updates

windows/security/book/application-security-application-and-driver-control.md

@@ -72,12 +72,11 @@ The Windows kernel is the most privileged software and is therefore a compelling
 
 ## Trusted signing
 
-It is a Microsoft fully managed end-to-end signing solution that simplifies the signing process and empowers 3rd party developers to easily build and distribute applications. This feature is currently in public preview and is part of Microsoft's commitment to an open, inclusive, and secure ecosystem.
+Trsuted Signing is a Microsoft fully managed, end-to-end signing solution that simplifies the signing process and empowers third-party developers to easily build and distribute applications.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [What is Trusted Signing](/azure/trusted-signing/overview)
-- [Public Preview Blog](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/trusted-signing-is-in-public-preview/ba-p/4103457)
 
 <!--links-->
 

windows/security/book/application-security-application-isolation.md

@@ -9,7 +9,7 @@ ms.date: 09/06/2024
 
 :::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of application security features." lightbox="images/application-security.png" border="false":::
 
-## Win32 app isolation
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Win32 app isolation
 
 Win32 app isolation is a security feature designed to be the default isolation standard on Windows clients. It's built on [AppContainer][LINK-1], and offers several added security features to help the Windows platform defend against attacks that use vulnerabilities in applications or third-party libraries. To isolate their apps, developers can update their applications using Visual Studio.
 
@@ -74,7 +74,7 @@ These features can be set up using a device management solution such as Microsof
 - [Intune setting for WSL][LINK-13]
 - [Microsoft Defender for Endpoint plug-in for WSL][LINK-14]
 
-## Virtualization-based security enclaves
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Virtualization-based security enclaves
 
 A **Virtualization-based security enclave** is a software-based trusted execution environment (TEE) inside a host application. VBS enclaves enable developers to use VBS to protect their application's secrets from admin-level attacks. VBS enclaves are available on Windows 10 onwards on both x64 and ARM64.
 

windows/security/book/conclusion.md

@@ -15,12 +15,11 @@ We will continue to bring you new features to protect against evolving threats,
 
 New:
 
-- [Config Refresh](operating-system-security-system-security.md#config-refresh)
-- [Trusted signing](application-security-application-and-driver-control.md#trusted-signing)
+- [Config Refresh](operating-system-security-system-security.md#-config-refresh)
 - [VBS key protection](identity-protection-advanced-credential-protection.md#-vbs-key-protection)
-- [Virtualization-based security enclaves](application-security-application-isolation.md#virtualization-based-security-enclaves)
-- [Win32 app isolation](application-security-application-isolation.md#win32-app-isolation)
-- [Windows protected print mode](operating-system-security-system-security.md#windows-protected-print-mode)
+- [Virtualization-based security enclaves](application-security-application-isolation.md#-virtualization-based-security-enclaves)
+- [Win32 app isolation](application-security-application-isolation.md#-win32-app-isolation)
+- [Windows protected print mode](operating-system-security-system-security.md#-windows-protected-print-mode)
 
 Enhanced:
 

windows/security/book/operating-system-security-system-security.md

@@ -112,7 +112,7 @@ Visibility and awareness of device security and health are key to any action tak
 - [Windows security settings][LINK-7]
 - [Windows Security][LINK-8]
 
-## Config Refresh
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Config Refresh
 
 With traditional group policy, policy settings are refreshed on a PC when a user signs in and every 90 minutes by default. Administrators can adjust that timing to be shorter to ensure that the policy settings are compliant with the management settings set by IT.
 
@@ -134,7 +134,7 @@ With Assigned Access and Shell Launcher, you can configure Windows to restrict f
 
 - [Windows kiosks and restricted user experiences](/windows/configuration/assigned-access)
 
-## Windows protected print mode
+## :::image type="icon" source="images/new-button-title.svg" border="false"::: Windows protected print mode
 
 Windows protected print mode is built to provide a more modern and secure print system that maximizes compatibility and puts users first. It simplifies the printing experience by allowing devices to exclusively print using the Windows modern print stack.