updates

windows/security/book/application-security-application-and-driver-control.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Application and driver control
 
-:::image type="content" source="images/application-security.png" alt-text="Diagram of containing a list of application security features." lightbox="images/application-security.png" border="false":::
+:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of application security features." lightbox="images/application-security.png" border="false":::
 
 Windows 11 offers a rich application platform with layers of security like isolation and code integrity that help protect your valuable data. Developers can also take advantage of these
 capabilities to build in security from the ground up to protect against breaches and malware.

windows/security/book/application-security-application-isolation.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Application isolation
 
-:::image type="content" source="images/application-security.png" alt-text="Diagram of containing a list of application security features." lightbox="images/application-security.png" border="false":::
+:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of application security features." lightbox="images/application-security.png" border="false":::
 
 ## Win32 app isolation
 

windows/security/book/application-security.md

@@ -9,7 +9,7 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/application-security-cover.png" alt-text="Cover of the application security chapter." border="false":::
 
-:::image type="content" source="images/application-security-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/application-security.png" border="false":::
+:::image type="content" source="images/application-security-on.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false":::
 
 Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows 11, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts so that PCs run with the least amount of privileges to prevent malicious applications from accessing sensitive resources.
 

windows/security/book/cloud-services-protect-your-personal-information.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Protect your personal information
 
-:::image type="content" source="images/cloud-security.png" alt-text="Diagram of containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
+:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
 
 ## Microsoft Account
 

windows/security/book/cloud-services-protect-your-work-information.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Protect your work information
 
-:::image type="content" source="images/cloud-security.png" alt-text="Diagram of containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
+:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
 
 ## Microsoft Entra ID
 
@@ -37,17 +37,17 @@ Every Windows device has a built-in local administrator account that must be sec
 
 ### Microsoft Entra Private Access ###
 
-Microsoft Entra Private Access unlocks the ability to specify the fully qualified domain names (FQDNs) and IP addresses that you consider private or internal, so you can manage how your organization accesses them. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need. 
+Microsoft Entra Private Access unlocks the ability to specify the fully qualified domain names (FQDNs) and IP addresses that you consider private or internal, so you can manage how your organization accesses them. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need.
 
 Note that Microsoft Entra Private Access requires Microsoft Entra ID and Microsoft Entra Joined devices and for deployment, refer to [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Private Access Proof of Concept](/entra/architecture/sse-deployment-guide-private-access).
 
 ### Microsoft Entra Internet Access ###
 
-Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs. 
+Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs.
 
 Note that Microsoft Entra Private Access requires Microsoft Entra ID and Microsoft Entra Joined devices and for deployment, refer to [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept](/entra/architecture/sse-deployment-guide-internet-access).
 
-Both these features use a new [Global Secure Access client for Windows](/entra/global-secure-access/how-to-install-windows-client), deployed on the desktop, that secure and control the feature. 
+Both these features use a new [Global Secure Access client for Windows](/entra/global-secure-access/how-to-install-windows-client), deployed on the desktop, that secure and control the feature.
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
@@ -90,7 +90,7 @@ The security baseline includes policies for:
 - Setting credential requirements for passwords and PINs
 - Restricting use of legacy technology
 
-The MDM security baseline has been enhanced with over 70 new settings which enable local user rights assignment, services management, and local security policies which were previously only available through Group Policy.  This enable adoption of pure MDM management and closer adherence to industry standard benchmarks for security. 
+The MDM security baseline has been enhanced with over 70 new settings which enable local user rights assignment, services management, and local security policies which were previously only available through Group Policy.  This enable adoption of pure MDM management and closer adherence to industry standard benchmarks for security.
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 

windows/security/book/cloud-services.md

@@ -9,7 +9,7 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/cloud-services-cover.png" alt-text="Cover of the cloud services chapter." border="false":::
 
-:::image type="content" source="images/cloud-security-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/cloud-security.png" border="false":::
+:::image type="content" source="images/cloud-security-on.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false":::
 
 Today's workforce has more freedom and mobility than ever before, but the risk of data exposure is also at its highest. At Microsoft, we are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on Zero Trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
 

windows/security/book/hardware-security-hardware-root-of-trust.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Hardware root-of-trust
 
-:::image type="content" source="images/hardware.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false":::
+:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
 
 ## Trusted Platform Module (TPM)
 

windows/security/book/hardware-security-silicon-assisted-security.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Silicon assisted security
 
-:::image type="content" source="images/hardware.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false":::
+:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
 
 In addition to a modern hardware root-of-trust, there are multiple capabilities in the latest chips that harden the operating system against threats. These capabilities protect the boot process, safeguard the integrity of memory, isolate security-sensitive compute logic, and more.
 

windows/security/book/hardware-security.md

@@ -9,7 +9,7 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/hardware-security-cover.png" alt-text="Cover of the hardware security chapter." border="false":::
 
-:::image type="content" source="images/hardware-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/hardware.png" border="false":::
+:::image type="content" source="images/hardware-on.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
 
 Today's ever-evolving threats require strong alignment between hardware and software technologies to keep users, data, and devices protected. The operating system alone can't defend against the wide range of tools and techniques cybercriminals use to compromise a computer. Once intruders gain a foothold, they can be difficult to detect. They engage in multiple nefarious activities, ranging from stealing important data and credentials, to implanting malware into low-level device firmware. Once malware is installed in firmware, it becomes difficult to identify and remove. These new threats call for computing hardware that is secure down to the very core, including the hardware chips and processors that store sensitive business information. With hardware-based protection, we can enable strong mitigation against entire classes of vulnerabilities that are difficult to thwart with software alone. Hardware-based protection can also improve the system's overall security without measurably slowing performance, compared to implementing the same capability in software.
 

windows/security/book/identity-protection-advanced-credential-protection.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Advanced credential protection
 
-:::image type="content" source="images/identity-protection.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false":::
+:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false":::
 
 In addition to adopting passwordless sign-in, organizations can strengthen security for user and domain credentials in Windows 11 with Credential Guard and Remote Credential Guard.
 

windows/security/book/identity-protection-passwordless-sign-in.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Passwordless sign-in
 
-:::image type="content" source="images/identity-protection.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false":::
+:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false":::
 
 Passwords are inconvenient to use and prime targets for cybercriminals - and they've been an important part of digital security for years. That changes with the passwordless protection available with Windows 11. After a secure authorization process, credentials are protected behind layers of hardware and software security, giving users secure, passwordless access to their apps and cloud services.
 

windows/security/book/identity-protection.md

@@ -9,7 +9,7 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/identity-protection-cover.png" alt-text="Cover of the identity protection chapter." border="false":::
 
-:::image type="content" source="images/identity-protection-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/identity-protection.png" border="false":::
+:::image type="content" source="images/identity-protection-on.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false":::
 
 Today's flexible workstyles and the security of your organization depend on secure access to corporate resources, including strong identity protection. Weak or reused passwords, password spraying, social engineering, and phishing are some of the top attack vectors. In the last 12 months, we saw an average of more than 4,000 password attacks per second.11 And phishing threats have increased, making identity a continuous battleground. As Bret Arsenault, Chief Information Security Officer at Microsoft says, *Hackers don't break in, they log in.*
 

windows/security/book/operating-system-security-encryption-and-data-protection.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Encryption and data protection
 
-:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false":::
+:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
 When people travel with their PCs, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications.
 

windows/security/book/operating-system-security-network-security.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Network security
 
-:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false":::
+:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
 Windows 11 raises the bar for network security, offering comprehensive protection to help people work with confidence from almost anywhere. To help reduce an organization's attack
 surface, network protection in Windows prevents people from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content.

windows/security/book/operating-system-security-system-security.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # System security
 
-:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false":::
+:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
 ## Trusted Boot (Secure Boot + Measured Boot)
 

windows/security/book/operating-system-security-virus-and-threat-protection.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Virus and threat protection
 
-:::image type="content" source="images/operating-system.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false":::
+:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
 Today's threat landscape is more complex than ever. This new world requires a new approach to threat prevention, detection, and response. Microsoft Defender Antivirus, along with many other features that are built into Windows 11, is at the frontlines, protecting customers against current and emerging threats.
 

windows/security/book/operating-system-security.md

@@ -9,6 +9,6 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/operating-system-security-cover.png" alt-text="Cover of the operating system security chapter." border="false":::
 
-:::image type="content" source="images/operating-system-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/operating-system.png" border="false":::
+:::image type="content" source="images/operating-system-on.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
 Windows 11 is the most secure Windows yet with extensive security measures in the operating system designed to help keep devices, identities, and information safe. These measures include built-in advanced encryption and data protection, robust network system security, and intelligent safeguards against ever-evolving viruses and threats.

windows/security/book/privacy-controls.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Privacy controls
 
-:::image type="content" source="images/privacy.png" alt-text="Diagram of containing a list of security features." lightbox="images/privacy.png" border="false":::
+:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false":::
 
 ## Privacy dashboard and report
 

windows/security/book/privacy.md

@@ -9,7 +9,7 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/privacy-cover.png" alt-text="Cover of the privacy chapter." border="false":::
 
-:::image type="content" source="images/privacy-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/privacy.png" border="false":::
+:::image type="content" source="images/privacy-on.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false":::
 
 [Privacy: Your data, powering your experiences, controlled by you](https://privacy.microsoft.com/).
 

windows/security/book/security-foundation-certification.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Certification
 
-:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false":::
+:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::
 
 Microsoft is committed to supporting product security standards and certifications, including FIPS 140 and Common Criteria, as an external validation of security assurance.
 

windows/security/book/security-foundation-offensive-research.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Offensive research
 
-:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false":::
+:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::
 
 ## Microsoft Security Development Lifecycle (SDL)
 

windows/security/book/security-foundation-secure-supply-chain.md

@@ -7,7 +7,7 @@ ms.date: 04/09/2024
 
 # Secure supply chain
 
-:::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false":::
+:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::
 
 The end-to-end Windows 11 supply chain is complex. It extends from the entire development process, to components such as chips, firmware, drivers, operating system, and apps from other organizations, manufacturing, and security updates. Microsoft invests significantly in Windows 11 supply chain security, and the security of features and components. In 2021, the United States issued an executive order on enhancing the nation's cybersecurity. The executive order, along with various attacks like SolarWinds and WannaCry, elevated the urgency and importance of ensuring a secure supply chain.
 

windows/security/book/security-foundation.md

@@ -15,4 +15,4 @@ Every component of the Windows 11 technology stack, from chip-to-cloud, is purpo
 
 With Windows 11, organizations can improve productivity and gain intuitive new experiences without compromising security.
 
-:::image type="content" source="images/security-foundation-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false":::
+:::image type="content" source="images/security-foundation-on.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::

windows/security/book/subject-index.md

@@ -0,0 +1,140 @@
+---
+title: Subject index
+description: Windows security book subject index.
+ms.topic: overview
+ms.date: 06/17/2024
+---
+
+# Subject index
+
+## Security foundation
+
+:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." border="false":::
+
+Common Criteria (CC)
+Federal Information Processing Standard (FIPS)
+Microsoft Offensive Research and Security Engineering
+Microsoft Security Development Lifecycle (SDL)
+OneFuzz service
+Software bill of materials (SBOM)
+Windows App software development kit (SDK)
+Windows Insider and Bug Bounty program
+
+## Hardware security
+
+:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
+
+Hardware-enforced stack protection
+Kernel Direct Memory Access (DMA) protection
+Microsoft Pluton security processor
+Secured kernel
+Secured-core PC
+Trusted Platform Module (TPM)
+
+## Operating system security
+
+:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
+
+5G and eSIM
+Assigned Access
+Attack surface reduction
+BitLocker
+BitLocker To Go
+Bluetooth protection
+Certificates
+Code signing and integrity
+Config Refresh
+Controlled folder access
+Cryptography
+Device Encryption
+Device health attestation
+DNS security
+Email encryption
+Encrypted hard drive
+Exploit protection
+Microsoft Defender Antivirus
+Microsoft Defender for Endpoint
+Microsoft Defender SmartScreen
+Personal data encryption
+Securing Wi-Fi connections
+Server Message Block file services
+Tamper protection
+Transport layer security (TLS)
+Trusted Boot (Secure Boot + Measured Boot)
+Virtual private networks (VPN)
+Windows Firewall
+Windows security policy settings and auditing
+Windows security settings
+
+## Application security
+
+:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false":::
+
+App containers
+App Control for Business
+Microsoft vulnerable driver blocklist
+Smart App Control
+Trusted signing
+User Account Control
+Win32 app isolation
+Windows Sandbox
+Windows Subsystem for Linux (WSL)
+
+## Identity protection
+
+:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false":::
+
+Access management and control
+Account lockout policies
+Credential Guard
+Enhanced phishing protection with Microsoft Defender SmartScreen
+Federated sign-in
+FIDO support
+Local Security Authority (LSA) protection
+Microsoft Authenticator
+Passkeys
+Remote Credential Guard
+Smart cards for Windows service
+Token protection
+VBS Key Protection
+Windows Hello
+Windows Hello biometric sign-in
+Windows Hello Enhanced Sign-in Security
+Windows Hello for Business
+Windows Hello for Business multi-factor unlock
+Windows Hello PIN
+Windows passwordless experience
+Windows presence sensing
+
+## Privacy
+
+:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false":::
+
+Privacy dashboard and report
+Privacy transparency and controls
+Privacy resource usage
+Windows diagnostic data processor configuration
+
+## Cloud services
+
+:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false":::
+
+Enterprise State Roaming with Azure
+Find my device
+MDM enrollment certificate attestation
+MDM security baseline
+Microsoft Account
+Microsoft Azure Attestation Service
+Microsoft Entra ID
+Microsoft Intune
+Microsoft security baselines
+Modern device management through (MDM)
+OneDrive for personal
+OneDrive for work or school
+OneDrive Personal Vault
+Remote Wipe
+Universal Print
+User reauthentication before password disablement
+Windows Autopatch
+Windows Autopilot and zero-touch deployment
+Windows Update for Business deployment service

windows/security/book/toc.yml

@@ -62,4 +62,6 @@ items:
   - name: Secure supply chain
     href: security-foundation-secure-supply-chain.md
 - name: Conclusion
-  href: conclusion.md
+  href: conclusion.md
+- name: Subject index
+  href: subject-index.md