Updates to align with term studio

windows/security/book/application-security-application-and-driver-control.md

@@ -20,7 +20,7 @@ Smart App Control builds on top of the same cloud-based AI used in *App Control
 
 We've been making significant improvements to Smart App Control to increase the security, usability, and cloud intelligence response for apps in the Windows ecosystem. Users can get the latest and best experience with Smart App Control by keeping their devices up to date via Windows Update every month.
 
-To ensure that users have a seamless experience with Smart App Control enabled, we ask developers to sign their applications with a code signing certificate from the Microsoft Trusted Root Program. Developers should include all binaries, such as exe, dll, temp installer files, and uninstallers. Trusted signing makes the process of obtaining, maintaining, and signing with a trusted certificate simple and secure.
+To ensure that users have a seamless experience with Smart App Control enabled, we ask developers to sign their applications with a code signing certificate from the Microsoft Trusted Root Program. Developers should include all binaries, such as exe, dll, temp installer files, and uninstallers. Trusted Signing makes the process of obtaining, maintaining, and signing with a trusted certificate simple and secure.
 
 Smart App Control is disabled on devices enrolled in enterprise management. We suggest enterprises running line-of-business applications continue to use *App Control for Business*.
 
@@ -60,9 +60,9 @@ The Windows kernel is the most privileged software and is therefore a compelling
 
 - [Microsoft recommended driver block rules][LINK-4]
 
-## :::image type="icon" source="images/new-button-title.svg" border="false"::: Trusted signing
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Trusted Signing
 
-Trusted signing is a Microsoft fully managed, end-to-end signing solution that simplifies the signing process and empowers third-party developers to easily build and distribute applications.
+Trusted Signing is a Microsoft fully managed, end-to-end signing solution that simplifies the signing process and empowers third-party developers to easily build and distribute applications.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 

windows/security/book/cloud-services-protect-your-personal-information.md

@@ -9,11 +9,11 @@ ms.date: 11/18/2024
 
 :::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
 
-## Microsoft Account
+## Microsoft account
 
-Your Microsoft Account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
+Your Microsoft account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
 
-You can even go passwordless with your Microsoft Account by removing the password from your MSA:
+You can even go passwordless with your Microsoft account by removing the password from your MSA:
 
 - Use Windows Hello to eliminate the password sign-in method for an even more secure experience
 - Use the Microsoft Authenticator app on your Android or iOS device
@@ -29,7 +29,7 @@ When location services and *Find my device* settings are turned on, basic system
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
-- [How to set up, find, and lock a lost Windows device using a Microsoft Account][LINK-2]
+- [How to set up, find, and lock a lost Windows device using a Microsoft account][LINK-2]
 
 ## OneDrive for personal
 
@@ -44,9 +44,9 @@ Microsoft OneDrive for personal<sup>[\[10\]](conclusion.md#footnote10)</sup> off
 - [How to recover from a ransomware attack using Microsoft 365][LINK-7]
 - [How to restore from OneDrive][LINK-3]
 
-## OneDrive Personal Vault
+## Personal Vault
 
-OneDrive Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in OneDrive Personal Vault, where they're protected by identity verification and are easily accessible across devices.
+Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in Personal Vault, where they're protected by identity verification and are easily accessible across devices.
 
 Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text.
 

windows/security/book/cloud-services-protect-your-work-information.md

@@ -36,7 +36,7 @@ When a device is Microsoft Entra ID joined and managed with Microsoft Intune<sup
 - Single sign-in to all Microsoft Online Services
 - Full suite of authentication management capabilities using Windows Hello for Business
 - Single sign-on (SSO) to enterprise and SaaS applications
-- No use of consumer Microsoft Account identity
+- No use of consumer Microsoft account identity
 
 Organizations and users can join or register their Windows devices with Microsoft Entra ID to get a seamless experience to both native and web applications. In addition, users can setup Windows Hello for Business or FIDO2 security keys with Microsoft Entra ID and benefit from greater security with passwordless authentication.
 
@@ -78,11 +78,11 @@ Available to any organization with a Microsoft Entra ID Premium<sup>[\[4\]](conc
 
 - [Enterprise State Roaming in Microsoft Entra ID][LINK-7]
 
-## Microsoft Azure Attestation Service
+## Azure Attestation service
 
-Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> integrates with Microsoft Azure Attestation Service to review Windows device health comprehensively and connect this information with Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup> Conditional Access.
+Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> integrates with Azure Attestation service to review Windows device health comprehensively and connect this information with Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup> Conditional Access.
 
-**Attestation policies are configured in the Microsoft Azure Attestation Service which can then:**
+**Attestation policies are configured in the Azure Attestation service which can then:**
 
 - Verify the integrity of evidence provided by the Windows Attestation component by validating the signature and ensuring the Platform Configuration Registers (PCRs) match the values recomputed by replaying the measured boot log
 - Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM
@@ -172,7 +172,7 @@ Intune Endpoint Privilege Management supports organizations' Zero Trust journeys
 
 - [Endpoint Privilege Management][LINK-14]
 
-### Mobile Application Management (MAM)
+### Mobile application management (MAM)
 
 With Intune, organizations can also extend MAM App Config, MAM App Protection, and App Protection Conditional Access capabilities to Windows. This enables people to access protected organizational content without having the device managed by IT. The first application to support MAM for Windows is Microsoft Edge.
 
@@ -180,7 +180,7 @@ With Intune, organizations can also extend MAM App Config, MAM App Protection, a
 
 - [Data protection for Windows MAM][LINK-15]
 
-## Microsoft security baselines
+## Security baselines
 
 Every organization faces security threats. However, different organizations can be concerned with different types of security threats. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital on confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
 

windows/security/book/conclusion.md

@@ -18,11 +18,11 @@ New:
 - [Administrator protection](application-security-application-and-driver-control.md#-administrator-protection)
 - [Config Refresh](operating-system-security-system-security.md#-config-refresh)
 - [Rust in Windows](operating-system-security-system-security.md#-rust-in-windows)
-- [Trusted signing](application-security-application-and-driver-control.md#-trusted-signing)
+- [Trusted Signing](application-security-application-and-driver-control.md#-trusted-signing)
 - [VBS key protection](identity-protection-advanced-credential-protection.md#-vbs-key-protection)
 - [Virtualization-based security enclaves](application-security-application-isolation.md#-virtualization-based-security-enclaves)
 - [Win32 app isolation](application-security-application-isolation.md#-win32-app-isolation)
-- [Windows protected print mode](operating-system-security-system-security.md#-windows-protected-print-mode)
+- [Windows protected print](operating-system-security-system-security.md#-windows-protected-print-mode)
 
 Enhanced:
 
@@ -65,7 +65,7 @@ Enhanced:
 |**<sup><a name="footnote7"></a>7</sup>**| Feature or functionality delivered using [servicing technology](https://support.microsoft.com/topic/b0aa0a27-ea9a-4365-9224-cb155e517f12).|
 |**<sup><a name="footnote8"></a>8</sup>**| Email encryption is supported on products such as Microsoft Exchange Server and Microsoft Exchange Online.|
 |**<sup><a name="footnote9"></a>9</sup>**| Hardware dependent.|
-|**<sup><a name="footnote10"></a>10</sup>**|All users with a Microsoft Account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
+|**<sup><a name="footnote10"></a>10</sup>**|All users with a Microsoft account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
 |**<sup><a name="footnote11"></a>11</sup>**|The Total Economic Impact&trade; of Windows Pro Device, Forrester study commissioned by Microsoft, June 2020.|
 
 ---

windows/security/book/hardware-security-silicon-assisted-security.md

@@ -57,19 +57,19 @@ Hypervisor-Enforced Paging Translation (HVPT) - formerly HLAT - is a security fe
 - [Understanding Hardware-enforced Stack Protection][LINK-3]
 - [Developer Guidance for hardware-enforced stack protection][LINK-4]
 
-## Kernel Direct Memory Access (DMA) protection
+## Kernel direct memory access (DMA) protection
 
-Windows 11 protects against physical threats such as drive-by Direct Memory Access (DMA) attacks. Peripheral Component Interconnect Express (PCIe) hot-pluggable devices, including Thunderbolt, USB4, and CFexpress, enable users to connect a wide variety of external peripherals to their PCs with the same plug-and-play convenience as USB. These devices encompass graphics cards and other PCI components. Since PCI hot-plug ports are external and easily accessible, PCs are susceptible to drive-by DMA attacks. Memory access protection (also known as Kernel DMA Protection) protects against these attacks by preventing external peripherals from gaining unauthorized access to memory. Drive-by DMA attacks typically happen quickly while the system owner isn't present. The attacks are performed using simple to moderate attacking tools created with affordable, off-the-shelf hardware and software that don't require the disassembly of the PC. For example, a PC owner might leave a device for a quick coffee break. Meanwhile, an attacker plugs an external tool into a port to steal information or inject code that gives the attacker remote control over the PCs, including the ability to bypass the lock screen. With memory access protection built in and enabled, Windows 11 is protected against physical attack wherever people work.
+Windows 11 protects against physical threats such as drive-by direct memory access (DMA) attacks. Peripheral Component Interconnect Express (PCIe) hot-pluggable devices, including Thunderbolt, USB4, and CFexpress, enable users to connect a wide variety of external peripherals to their PCs with the same plug-and-play convenience as USB. These devices encompass graphics cards and other PCI components. Since PCI hot-plug ports are external and easily accessible, PCs are susceptible to drive-by DMA attacks. Memory access protection (also known as Kernel DMA Protection) protects against these attacks by preventing external peripherals from gaining unauthorized access to memory. Drive-by DMA attacks typically happen quickly while the system owner isn't present. The attacks are performed using simple to moderate attacking tools created with affordable, off-the-shelf hardware and software that don't require the disassembly of the PC. For example, a PC owner might leave a device for a quick coffee break. Meanwhile, an attacker plugs an external tool into a port to steal information or inject code that gives the attacker remote control over the PCs, including the ability to bypass the lock screen. With memory access protection built in and enabled, Windows 11 is protected against physical attack wherever people work.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
-- [Kernel Direct Memory Access (DMA) protection][LINK-5]
+- [Kernel direct memory access (DMA) protection][LINK-5]
 
 ## Secured-core PC and Edge Secured-Core
 
 The March 2021 Security Signals report found that more than 80% of enterprises have experienced at least one firmware attack in the past two years. For customers in data-sensitive industries like financial services, government, and healthcare, Microsoft has worked with OEM partners to offer a special category of devices called Secured-core PCs (SCPCs), and an equivalent category of embedded IoT devices called Edge Secured-Core (ESc). The devices ship with more security measures enabled at the firmware layer, or device core, that underpins Windows.
 
-Secured-core PCs and edge devices help prevent malware attacks and minimize firmware vulnerabilities by launching into a clean and trusted state at startup with a hardware-enforced root-of-trust. Virtualization-based security comes enabled by default. Built-in hypervisor-protected code integrity (HVCI) shield system memory, ensuring that all kernel executable code is signed only by known and approved authorities. Secured-core PCs and edge devices also protect against physical threats such as drive-by Direct Memory Access (DMA) attacks with kernel DMA protection.
+Secured-core PCs and edge devices help prevent malware attacks and minimize firmware vulnerabilities by launching into a clean and trusted state at startup with a hardware-enforced root-of-trust. Virtualization-based security comes enabled by default. Built-in hypervisor-protected code integrity (HVCI) shield system memory, ensuring that all kernel executable code is signed only by known and approved authorities. Secured-core PCs and edge devices also protect against physical threats such as drive-by direct memory access (DMA) attacks with kernel DMA protection.
 
 Secured-core PCs and edge devices provide multiple layers of robust protection against hardware and firmware attacks. Sophisticated malware attacks commonly attempt to install *bootkits* or *rootkits* on the system to evade detection and achieve persistence. This malicious software may run at the firmware level prior to Windows being loaded or during the Windows boot process itself, enabling the system to start with the highest level of privilege. Because critical subsystems in Windows use Virtualization-based security, protecting the hypervisor becomes increasingly important. To ensure that no unauthorized firmware or software can start before the Windows bootloader, Windows PCs rely on the Unified Extensible Firmware Interface (UEFI) Secure Boot standard, a baseline security feature of all Windows 11 PCs. Secure Boot helps ensure that only authorized firmware and software with trusted digital signatures can execute. In addition, measurements of all boot components are securely stored in the TPM to help establish a nonrepudiable audit log of the boot called the Static Root of Trust for Measurement (SRTM).
 

windows/security/book/operating-system-security-system-security.md

@@ -53,7 +53,7 @@ exchange, opportunities to engage with technical content about Microsoft's produ
 
 ## Certificates
 
-To help safeguard and authenticate information, Windows provides comprehensive support for certificates and certificate management. The built-in certificate management command-line utility (certmgr.exe) or Microsoft Management Console (MMC) snap-in (certmgr.msc) can be used to view and manage certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs). Whenever a certificate is used in Windows, we validate that the leaf certificate and all the certificates in its chain of trust haven't been revoked or compromised. The trusted root and intermediate certificates and publicly revoked certificates on the machine are used as a reference for Public Key Infrastructure (PKI) trust and are updated monthly by the Microsoft Trusted Root program. If a trusted certificate or root is revoked, all global devices are updated, meaning users can trust that Windows will automatically protect against vulnerabilities in public key infrastructure. For cloud and enterprise deployments, Windows also offers users the ability to autoenroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration.
+To help safeguard and authenticate information, Windows provides comprehensive support for certificates and certificate management. The built-in certificate management command-line utility (certmgr.exe) or Microsoft Management Console (MMC) snap-in (certmgr.msc) can be used to view and manage certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs). Whenever a certificate is used in Windows, we validate that the leaf certificate and all the certificates in its chain of trust haven't been revoked or compromised. The trusted root and intermediate certificates and publicly revoked certificates on the machine are used as a reference for Public Key Infrastructure (PKI) trust and are updated monthly by the Microsoft Trusted Root program. If a trusted certificate or root is revoked, all global devices are updated, meaning users can trust that Windows will automatically protect against vulnerabilities in public key infrastructure. For cloud and enterprise deployments, Windows also offers users the ability to autoenroll and renew certificates in Active Directory with group policy to reduce the risk of potential outages due to certificate expiration or misconfiguration.
 
 ## Code signing and integrity
 
@@ -61,17 +61,16 @@ To ensure that Windows files haven't been tampered with, the Windows Code Integr
 
 The digital signature is evaluated across the Windows environment on Windows boot code, Windows kernel code, and Windows user mode applications. Secure Boot and Code Integrity verify the signature on bootloaders, Option ROMs, and other boot components to ensure that it's trusted and from a reputable publisher. For drivers not published by Microsoft, Kernel Code Integrity verifies the signature on kernel drivers and requires that drivers be signed by Windows or certified by the [Windows Hardware Compatibility Program (WHCP)][LINK-3]. This program ensures that third-party drivers are compatible with various hardware and Windows and that the drivers are from vetted driver developers.
 
-## Device health attestation
+## Device Health Attestation
 
-The Windows device health attestation process supports a Zero Trust paradigm that shifts the focus from static, network-based perimeters to users, assets, and resources. The attestation process confirms the device, firmware, and boot process are in a good state and haven't been tampered with before they can access corporate resources. These
-determinations are made with data stored in the TPM, which provides a secure root-of-trust. The information is sent to an attestation service such as Azure Attestation to verify that the device is in a trusted state. Then a cloud-native device management solution like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> reviews device health and connects this information with Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup> for conditional access.
+The Windows Device Health Attestation process supports a Zero Trust paradigm that shifts the focus from static, network-based perimeters to users, assets, and resources. The attestation process confirms the device, firmware, and boot process are in a good state and haven't been tampered with before they can access corporate resources. These determinations are made with data stored in the TPM, which provides a secure root-of-trust. The information is sent to an attestation service such as Azure Attestation to verify that the device is in a trusted state. Then a cloud-native device management solution like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> reviews device health and connects this information with Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup> for conditional access.
 
 Windows includes many security features to help protect users from malware and attacks. However, security components are trustworthy only if the platform boots as expected and isn't tampered with. As noted above, Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, ELAM, DRTM, Trusted Boot, and other low-level hardware and firmware security features to protect your PC from attacks. From the moment you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configurations that help keep you safe. Measured Boot, implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to the TPM, that functions as a hardware root-of-trust. Remote attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper-resilient report. Remote attestation is the trusted auditor of your system's boot, allowing reliant parties to bind trust to the device and its security.
 
 A summary of the steps involved in attestation and Zero-Trust on a Windows device are as follows:
 
 - During each step of the boot process - such as a file load, update of special variables, and more - information such as file hashes and signature(s) are measured in the TPM Platform Configuration Register (PCRs). The measurements are bound by a Trusted Computing Group specification that dictates which events can be recorded and the format of each event. The data provides important information about device security from the moment it powers on
-- Once Windows has booted, the attestor (or verifier) requests the TPM get the measurements stored in its PCRs alongside the Measured Boot log. Together, these form the attestation evidence that's sent to the Microsoft Azure Attestation Service
+- Once Windows has booted, the attestor (or verifier) requests the TPM get the measurements stored in its PCRs alongside the Measured Boot log. Together, these form the attestation evidence that's sent to the Azure Attestation service
 - The TPM is verified by using the keys or cryptographic material available on the chipset with an Azure Certificate Service
 - The above information is sent to the Azure Attestation Service to verify that the device is in a trusted state.
 
@@ -134,21 +133,21 @@ Windows allows you to restrict functionality to specific applications using buil
 
 - [Windows kiosks and restricted user experiences](/windows/configuration/assigned-access)
 
-## :::image type="icon" source="images/new-button-title.svg" border="false"::: Windows protected print mode
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Windows protected print
 
-Windows protected print mode is built to provide a more modern and secure print system that maximizes compatibility and puts users first. It simplifies the printing experience by allowing devices to exclusively print using the Windows modern print stack.
+Windows protected print is built to provide a more modern and secure print system that maximizes compatibility and puts users first. It simplifies the printing experience by allowing devices to exclusively print using the Windows modern print stack.
 
-The benefits of Windows protected print mode include:
+The benefits of Windows protected print include:
 
 - Increased PC security
 - Simplified and consistent printing experience, regardless of PC architecture
 - Removes the need to manage print drivers
 
-Windows protected print mode is designed to work with Mopria certified printers only. Many existing printers are already compatible.
+Windows protected print is designed to work with Mopria certified printers only. Many existing printers are already compatible.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
-- [Windows protected print mode][LINK-10]
+- [Windows protected print][LINK-10]
 - [New, modern, and secure print experience from Windows][LINK-11]
 
 ## :::image type="icon" source="images/new-button-title.svg" border="false"::: Rust in Windows

windows/security/book/operating-system-security-virus-and-threat-protection.md

@@ -125,15 +125,15 @@ platforms, all synthesized into a single dashboard. This solution offers tremend
 - [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
 - [Microsoft 365 Defender](/defender-xdr/microsoft-365-defender)
 
-## Exploit protection
+## Exploit Protection
 
-Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint<sup>[\[4\]](conclusion.md#footnote4)</sup>, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. You can enable exploit protection on an individual device and then use Group Policy in Active Directory or Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> to distribute the configuration XML file to multiple devices simultaneously.
+Exploit Protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit Protection works best with Microsoft Defender for Endpoint<sup>[\[4\]](conclusion.md#footnote4)</sup>, which gives organizations detailed reporting into Exploit Protection events and blocks as part of typical alert investigation scenarios. You can enable Exploit Protection on an individual device and then use policy settings to distribute the configuration XML file to multiple devices simultaneously.
 
 When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.
 
-You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled. And go through safe deployment practices (SDP).
+You can use audit mode to evaluate how Exploit Protection would impact your organization if it were enabled. And go through safe deployment practices (SDP).
 
-Windows 11 provides configuration options for exploit protection. You can prevent users from modifying these specific options with device management solutions like Microsoft Intune or group policy.
+Windows 11 provides configuration options for Exploit Protection. You can prevent users from modifying these specific options with device management solutions like Microsoft Intune or group policy.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 

windows/security/book/privacy-controls.md

@@ -7,7 +7,7 @@ ms.date: 11/18/2024
 
 # Privacy controls
 
-## Privacy dashboard and report
+## Microsoft Privacy Dashboard
 
 Customers can use the Microsoft Privacy dashboard to view, export, and delete their information, giving them further transparency and control. They can also use the Microsoft Privacy Report to learn more about Windows data collection and how to manage it. For organizations, we provide a guide for Windows Privacy Compliance that includes more details on the available controls and transparency.
 

windows/security/book/security-foundation-offensive-research.md

@@ -41,18 +41,18 @@ Microsoft Offensive Research and Security Engineering (MORSE) performs targeted
 - [MORSE security team takes proactive approach to finding bugs][LINK-1]
 - [MORSE Blog][LINK-2]
 
-## Windows Insider and Bug Bounty program
+## Windows Insider and Microsoft Bug Bounty Programs
 
-As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel.
+As part of our secure development process, the Windows Insider Preview Program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel.
 
-The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.
+The goal of the Windows Insider Preview Program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.
 
 Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities and quickly fix the issues before releasing our final Windows.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [Windows Insider Program][LINK-3]
-- [Microsoft bounty programs][LINK-4]
+- [Microsoft Bug Bounty Programs][LINK-4]
 
 <!--links-->
 

windows/security/book/security-foundation-secure-supply-chain.md

@@ -64,11 +64,11 @@ By integrating SBOMs and COSE signing evidence, we offer stakeholders visibility
 - [SBOM tool](https://github.com/microsoft/sbom-tool)
 - [Code Sign Tool](https://github.com/microsoft/CoseSignTool)
 
-## Windows App software development kit (SDK)
+## Windows Software Development Kit (SDK)
 
-Developers can design highly secure applications that benefit from the latest Windows 11 safeguards using the Windows App SDK. The SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows 11 and Windows 10. To help create apps that are up to date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system.
+Developers can design highly secure applications that benefit from the latest Windows 11 safeguards using the Windows SDK. The SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows 11 and Windows 10. To help create apps that are up to date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [Windows application development - best practices](/windows/apps/get-started/best-practices)
-- [Windows App SDK samples on GitHub](https://github.com/microsoft/WindowsAppSDK-Samples)
+- [Windows SDK samples on GitHub](https://github.com/microsoft/WindowsAppSDK-Samples)