deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

resize image

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-11-06 17:29:44 -05:00
parent 170cfb0867
commit 5205928e2f
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/book/cloud-services-protect-your-work-information.md
View File

@ -15,9 +15,14 @@ Microsoft Entra ID is a comprehensive cloud-based identity management solution t
Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID . Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID .
For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification. :::row:::
:::column:::
:::image type="content" source="images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false"::: For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification.
:::column-end:::
:::column:::
:::image type="content" source="images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="images/device-registration.png":::
:::column-end:::
:::row-end:::
To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management. To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management.

3
windows/security/book/hardware-security-silicon-assisted-security.md
View File

@ -19,8 +19,7 @@ To secure the kernel, we have two key features: Virtualization-based security (V
:::row::: :::row:::
:::column::: :::column:::
Virtualization-based security (VBS), also known as core isolation, is a critical building block in a secure system. VBS uses hardware virtualization features to host a secure kernel separated from the operating system. This means that even if the operating system is compromised, the secure kernel is still protected. The isolated VBS environment protects processes, such as security solutions and credential managers, from other processes running in memory. Even if malware gains access to the main OS kernel, the hypervisor and virtualization hardware help prevent the malware from executing unauthorized code or accessing platform secrets in the VBS environment. VBS Virtualization-based security (VBS), also known as core isolation, is a critical building block in a secure system. VBS uses hardware virtualization features to host a secure kernel separated from the operating system. This means that even if the operating system is compromised, the secure kernel is still protected. The isolated VBS environment protects processes, such as security solutions and credential managers, from other processes running in memory. Even if malware gains access to the main OS kernel, the hypervisor and virtualization hardware help prevent the malware from executing unauthorized code or accessing platform secrets in the VBS environment. VBS implements virtual trust level 1 (VTL1), which has higher privilege than the virtual trust level 0 (VTL0) implemented in the main kernel.
implements virtual trust level 1 (VTL1), which has higher privilege than the virtual trust level 0 (VTL0) implemented in the main kernel.
:::column-end::: :::column-end:::
:::column::: :::column:::
:::image type="content" source="images/vbs-diagram.png" alt-text="Diagram of VBS architecture." lightbox="images/vbs-diagram.png" border="false"::: :::image type="content" source="images/vbs-diagram.png" alt-text="Diagram of VBS architecture." lightbox="images/vbs-diagram.png" border="false":::