From 28c6abdb5fcbb70d5cac08ece234f97d5a0dad62 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 8 Apr 2024 09:36:20 -0400
Subject: [PATCH] Update TOC links for Windows security chapters

---
 windows/security/book/hardware-security.md    |   8 ++
 windows/security/book/index.yml               | 133 ++----------------
 windows/security/book/introduction.md         |  35 +++++
 .../book/operating-system-security.md         |   8 ++
 windows/security/book/toc.yml                 |  16 +--
 5 files changed, 65 insertions(+), 135 deletions(-)
 create mode 100644 windows/security/book/hardware-security.md
 create mode 100644 windows/security/book/introduction.md
 create mode 100644 windows/security/book/operating-system-security.md

diff --git a/windows/security/book/hardware-security.md b/windows/security/book/hardware-security.md
new file mode 100644
index 0000000000..80298006ff
--- /dev/null
+++ b/windows/security/book/hardware-security.md
@@ -0,0 +1,8 @@
+---
+title: Hardware security
+description: Hardware security
+ms.topic: overview
+ms.date: 03/12/2024
+---
+
+# Hardware security
diff --git a/windows/security/book/index.yml b/windows/security/book/index.yml
index c58f326b04..2a6c0fe39a 100644
--- a/windows/security/book/index.yml
+++ b/windows/security/book/index.yml
@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Windows security book
-summary: Windows is designed with zero-trust principles at its core, offering powerful security from chip to cloud. As organizations embrace hybrid work environments, the need for robust security solutions becomes paramount. Windows integrates advanced hardware and software protection, ensuring data integrity and access control across devices. Learn about the different security features included in Windows.
+summary: Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees. To thrive, organizations need security to work anywhere. Microsoft's 2022 Work Trend Index shows *cybersecurity issues and risks* are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices. In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches. At Microsoft, we work hard to help organizations evolve and stay agile while protecting against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers. Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled. To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance. Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.
 
 metadata:
   ms.topic: landing-page
@@ -17,140 +17,23 @@ metadata:
 
 landingContent:
 
-  - title: Learn about hardware security
+  - title: Chapter 1
     linkLists:
       - linkListType: overview
         links:
           - text: Trusted Platform Module (TPM)
             url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
-          - text: Microsoft Pluton
-            url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
-          - text: Windows Defender System Guard
-            url: /windows-hardware/design/device-experiences/oem-vbs
-          - text: Virtualization-based security (VBS)
-            url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
-          - text: Secured-core PC
-            url: /windows-hardware/design/device-experiences/oem-highly-secure-11
 
-  - title: Learn about OS security
+  - title: Chapter 2
     linkLists:
       - linkListType: overview
         links:
-          - text: Trusted boot
-            url: /windows/security/operating-system-security
-          - text: Windows security settings
-            url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
-          - text: BitLocker
-            url: /windows/security/operating-system-security/data-protection/bitlocker/
-          - text: Personal Data Encryption (PDE)
-            url: /windows/security/operating-system-security/data-protection/personal-data-encryption
-          - text: Windows security baselines
-            url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-          - text: Microsoft Defender SmartScreen
-            url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
-          - text: Windows Firewall
-            url: /windows/security/operating-system-security/network-security/windows-firewall/
-      - linkListType: architecture
-        links:
-          - text: BitLocker planning guide
-            url: /windows/security/operating-system-security/data-protection/bitlocker/planning-guide
-      - linkListType: how-to-guide
-        links:
-          - text: Configure BitLocker
-            url: /windows/security/operating-system-security/data-protection/bitlocker/configure
-          - text: Configure PDE
-            url: /windows/security/operating-system-security/data-protection/personal-data-encryption/configure
-      - linkListType: whats-new
-        links:
-          - text: Hyper-V firewall
-            url: /windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall
+          - text: Trusted Platform Module (TPM)
+            url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
 
-  - title: Learn about identity protection
+  - title: Chapter 3
     linkLists:
       - linkListType: overview
         links:
-          - text: Passwordless strategy
-            url: /windows/security/identity-protection/passwordless-strategy
-          - text: Windows Hello for Business
-            url: /windows/security/identity-protection/hello-for-business
-          - text: Windows passwordless experience
-            url: /windows/security/identity-protection/passwordless-experience
-          - text: Web sign-in for Windows
-            url: /windows/security/identity-protection/web-sign-in
-          - text: Passkeys
-            url: /windows/security/identity-protection/passkeys
-          - text: FIDO2 security keys
-            url: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
-          - text: Enhanced phishing protection with SmartScreen
-            url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
-      - linkListType: how-to-guide
-        links:
-          - text: Configure PIN reset
-            url: /windows/security/identity-protection/hello-for-business/pin-reset
-          - text: RDP sign-in with Windows Hello for Business
-            url: /windows/security/identity-protection/hello-for-business/rdp-sign-in
-      - linkListType: architecture
-        links:
-          - text: Plan a Windows Hello for Business deployment
-            url: /windows/security/identity-protection/hello-for-business/deploy/
-      - linkListType: deploy
-        links:
-          - text: Cloud Kerberos trust deployment guide
-            url: /windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust
-
-  - title: Learn about application security
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Windows Defender Application Control (WDAC)
-            url: /windows/security/application-security/application-control/windows-defender-application-control/
-          - text: User Account Control (UAC)
-            url: /windows/security/application-security/application-control/user-account-control
-          - text: Microsoft vulnerable driver blocklist
-            url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
-          - text: Microsoft Defender Application Guard (MDAG)
-            url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
-          - text: Windows Sandbox
-            url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
-      - linkListType: how-to-guide
-        links:
-          - text: Configure Windows Sandbox
-            url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
-
-  - title: Learn about security foundations
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Zero trust
-            url: /windows/security/security-foundations/zero-trust-windows-device-health
-          - text: FIPS 140 validation
-            url: /windows/security/security-foundations/certification/fips-140-validation
-          - text: Common Criteria Certifications
-            url: /windows/security/security-foundations/certification/windows-platform-common-criteria
-          - text: Microsoft Security Development Lifecycle (SDL)
-            url: /windows/security/security-foundations/msft-security-dev-lifecycle
-          - text: Microsoft Windows Insider Preview bounty program
-            url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
-          - text: OneFuzz service
-            url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
-      - linkListType: whats-new
-        links:
-          - text: Completed FIPS validations - Windows 11
-            url: /windows/security/security-foundations/certification/validations/fips-140-windows11
-          - text: Completed CC certifications - Windows 11
-            url: /windows/security/security-foundations/certification/validations/cc-windows11
-
-  - title: Learn about cloud security
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Security baselines with Intune
-            url: /mem/intune/protect/security-baselines
-          - text: Windows Autopatch
-            url: /windows/deployment/windows-autopatch
-          - text: Windows Autopilot
-            url: /windows/deployment/windows-autopilot
-          - text: Universal Print
-            url: /universal-print
-          - text: Remote wipe
-            url: /windows/client-management/mdm/remotewipe-csp
\ No newline at end of file
+          - text: Trusted Platform Module (TPM)
+            url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
diff --git a/windows/security/book/introduction.md b/windows/security/book/introduction.md
new file mode 100644
index 0000000000..4307d244c8
--- /dev/null
+++ b/windows/security/book/introduction.md
@@ -0,0 +1,35 @@
+---
+title: Windows security book introduction
+description: Windows security book introduction
+ms.topic: overview
+ms.date: 03/12/2024
+---
+
+# Windows security book
+
+## Introduction
+
+Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees. To thrive, organizations need security to work anywhere. Microsoft's 2022 Work Trend Index shows "cybersecurity issues and risks" are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
+
+In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware-based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches. At Microsoft, we work hard to help organizations evolve and stay agile while protecting
+against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect
+against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers.<sup>2</sup> Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled. To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance.<sup>3</sup> Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.
+
+## Security by design and security by default
+
+Windows 11 is designed with layers of security enabled by default, so you can focus on your work, not your security settings. Out-of-the-box features such as credential safeguards, malware shields, and application protection led to a reported 58% drop in security incidents, including a 3.1x reduction in firmware attacks.
+
+In Windows 11, hardware and software work together to shrink the attack surface, protect system integrity, and shield valuable data. New and enhanced features are designed for security by default. For example, Win32 apps in isolation, token protection, and Microsoft Intune Endpoint Privilege Management are some of the latest capabilities that
+help protect your organization and employees against attack. Windows Hello and Windows Hello for Business work with hardware-based features like TPM 2.0 and biometric scanners for credential protection and easier, secure sign-on. Existing security features like BitLocker encryption have also been enhanced to optimize both security and performance.
+
+## Protect employees against evolving threats
+
+With attackers targeting employees and their devices, organizations need stronger security against increasingly sophisticated cyberthreats. Windows 11 provides proactive protection against credential theft. Windows Hello and TPM 2.0 work together to shield identities. Secure biometric sign-in virtually eliminates the risk of lost or stolen passwords. And enhanced phishing protection increases safety. In fact, businesses reported 2.8x fewer instances of identity theft with the hardware-backed protection in Windows 11. Gain mission-critical application safeguards control for applications. Windows 11 has multiple layers of application security that shield critical data and code integrity. Application protection, privacy controls, and least-privilege principles enable developers to build in security by design. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need. As a result, organizations and regulators can be confident that critical data is protected.
+
+## End-to-end protection with modern management
+
+Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. In addition, Microsoft also provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can also enforce compliance and conditional access with modern device management (MDM) solutions such as Microsoft Intune and Microsoft Entra ID (formerly known as Azure Active Directory). Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11 has improved productivity for IT and security teams by a reported 25%.
+
+## Security by design and default
+
+In Windows 11, hardware and software work together to protect sensitive data from the core of your PC all the way to the cloud. Comprehensive protection helps keep your organization secure, no matter where people work. This simple diagram shows the layers of protection in Windows 11, while each chapter provides a layer-by-layer deep dive into features.
diff --git a/windows/security/book/operating-system-security.md b/windows/security/book/operating-system-security.md
new file mode 100644
index 0000000000..80298006ff
--- /dev/null
+++ b/windows/security/book/operating-system-security.md
@@ -0,0 +1,8 @@
+---
+title: Hardware security
+description: Hardware security
+ms.topic: overview
+ms.date: 03/12/2024
+---
+
+# Hardware security
diff --git a/windows/security/book/toc.yml b/windows/security/book/toc.yml
index b0de28a482..daba69322c 100644
--- a/windows/security/book/toc.yml
+++ b/windows/security/book/toc.yml
@@ -1,17 +1,13 @@
 items:
 - name: Introduction to Windows security
-  href: ../introduction.md
-- name: Security features licensing and edition requirements
-  href: ../licensing-and-edition-requirements.md
-- name: Security foundations
-  href: ../security-foundations/toc.yml
+  href: introduction.md
 - name: Hardware security
-  href: ../hardware-security/toc.yml
+  href: hardware-security.md
 - name: Operating system security
-  href: ../operating-system-security/toc.yml
+  href: operating-system-security.md
 - name: Application security
-  href: ../application-security/toc.yml
+  href: application-security.md
 - name: Identity protection
-  href: ../identity-protection/toc.yml
+  href: identity-protection.md
 - name: Cloud security
-  href: ../cloud-security/toc.yml
\ No newline at end of file
+  href: cloud-security.md
\ No newline at end of file