footnotes updates

2025-06-15 02:13:43 +00:00 · 2024-10-14 11:17:38 -04:00
parent 737d211ecf
commit 40d85b7882
8 changed files with 12 additions and 12 deletions
--- a/windows/security/book/application-security-application-and-driver-control.md
+++ b/windows/security/book/application-security-application-and-driver-control.md
@ -36,7 +36,7 @@ Your organization is only as secure as the applications that run on your devices

 App Control for Business (previously called *Windows Defender Application Control*) and AppLocker are both included in Windows. App Control for Business is the next-generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to App Control for Business for stronger protection.

-Customers using Microsoft Intune to manage their devices are now able to configure App Control for Business in the admin console, including setting up Intune as a managed installer.
+Customers using Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup> to manage their devices are now able to configure App Control for Business in the admin console, including setting up Intune as a managed installer.

 Customers can use some built-in options for App Control for Business or upload their own policy as an XML file for Intune to package and deploy.

--- a/windows/security/book/application-security-application-isolation.md
+++ b/windows/security/book/application-security-application-isolation.md
@ -64,7 +64,7 @@ With Windows Subsystem for Linux (WSL) you can run a Linux environment on a Wind
 - **DNS Tunneling** is a networking setting that improves compatibility in different networking environments, making use of virtualization features to obtain DNS information rather than a networking packet
 - **Auto proxy** is a networking setting that enforces WSL to use Windows' HTTP proxy information. Turn on when using a proxy on Windows, as it makes that proxy automatically apply to WSL distributions

-These features can be set up using a device management solution such as Microsoft Intune. Microsoft Defender for Endpoint (MDE) integrates with WSL, allowing it to monitor activities within a WSL distro and report them to the MDE dashboards.
+These features can be set up using a device management solution such as Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>. Microsoft Defender for Endpoint (MDE) integrates with WSL, allowing it to monitor activities within a WSL distro and report them to the MDE dashboards.

 [!INCLUDE [learn-more](includes/learn-more.md)]

--- a/windows/security/book/cloud-services-protect-your-work-information.md
+++ b/windows/security/book/cloud-services-protect-your-work-information.md
@ -176,7 +176,7 @@ With Intune, organizations can also extend MAM App Config, MAM App Protection, a

 ### Security baseline for cloud-based device management solutions

-Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune. These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools.
+Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>. These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools.

 The security baseline includes policies for:

@ -194,7 +194,7 @@ The security baseline has been enhanced with over 70 new settings, enabling loca

 ## Windows Local Administrator Password Solution (LAPS)

-Local Administrator Password solution was a key consideration for many customers when deciding to make the transition from on-premises to cloud-managed devices using Intune. With LAPS, organizations can automatically manage and back up the password of a local administrator account on Microsoft Entra ID joined or Microsoft Entra hybrid joined devices.
+Local Administrator Password solution was a key consideration for many customers when deciding to make the transition from on-premises to cloud-managed devices using Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>. With LAPS, organizations can automatically manage and back up the password of a local administrator account on Microsoft Entra ID joined or Microsoft Entra hybrid joined devices.

 [!INCLUDE [learn-more](includes/learn-more.md)]

@ -209,7 +209,7 @@ With Windows Autopilot, there's no need to reimage or manually set-up devices be
 Windows Autopilot enables you to:

 - Automatically join devices to Microsoft Entra ID or Active Directory via Microsoft Entra hybrid join
- Auto-enroll devices into a device management solution like Microsoft Intune (requires an Microsoft Entra ID Premium subscription for configuration)
+- Auto-enroll devices into a device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup> (requires an Microsoft Entra ID Premium subscription for configuration)
 - Create and auto-assignment of devices to configuration groups based on a device's profile
 - Customize of the out-of-box experience (OOBE) content specific to your organization

@ -223,7 +223,7 @@ Existing devices can also be quickly prepared for a new user with [Windows Autop

 Windows Update for Business empowers IT administrators to ensure that their organization's Windows client devices are consistently up to date with the latest security updates and features. By directly connecting these systems to the Windows Update service, administrators can maintain a high level of security and functionality.

-Administrators can utilize group policy or a device management solution like Microsoft Intune, to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization.
+Administrators can utilize group policy or a device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>, to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization.

 This approach not only provides control over the update process but also ensures a seamless and positive update experience for all users within the organization. By using Windows Update for Business, organizations can achieve a more secure and efficient operational environment.

@ -276,7 +276,7 @@ Universal Print supports Zero Trust security by requiring that:
 - Each acting application must register with Microsoft Entra ID and specify the set of permission scopes it requires. Microsoft's own acting applications - for example, the Universal Print connector - are registered with the Microsoft Entra ID service. Customer administrators need to provide their consent to the required permission scopes as part of onboarding the application to their tenant
 - Each authentication with Microsoft Entra ID from an acting application cannot extend the permission scope as defined by the acting client app. This prevents the app from requesting additional permissions if the app is breached

-Additionally, Windows 11 and Windows 10 include MDM support to simplify printer setup for users. With initial support from Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>, admins can now configure policies to provision specific printers onto the user's Windows devices.
+Additionally, Windows 11 includes MDM support to simplify printer setup for users. With initial support from Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>, admins can now configure policies to provision specific printers onto the user's Windows devices.

 Universal Print stores the print data in cloud securely in Office Storage, the same storage used by other Microsoft Office products.

--- a/windows/security/book/identity-protection-passwordless-sign-in.md
+++ b/windows/security/book/identity-protection-passwordless-sign-in.md
@ -85,7 +85,7 @@ Organizations with hybrid scenarios can eliminate the need for on-premises domai

 ### PIN reset

-The Microsoft PIN Reset Service allows users to reset their forgotten Windows Hello PINs without requiring re-enrollment. After registering the service in the Microsoft Entra ID tenant, the capability must be enabled on the Windwos devices using group policy or a device management solution like Microsoft Intune.
+The Microsoft PIN Reset Service allows users to reset their forgotten Windows Hello PINs without requiring re-enrollment. After registering the service in the Microsoft Entra ID tenant, the capability must be enabled on the Windwos devices using group policy or a device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>.

 Users can initiate a PIN reset from the Windows lock screen or from the sign-in options in Settings. The process involves authenticating and completing multifactor authentication to reset the PIN.

--- a/windows/security/book/index.md
+++ b/windows/security/book/index.md
@ -45,7 +45,7 @@ Help keep business data secure and employees productive with robust safeguards a

 ### End-to-end protection with cloud-native management

-Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. Microsoft provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can enforce compliance and conditional access with management solutions such as Microsoft Intune and cloud-based identity with Microsoft Entra ID. Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11, improves productivity for IT and security teams by a reported 25%<sup>[\[8\]](conclusion.md#footnote8)</sup>.
+Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. Microsoft provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can enforce compliance and conditional access with management solutions such as Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup> and cloud-based identity with Microsoft Entra ID. Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11, improves productivity for IT and security teams by a reported 25%<sup>[\[8\]](conclusion.md#footnote8)</sup>.

 In Windows 11, hardware and software work together to protect sensitive data from the core of the device all the way to the cloud. Comprehensive protection helps keep organizations secure, no matter where people work. The following diagram shows the layers of protection in Windows 11, while each chapter provides a layer-by-layer deep dive into features.

--- a/windows/security/book/operating-system-security-encryption-and-data-protection.md
+++ b/windows/security/book/operating-system-security-encryption-and-data-protection.md
@ -13,7 +13,7 @@ When people travel with their PCs, their confidential information travels with t

 ## BitLocker

-BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. BitLocker uses the AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. BitLocker can save its recovery password to a Microsoft account for retrieval if needed. This happens automatically during the initial setup when BitLocker is enabled in OOE (Out of Box Experience) on modern devices and the user signs into their Microsoft account for the first time. Additionally, users have the option to export the recovery password if they have manually enabled BitLocker. Cloud storage on Microsoft OneDrive or Azure<sup>[\[7\]](conclusion.md#footnote7)</sup> can be used to save recovery key content. BitLocker can be managed by a device management solution like Microsoft Intune<sup>[\[6\]](conclusion.md#footnote6)</sup> using a configuration service provider (CSP)<sup>[\[7\]](conclusion.md#footnote7)</sup>. BitLocker provides encryption for the OS, fixed data, and removable data drives (BitLocker To Go), using technologies like Hardware Security Test Interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM.
+BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. BitLocker uses the AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. BitLocker can save its recovery password to a Microsoft account for retrieval if needed. This happens automatically during the initial setup when BitLocker is enabled in OOE (Out of Box Experience) on modern devices and the user signs into their Microsoft account for the first time. Additionally, users have the option to export the recovery password if they have manually enabled BitLocker. Cloud storage on Microsoft OneDrive or Azure<sup>[\[7\]](conclusion.md#footnote7)</sup> can be used to save recovery key content. BitLocker can be managed by a device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup> using a configuration service provider (CSP). BitLocker provides encryption for the OS, fixed data, and removable data drives (BitLocker To Go), using technologies like Hardware Security Test Interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM.

 [!INCLUDE [learn-more](includes/learn-more.md)]

--- a/windows/security/book/operating-system-security-network-security.md
+++ b/windows/security/book/operating-system-security-network-security.md
@ -100,7 +100,7 @@ consumer VPNs, including apps for the most popular enterprise VPN gateways.

 In Windows 11, we've integrated the most commonly used VPN controls right into the Windows 11 Quick Actions pane. From the Quick Actions pane, users can verify the status of their VPN, start and stop the connection, and easily open Settings for more controls.

-The Windows VPN platform connects to Microsoft Entra ID<sup>[\[7\]](conclusion.md#footnote7)</sup> and Conditional Access for single sign-on, including multifactor authentication (MFA) through Microsoft Entra ID. The VPN platform also supports classic domain-joined authentication. It's supported by Microsoft Intune and other device management solutions. The flexible VPN profile supports both built-in protocols and custom protocols. It can configure multiple authentication methods and can be automatically started as needed or manually started by the end user. It also supports split-tunnel VPN and exclusive VPN with exceptions for trusted external sites.
+The Windows VPN platform connects to Microsoft Entra ID<sup>[\[7\]](conclusion.md#footnote7)</sup> and Conditional Access for single sign-on, including multifactor authentication (MFA) through Microsoft Entra ID. The VPN platform also supports classic domain-joined authentication. It's supported by Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup> and other device management solutions. The flexible VPN profile supports both built-in protocols and custom protocols. It can configure multiple authentication methods and can be automatically started as needed or manually started by the end user. It also supports split-tunnel VPN and exclusive VPN with exceptions for trusted external sites.

 With Universal Windows Platform (UWP) VPN apps, end users never get stuck on an old version of their VPN client. VPN apps from the store will be automatically updated as needed. Naturally, the updates are in the control of your IT admins.

--- a/windows/security/book/operating-system-security-system-security.md
+++ b/windows/security/book/operating-system-security-system-security.md
@ -128,7 +128,7 @@ Config Refresh can also be paused for a configurable period of time, after which

 ## Kiosk mode

-With Assigned Access and Shell Launcher, you can configure Windows to restrict functionality to preselected applications. These features are ideal for public-facing or shared devices like kiosks. Configuring a device as a kiosk is straightforward and can be done locally on the device or through a cloud-based device management solution like Microsoft Intune.
+With Assigned Access and Shell Launcher, you can configure Windows to restrict functionality to preselected applications. These features are ideal for public-facing or shared devices like kiosks. Configuring a device as a kiosk is straightforward and can be done locally on the device or through a cloud-based device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>.

 [!INCLUDE [learn-more](includes/learn-more.md)]