-information.md +++ b/windows/security/book/cloud-services-protect-your-personal-information.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Protect your personal information -:::image type="content" source="images/cloud-security.png" alt-text="Diagram of containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: +:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: ## Microsoft Account diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md index 5a88513677..0ca16fcdb2 100644 --- a/windows/security/book/cloud-services-protect-your-work-information.md +++ b/windows/security/book/cloud-services-protect-your-work-information.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Protect your work information -:::image type="content" source="images/cloud-security.png" alt-text="Diagram of containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: +:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: ## Microsoft Entra ID @@ -37,17 +37,17 @@ Every Windows device has a built-in local administrator account that must be sec ### Microsoft Entra Private Access ### -Microsoft Entra Private Access unlocks the ability to specify the fully qualified domain names (FQDNs) and IP addresses that you consider private or internal, so you can manage how your organization accesses them. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need. +Microsoft Entra Private Access unlocks the ability to specify the fully qualified domain names (FQDNs) and IP addresses that you consider private or internal, so you can manage how your organization accesses them. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need. Note that Microsoft Entra Private Access requires Microsoft Entra ID and Microsoft Entra Joined devices and for deployment, refer to [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Private Access Proof of Concept](/entra/architecture/sse-deployment-guide-private-access). ### Microsoft Entra Internet Access ### -Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs. +Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs. Note that Microsoft Entra Private Access requires Microsoft Entra ID and Microsoft Entra Joined devices and for deployment, refer to [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept](/entra/architecture/sse-deployment-guide-internet-access). -Both these features use a new [Global Secure Access client for Windows](/entra/global-secure-access/how-to-install-windows-client), deployed on the desktop, that secure and control the feature. +Both these features use a new [Global Secure Access client for Windows](/entra/global-secure-access/how-to-install-windows-client), deployed on the desktop, that secure and control the feature. :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** @@ -90,7 +90,7 @@ The security baseline includes policies for: - Setting credential requirements for passwords and PINs - Restricting use of legacy technology -The MDM security baseline has been enhanced with over 70 new settings which enable local user rights assignment, services management, and local security policies which were previously only available through Group Policy. This enable adoption of pure MDM management and closer adherence to industry standard benchmarks for security. +The MDM security baseline has been enhanced with over 70 new settings which enable local user rights assignment, services management, and local security policies which were previously only available through Group Policy. This enable adoption of pure MDM management and closer adherence to industry standard benchmarks for security. :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** diff --git a/windows/security/book/cloud-services.md b/windows/security/book/cloud-services.md index 9c78f4867b..20c2ee6d59 100644 --- a/windows/security/book/cloud-services.md +++ b/windows/security/book/cloud-services.md @@ -9,7 +9,7 @@ ms.date: 04/09/2024 :::image type="content" source="images/cloud-services-cover.png" alt-text="Cover of the cloud services chapter." border="false"::: -:::image type="content" source="images/cloud-security-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/cloud-security.png" border="false"::: +:::image type="content" source="images/cloud-security-on.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false"::: Today's workforce has more freedom and mobility than ever before, but the risk of data exposure is also at its highest. At Microsoft, we are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on Zero Trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats. diff --git a/windows/security/book/hardware-security-hardware-root-of-trust.md b/windows/security/book/hardware-security-hardware-root-of-trust.md index 4c36603beb..5cec928575 100644 --- a/windows/security/book/hardware-security-hardware-root-of-trust.md +++ b/windows/security/book/hardware-security-hardware-root-of-trust.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Hardware root-of-trust -:::image type="content" source="images/hardware.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false"::: +:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false"::: ## Trusted Platform Module (TPM) diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md index 8b7fd1d8a2..22fdaa0b0c 100644 --- a/windows/security/book/hardware-security-silicon-assisted-security.md +++ b/windows/security/book/hardware-security-silicon-assisted-security.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Silicon assisted security -:::image type="content" source="images/hardware.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false"::: +:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false"::: In addition to a modern hardware root-of-trust, there are multiple capabilities in the latest chips that harden the operating system against threats. These capabilities protect the boot process, safeguard the integrity of memory, isolate security-sensitive compute logic, and more. diff --git a/windows/security/book/hardware-security.md b/windows/security/book/hardware-security.md index 4e51d4e294..f276d6e349 100644 --- a/windows/security/book/hardware-security.md +++ b/windows/security/book/hardware-security.md @@ -9,7 +9,7 @@ ms.date: 04/09/2024 :::image type="content" source="images/hardware-security-cover.png" alt-text="Cover of the hardware security chapter." border="false"::: -:::image type="content" source="images/hardware-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false"::: +:::image type="content" source="images/hardware-on.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false"::: Today's ever-evolving threats require strong alignment between hardware and software technologies to keep users, data, and devices protected. The operating system alone can't defend against the wide range of tools and techniques cybercriminals use to compromise a computer. Once intruders gain a foothold, they can be difficult to detect. They engage in multiple nefarious activities, ranging from stealing important data and credentials, to implanting malware into low-level device firmware. Once malware is installed in firmware, it becomes difficult to identify and remove. These new threats call for computing hardware that is secure down to the very core, including the hardware chips and processors that store sensitive business information. With hardware-based protection, we can enable strong mitigation against entire classes of vulnerabilities that are difficult to thwart with software alone. Hardware-based protection can also improve the system's overall security without measurably slowing performance, compared to implementing the same capability in software. diff --git a/windows/security/book/identity-protection-advanced-credential-protection.md b/windows/security/book/identity-protection-advanced-credential-protection.md index d7d17fd37f..bea3ef60d6 100644 --- a/windows/security/book/identity-protection-advanced-credential-protection.md +++ b/windows/security/book/identity-protection-advanced-credential-protection.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Advanced credential protection -:::image type="content" source="images/identity-protection.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false"::: +:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false"::: In addition to adopting passwordless sign-in, organizations can strengthen security for user and domain credentials in Windows 11 with Credential Guard and Remote Credential Guard. diff --git a/windows/security/book/identity-protection-passwordless-sign-in.md b/windows/security/book/identity-protection-passwordless-sign-in.md index 891e2230f1..1fb86d724d 100644 --- a/windows/security/book/identity-protection-passwordless-sign-in.md +++ b/windows/security/book/identity-protection-passwordless-sign-in.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Passwordless sign-in -:::image type="content" source="images/identity-protection.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false"::: +:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false"::: Passwords are inconvenient to use and prime targets for cybercriminals - and they've been an important part of digital security for years. That changes with the passwordless protection available with Windows 11. After a secure authorization process, credentials are protected behind layers of hardware and software security, giving users secure, passwordless access to their apps and cloud services. diff --git a/windows/security/book/identity-protection.md b/windows/security/book/identity-protection.md index d614925654..56d29bdf71 100644 --- a/windows/security/book/identity-protection.md +++ b/windows/security/book/identity-protection.md @@ -9,7 +9,7 @@ ms.date: 04/09/2024 :::image type="content" source="images/identity-protection-cover.png" alt-text="Cover of the identity protection chapter." border="false"::: -:::image type="content" source="images/identity-protection-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false"::: +:::image type="content" source="images/identity-protection-on.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false"::: Today's flexible workstyles and the security of your organization depend on secure access to corporate resources, including strong identity protection. Weak or reused passwords, password spraying, social engineering, and phishing are some of the top attack vectors. In the last 12 months, we saw an average of more than 4,000 password attacks per second.11 And phishing threats have increased, making identity a continuous battleground. As Bret Arsenault, Chief Information Security Officer at Microsoft says, *Hackers don't break in, they log in.* diff --git a/windows/security/book/operating-system-security-encryption-and-data-protection.md b/windows/security/book/operating-system-security-encryption-and-data-protection.md index b1e9568332..2e2364225a 100644 --- a/windows/security/book/operating-system-security-encryption-and-data-protection.md +++ b/windows/security/book/operating-system-security-encryption-and-data-protection.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Encryption and data protection -:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false"::: +:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: When people travel with their PCs, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. diff --git a/windows/security/book/operating-system-security-network-security.md b/windows/security/book/operating-system-security-network-security.md index 5638c71bce..6f0b6151ef 100644 --- a/windows/security/book/operating-system-security-network-security.md +++ b/windows/security/book/operating-system-security-network-security.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Network security -:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false"::: +:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: Windows 11 raises the bar for network security, offering comprehensive protection to help people work with confidence from almost anywhere. To help reduce an organization's attack surface, network protection in Windows prevents people from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content. diff --git a/windows/security/book/operating-system-security-system-security.md b/windows/security/book/operating-system-security-system-security.md index c88b511fba..174de7458b 100644 --- a/windows/security/book/operating-system-security-system-security.md +++ b/windows/security/book/operating-system-security-system-security.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # System security -:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false"::: +:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: ## Trusted Boot (Secure Boot + Measured Boot) diff --git a/windows/security/book/operating-system-security-virus-and-threat-protection.md b/windows/security/book/operating-system-security-virus-and-threat-protection.md index c5873bd86f..fcbe84ac69 100644 --- a/windows/security/book/operating-system-security-virus-and-threat-protection.md +++ b/windows/security/book/operating-system-security-virus-and-threat-protection.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Virus and threat protection -:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false"::: +:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: Today's threat landscape is more complex than ever. This new world requires a new approach to threat prevention, detection, and response. Microsoft Defender Antivirus, along with many other features that are built into Windows 11, is at the frontlines, protecting customers against current and emerging threats. diff --git a/windows/security/book/operating-system-security.md b/windows/security/book/operating-system-security.md index f5bf82d057..cc3f783616 100644 --- a/windows/security/book/operating-system-security.md +++ b/windows/security/book/operating-system-security.md @@ -9,6 +9,6 @@ ms.date: 04/09/2024 :::image type="content" source="images/operating-system-security-cover.png" alt-text="Cover of the operating system security chapter." border="false"::: -:::image type="content" source="images/operating-system-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false"::: +:::image type="content" source="images/operating-system-on.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: Windows 11 is the most secure Windows yet with extensive security measures in the operating system designed to help keep devices, identities, and information safe. These measures include built-in advanced encryption and data protection, robust network system security, and intelligent safeguards against ever-evolving viruses and threats. diff --git a/windows/security/book/privacy-controls.md b/windows/security/book/privacy-controls.md index 01caad195d..3575945acd 100644 --- a/windows/security/book/privacy-controls.md +++ b/windows/security/book/privacy-controls.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Privacy controls -:::image type="content" source="images/privacy.png" alt-text="Diagram of containing a list of security features." lightbox="images/privacy.png" border="false"::: +:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false"::: ## Privacy dashboard and report diff --git a/windows/security/book/privacy.md b/windows/security/book/privacy.md index 19cae8027a..fe406ec46b 100644 --- a/windows/security/book/privacy.md +++ b/windows/security/book/privacy.md @@ -9,7 +9,7 @@ ms.date: 04/09/2024 :::image type="content" source="images/privacy-cover.png" alt-text="Cover of the privacy chapter." border="false"::: -:::image type="content" source="images/privacy-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/privacy.png" border="false"::: +:::image type="content" source="images/privacy-on.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false"::: [Privacy: Your data, powering your experiences, controlled by you](https://privacy.microsoft.com/). diff --git a/windows/security/book/security-foundation-certification.md b/windows/security/book/security-foundation-certification.md index fe9fa899fc..0fd1fde635 100644 --- a/windows/security/book/security-foundation-certification.md +++ b/windows/security/book/security-foundation-certification.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Certification -:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false"::: +:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false"::: Microsoft is committed to supporting product security standards and certifications, including FIPS 140 and Common Criteria, as an external validation of security assurance. diff --git a/windows/security/book/security-foundation-offensive-research.md b/windows/security/book/security-foundation-offensive-research.md index 8c679f3376..9c6364caa1 100644 --- a/windows/security/book/security-foundation-offensive-research.md +++ b/windows/security/book/security-foundation-offensive-research.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Offensive research -:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false"::: +:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false"::: ## Microsoft Security Development Lifecycle (SDL) diff --git a/windows/security/book/security-foundation-secure-supply-chain.md b/windows/security/book/security-foundation-secure-supply-chain.md index d08de662b6..5e8a570134 100644 --- a/windows/security/book/security-foundation-secure-supply-chain.md +++ b/windows/security/book/security-foundation-secure-supply-chain.md @@ -7,7 +7,7 @@ ms.date: 04/09/2024 # Secure supply chain -:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false"::: +:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false"::: The end-to-end Windows 11 supply chain is complex. It extends from the entire development process, to components such as chips, firmware, drivers, operating system, and apps from other organizations, manufacturing, and security updates. Microsoft invests significantly in Windows 11 supply chain security, and the security of features and components. In 2021, the United States issued an executive order on enhancing the nation's cybersecurity. The executive order, along with various attacks like SolarWinds and WannaCry, elevated the urgency and importance of ensuring a secure supply chain. diff --git a/windows/security/book/security-foundation.md b/windows/security/book/security-foundation.md index f0fb340c8a..09b99b2953 100644 --- a/windows/security/book/security-foundation.md +++ b/windows/security/book/security-foundation.md @@ -15,4 +15,4 @@ Every component of the Windows 11 technology stack, from chip-to-cloud, is purpo With Windows 11, organizations can improve productivity and gain intuitive new experiences without compromising security. -:::image type="content" source="images/security-foundation-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false"::: +:::image type="content" source="images/security-foundation-on.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false"::: diff --git a/windows/security/book/subject-index.md b/windows/security/book/subject-index.md new file mode 100644 index 0000000000..c5434bc344 --- /dev/null +++ b/windows/security/book/subject-index.md @@ -0,0 +1,140 @@ +--- +title: Subject index +description: Windows security book subject index. +ms.topic: overview +ms.date: 06/17/2024 +--- + +# Subject index + +## Security foundation + +:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." border="false"::: + +Common Criteria (CC) +Federal Information Processing Standard (FIPS) +Microsoft Offensive Research and Security Engineering +Microsoft Security Development Lifecycle (SDL) +OneFuzz service +Software bill of materials (SBOM) +Windows App software development kit (SDK) +Windows Insider and Bug Bounty program + +## Hardware security + +:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false"::: + +Hardware-enforced stack protection +Kernel Direct Memory Access (DMA) protection +Microsoft Pluton security processor +Secured kernel +Secured-core PC +Trusted Platform Module (TPM) + +## Operating system security + +:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: + +5G and eSIM +Assigned Access +Attack surface reduction +BitLocker +BitLocker To Go +Bluetooth protection +Certificates +Code signing and integrity +Config Refresh +Controlled folder access +Cryptography +Device Encryption +Device health attestation +DNS security +Email encryption +Encrypted hard drive +Exploit protection +Microsoft Defender Antivirus +Microsoft Defender for Endpoint +Microsoft Defender SmartScreen +Personal data encryption +Securing Wi-Fi connections +Server Message Block file services +Tamper protection +Transport layer security (TLS) +Trusted Boot (Secure Boot + Measured Boot) +Virtual private networks (VPN) +Windows Firewall +Windows security policy settings and auditing +Windows security settings + +## Application security + +:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false"::: + +App containers +App Control for Business +Microsoft vulnerable driver blocklist +Smart App Control +Trusted signing +User Account Control +Win32 app isolation +Windows Sandbox +Windows Subsystem for Linux (WSL) + +## Identity protection + +:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false"::: + +Access management and control +Account lockout policies +Credential Guard +Enhanced phishing protection with Microsoft Defender SmartScreen +Federated sign-in +FIDO support +Local Security Authority (LSA) protection +Microsoft Authenticator +Passkeys +Remote Credential Guard +Smart cards for Windows service +Token protection +VBS Key Protection +Windows Hello +Windows Hello biometric sign-in +Windows Hello Enhanced Sign-in Security +Windows Hello for Business +Windows Hello for Business multi-factor unlock +Windows Hello PIN +Windows passwordless experience +Windows presence sensing + +## Privacy + +:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false"::: + +Privacy dashboard and report +Privacy transparency and controls +Privacy resource usage +Windows diagnostic data processor configuration + +## Cloud services + +:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false"::: + +Enterprise State Roaming with Azure +Find my device +MDM enrollment certificate attestation +MDM security baseline +Microsoft Account +Microsoft Azure Attestation Service +Microsoft Entra ID +Microsoft Intune +Microsoft security baselines +Modern device management through (MDM) +OneDrive for personal +OneDrive for work or school +OneDrive Personal Vault +Remote Wipe +Universal Print +User reauthentication before password disablement +Windows Autopatch +Windows Autopilot and zero-touch deployment +Windows Update for Business deployment service diff --git a/windows/security/book/toc.yml b/windows/security/book/toc.yml index e1135516e9..9e888a7e68 100644 --- a/windows/security/book/toc.yml +++ b/windows/security/book/toc.yml @@ -62,4 +62,6 @@ items: - name: Secure supply chain href: security-foundation-secure-supply-chain.md - name: Conclusion - href: conclusion.md \ No newline at end of file + href: conclusion.md +- name: Subject index + href: subject-index.md \ No newline at end of file