deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update TOC links for Windows security chapters

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-04-08 09:36:20 -04:00
parent 0dfa585ba5
commit 28c6abdb5f
5 changed files with 65 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/book/hardware-security.md Normal file
View File

@ -0,0 +1,8 @@
---
title: Hardware security
description: Hardware security
ms.topic: overview
ms.date: 03/12/2024
---
# Hardware security

133
windows/security/book/index.yml
View File

@ -1,7 +1,7 @@
### YamlMime:Landing
title: Windows security book
summary: Windows is designed with zero-trust principles at its core, offering powerful security from chip to cloud. As organizations embrace hybrid work environments, the need for robust security solutions becomes paramount. Windows integrates advanced hardware and software protection, ensuring data integrity and access control across devices. Learn about the different security features included in Windows.
summary: Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees. To thrive, organizations need security to work anywhere. Microsoft's 2022 Work Trend Index shows *cybersecurity issues and risks* are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices. In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches. At Microsoft, we work hard to help organizations evolve and stay agile while protecting against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers. Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled. To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance. Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.
metadata:
ms.topic: landing-page
@ -17,140 +17,23 @@ metadata:
landingContent:
- title: Learn about hardware security
- title: Chapter 1
linkLists:
- linkListType: overview
links:
- text: Trusted Platform Module (TPM)
url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
- text: Microsoft Pluton
url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
- text: Windows Defender System Guard
url: /windows-hardware/design/device-experiences/oem-vbs
- text: Virtualization-based security (VBS)
url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
- text: Secured-core PC
url: /windows-hardware/design/device-experiences/oem-highly-secure-11
- title: Learn about OS security
- title: Chapter 2
linkLists:
- linkListType: overview
links:
- text: Trusted boot
url: /windows/security/operating-system-security
- text: Windows security settings
url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
- text: BitLocker
url: /windows/security/operating-system-security/data-protection/bitlocker/
- text: Personal Data Encryption (PDE)
url: /windows/security/operating-system-security/data-protection/personal-data-encryption
- text: Windows security baselines
url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
- text: Microsoft Defender SmartScreen
url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
- text: Windows Firewall
url: /windows/security/operating-system-security/network-security/windows-firewall/
- linkListType: architecture
links:
- text: BitLocker planning guide
url: /windows/security/operating-system-security/data-protection/bitlocker/planning-guide
- linkListType: how-to-guide
links:
- text: Configure BitLocker
url: /windows/security/operating-system-security/data-protection/bitlocker/configure
- text: Configure PDE
url: /windows/security/operating-system-security/data-protection/personal-data-encryption/configure
- linkListType: whats-new
links:
- text: Hyper-V firewall
url: /windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall
- text: Trusted Platform Module (TPM)
url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
- title: Learn about identity protection
- title: Chapter 3
linkLists:
- linkListType: overview
links:
- text: Passwordless strategy
url: /windows/security/identity-protection/passwordless-strategy
- text: Windows Hello for Business
url: /windows/security/identity-protection/hello-for-business
- text: Windows passwordless experience
url: /windows/security/identity-protection/passwordless-experience
- text: Web sign-in for Windows
url: /windows/security/identity-protection/web-sign-in
- text: Passkeys
url: /windows/security/identity-protection/passkeys
- text: FIDO2 security keys
url: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
- text: Enhanced phishing protection with SmartScreen
url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
- linkListType: how-to-guide
links:
- text: Configure PIN reset
url: /windows/security/identity-protection/hello-for-business/pin-reset
- text: RDP sign-in with Windows Hello for Business
url: /windows/security/identity-protection/hello-for-business/rdp-sign-in
- linkListType: architecture
links:
- text: Plan a Windows Hello for Business deployment
url: /windows/security/identity-protection/hello-for-business/deploy/
- linkListType: deploy
links:
- text: Cloud Kerberos trust deployment guide
url: /windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust
- title: Learn about application security
linkLists:
- linkListType: overview
links:
- text: Windows Defender Application Control (WDAC)
url: /windows/security/application-security/application-control/windows-defender-application-control/
- text: User Account Control (UAC)
url: /windows/security/application-security/application-control/user-account-control
- text: Microsoft vulnerable driver blocklist
url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
- text: Microsoft Defender Application Guard (MDAG)
url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
- text: Windows Sandbox
url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
- linkListType: how-to-guide
links:
- text: Configure Windows Sandbox
url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
- title: Learn about security foundations
linkLists:
- linkListType: overview
links:
- text: Zero trust
url: /windows/security/security-foundations/zero-trust-windows-device-health
- text: FIPS 140 validation
url: /windows/security/security-foundations/certification/fips-140-validation
- text: Common Criteria Certifications
url: /windows/security/security-foundations/certification/windows-platform-common-criteria
- text: Microsoft Security Development Lifecycle (SDL)
url: /windows/security/security-foundations/msft-security-dev-lifecycle
- text: Microsoft Windows Insider Preview bounty program
url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
- text: OneFuzz service
url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
- linkListType: whats-new
links:
- text: Completed FIPS validations - Windows 11
url: /windows/security/security-foundations/certification/validations/fips-140-windows11
- text: Completed CC certifications - Windows 11
url: /windows/security/security-foundations/certification/validations/cc-windows11
- title: Learn about cloud security
linkLists:
- linkListType: overview
links:
- text: Security baselines with Intune
url: /mem/intune/protect/security-baselines
- text: Windows Autopatch
url: /windows/deployment/windows-autopatch
- text: Windows Autopilot
url: /windows/deployment/windows-autopilot
- text: Universal Print
url: /universal-print
- text: Remote wipe
url: /windows/client-management/mdm/remotewipe-csp
- text: Trusted Platform Module (TPM)
url: /windows/security/hardware-security/tpm/trusted-platform-module-overview

35
windows/security/book/introduction.md Normal file
View File

@ -0,0 +1,35 @@
---
title: Windows security book introduction
description: Windows security book introduction
ms.topic: overview
ms.date: 03/12/2024
---
# Windows security book
## Introduction
Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees. To thrive, organizations need security to work anywhere. Microsoft's 2022 Work Trend Index shows "cybersecurity issues and risks" are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware-based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches. At Microsoft, we work hard to help organizations evolve and stay agile while protecting
against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect
against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers.<sup>2</sup> Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled. To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance.<sup>3</sup> Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.
## Security by design and security by default
Windows 11 is designed with layers of security enabled by default, so you can focus on your work, not your security settings. Out-of-the-box features such as credential safeguards, malware shields, and application protection led to a reported 58% drop in security incidents, including a 3.1x reduction in firmware attacks.
In Windows 11, hardware and software work together to shrink the attack surface, protect system integrity, and shield valuable data. New and enhanced features are designed for security by default. For example, Win32 apps in isolation, token protection, and Microsoft Intune Endpoint Privilege Management are some of the latest capabilities that
help protect your organization and employees against attack. Windows Hello and Windows Hello for Business work with hardware-based features like TPM 2.0 and biometric scanners for credential protection and easier, secure sign-on. Existing security features like BitLocker encryption have also been enhanced to optimize both security and performance.
## Protect employees against evolving threats
With attackers targeting employees and their devices, organizations need stronger security against increasingly sophisticated cyberthreats. Windows 11 provides proactive protection against credential theft. Windows Hello and TPM 2.0 work together to shield identities. Secure biometric sign-in virtually eliminates the risk of lost or stolen passwords. And enhanced phishing protection increases safety. In fact, businesses reported 2.8x fewer instances of identity theft with the hardware-backed protection in Windows 11. Gain mission-critical application safeguards control for applications. Windows 11 has multiple layers of application security that shield critical data and code integrity. Application protection, privacy controls, and least-privilege principles enable developers to build in security by design. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need. As a result, organizations and regulators can be confident that critical data is protected.
## End-to-end protection with modern management
Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. In addition, Microsoft also provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can also enforce compliance and conditional access with modern device management (MDM) solutions such as Microsoft Intune and Microsoft Entra ID (formerly known as Azure Active Directory). Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11 has improved productivity for IT and security teams by a reported 25%.
## Security by design and default
In Windows 11, hardware and software work together to protect sensitive data from the core of your PC all the way to the cloud. Comprehensive protection helps keep your organization secure, no matter where people work. This simple diagram shows the layers of protection in Windows 11, while each chapter provides a layer-by-layer deep dive into features.

8
windows/security/book/operating-system-security.md Normal file
View File

@ -0,0 +1,8 @@
---
title: Hardware security
description: Hardware security
ms.topic: overview
ms.date: 03/12/2024
---
# Hardware security

16
windows/security/book/toc.yml
View File

@ -1,17 +1,13 @@
items:
- name: Introduction to Windows security
href: ../introduction.md
- name: Security features licensing and edition requirements
href: ../licensing-and-edition-requirements.md
- name: Security foundations
href: ../security-foundations/toc.yml
href: introduction.md
- name: Hardware security
href: ../hardware-security/toc.yml
href: hardware-security.md
- name: Operating system security
href: ../operating-system-security/toc.yml
href: operating-system-security.md
- name: Application security
href: ../application-security/toc.yml
href: application-security.md
- name: Identity protection
href: ../identity-protection/toc.yml
href: identity-protection.md
- name: Cloud security
href: ../cloud-security/toc.yml
href: cloud-security.md