Update image sources in hardware-security.md

windows/security/book/hardware-security.md

@@ -7,7 +7,7 @@ ms.date: 03/12/2024
 
 # Hardware security
 
-:::image type="content" source="hardware.png" alt-text="aas" lightbox="hardware.png":::
+:::image type="content" source="images\hardware.png" alt-text="aas" lightbox="hardware.png":::
 
 Today's ever-evolving threats require strong alignment between hardware and software technologies to keep users, data, and devices protected. The operating system alone cannot defend against the wide range of tools and techniques cybercriminals use to compromise a computer. Once they gain a foothold, intruders can be difficult to detect as they engage in multiple nefarious activities ranging from stealing important data and credentials to implanting malware into low-level device firmware. Once malware is installed in firmware, it becomes difficult to identify and remove. These new threats call for computing hardware that is secure down to the very core, including the hardware chips and processors that store sensitive business information. With hardware-based protection, we can enable strong mitigation against entire classes of vulnerabilities that are difficult to thwart with software alone. Hardware-based protection can also improve the system's overall security without measurably slowing performance, compared to implementing the same capability in software.
 

windows/security/book/includes/hardware-root-of-trust.md

@@ -7,7 +7,7 @@ ms.topic: include
 
 ## Hardware root-of-trust
 
-:::image type="content" source="..\hardware-root-of-trust.png" alt-text="Diagram containing a list of features.":::
+:::image type="content" source="..\images\hardware-root-of-trust.png" alt-text="Diagram containing a list of features." border="false":::
 
 ### Trusted Platform Module (TPM)
 

windows/security/book/includes/silicon-assisted-security.md

@@ -7,7 +7,7 @@ ms.topic: include
 
 ## Silicon assisted security
 
-:::image type="content" source="..\silicon-assisted-security.png" alt-text="Diagram containing a list of features.":::
+:::image type="content" source="..\images\silicon-assisted-security.png" alt-text="Diagram containing a list of features." border="false":::
 
 In addition to a modern hardware root-of-trust, there are numerous other capabilities in the latest chips that harden the operating system against threats by protecting the boot process, safeguarding the integrity of memory, isolating security-sensitive compute logic, and more.
 
@@ -66,7 +66,7 @@ In Secured-core PCs, System Guard Secure Launch protects bootup with a technolog
 System Management Mode (SMM) isolation is an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. SMM complements the protections provided by DRTM by helping to reduce the attack surface. Relying on capabilities provided by silicon providers like Intel and AMD, SMM isolation enforces policies
 that implement restrictions such as preventing SMM code from accessing OS memory. The SMM isolation policy is included as part of the DRTM measurements that can be sent to a verifier like Microsoft Azure Remote Attestation.
 
-:::image type="content" source="architecture.png" alt-text="aas" lightbox="architecture.png":::
+:::image type="content" source="..\images\architecture.png" alt-text="aas" lightbox="..\architecture.png" border="false":::
 
 Learn more:
 

windows/security/book/index.md

@@ -9,35 +9,45 @@ ms.date: 03/12/2024
 
 ## Introduction
 
-Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees. To thrive, organizations need security to work anywhere. Microsoft's 2022 Work Trend Index shows "cybersecurity issues and risks" are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
+Emerging technologies and evolving business trends bring new opportunities and challenges for organizations of all sizes. As technology and workstyles transform, so does the threat landscape with growing numbers of increasingly sophisticated attacks on organizations and employees.
 
-In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware-based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches. At Microsoft, we work hard to help organizations evolve and stay agile while protecting
-against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect
-against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers.<sup>2</sup> Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled. To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance.<sup>3</sup> Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.
+To thrive, organizations need security to work anywhere. [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows *cybersecurity issues and risks* are top concerns for business decision-makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
 
-## Security by design and security by default
+In the past, a corporate network and software-based security were the first lines of defense. With an increasingly distributed and mobile workforce, attention has shifted to hardware-based endpoint security. People are now the top target for cybercriminals, with 74% of all breaches due to human error, privilege misuses, stolen credentials, or social engineering. Most attacks are financially motivated, and credential theft, phishing, and exploitation of vulnerabilities are the primary attack vectors. Credential theft is the most prevalent attack vector, accounting for 50% of breaches.<sup>1</sup>
 
-Windows 11 is designed with layers of security enabled by default, so you can focus on your work, not your security settings. Out-of-the-box features such as credential safeguards, malware shields, and application protection led to a reported 58% drop in security incidents, including a 3.1x reduction in firmware attacks.
+At Microsoft, we work hard to help organizations evolve and stay agile while protecting against modern threats. We're committed to helping businesses and their employees get secure—and stay secure. We synthesize 43 trillion signals daily to understand and protect against digital threats. We have more than 8,500 dedicated security professionals across 77 countries and over 15,000 partners in our security ecosystem striving to increase resilience for our customers.<sup>2</sup>
 
-In Windows 11, hardware and software work together to shrink the attack surface, protect system integrity, and shield valuable data. New and enhanced features are designed for security by default. For example, Win32 apps in isolation, token protection, and Microsoft Intune Endpoint Privilege Management are some of the latest capabilities that
-help protect your organization and employees against attack. Windows Hello and Windows Hello for Business work with hardware-based features like TPM 2.0 and biometric scanners for credential protection and easier, secure sign-on. Existing security features like BitLocker encryption have also been enhanced to optimize both security and performance.
+Businesses worldwide are moving toward secure-by-design and secure-by-default strategies. With these models, organizations choose products from manufacturers that consider security as a business requirement, not just a technical feature. With a secure-by-default strategy, businesses can proactively reduce risk and exposure to threats across their organization because products are shipped with security features already built in and enabled.
 
-## Protect employees against evolving threats
+To help businesses transform and thrive in a new era, we built Windows 11 to be secure by design and secure by default. Windows 11 devices arrive with more security features enabled out of the box. In contrast, Windows 10 devices came with many safeguards turned off unless enabled by IT or employees. The default security provided by Windows 11 elevates protection without needing to configure settings. In addition, Windows 11 devices have been shown to increase malware resistance without impacting performance.<sup>3</sup> Windows 11 is the most secure Windows ever, built in deep partnership with original equipment manufacturers (OEMs) and silicon manufacturers. Discover why organizations of all sizes, including 90% of Fortune 500 companies, are taking advantage of the powerful default protection of Windows 11.<sup>4</sup>
+
+## Security priorities and benefits
+
+### Security by design and security by default
+
+Windows 11 is designed with layers of security enabled by default, so you can focus on your work, not your security settings. Out-of-the-box features such as credential safeguards, malware shields, and application protection led to a reported 58% drop in security incidents, including a 3.1x reduction in firmware attacks.<sup>5</sup>
+
+In Windows 11, hardware and software work together to shrink the attack surface, protect system integrity, and shield valuable data. New and enhanced features are designed for security by default. For example, Win32 apps in isolation, token protection, and Microsoft Intune Endpoint Privilege Management are some of the latest capabilities that help protect your organization and employees against attack. Windows Hello and Windows Hello for Business work with hardware-based features like TPM 2.0 and biometric scanners for credential protection and easier, secure sign-on. Existing security features like BitLocker encryption have also been enhanced to optimize both security and performance.
+
+### Protect employees against evolving threats
 
 With attackers targeting employees and their devices, organizations need stronger security against increasingly sophisticated cyberthreats. Windows 11 provides proactive protection against credential theft. Windows Hello and TPM 2.0 work together to shield identities. Secure biometric sign-in virtually eliminates the risk of lost or stolen passwords. And enhanced phishing protection increases safety. In fact, businesses reported 2.8x fewer instances of identity theft with the hardware-backed protection in Windows 11.
 
-## Gain mission-critical application safeguards
+### Gain mission-critical application safeguards
 
 Help keep business data secure and employees productive with robust safeguards and control for applications. Windows 11 has multiple layers of application security that shield critical data and code integrity. Application protection, privacy controls, and least-privilege principles enable developers to build in security by design. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need. As a result, organizations and regulators can be confident that critical data is protected.
 
-## End-to-end protection with modern management
+### End-to-end protection with modern management
 
-Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. In addition, Microsoft also provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can also enforce compliance and conditional access with modern device management (MDM) solutions such as Microsoft Intune and Microsoft Entra ID (formerly known as Azure Active Directory). Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11 has improved productivity for IT and security teams by a reported 25%.
+Increase protection and efficiency with Windows 11 and chip-to-cloud security. Microsoft offers comprehensive cloud services for identity, storage, and access management. In addition, Microsoft also provides the tools needed to attest that Windows 11 devices connecting to your network or accessing your data and resources are trustworthy. You can also enforce compliance and conditional access with modern device management (MDM) solutions such as Microsoft Intune and Microsoft Entra ID. Security by default not only enables people to work securely anywhere, but it also simplifies IT. A streamlined, chip-to-cloud security solution based on Windows 11 has improved productivity for IT and security teams by a reported 25%.<sup>8</sup>
 
 ## Security by design and default
 
 In Windows 11, hardware and software work together to protect sensitive data from the core of your PC all the way to the cloud. Comprehensive protection helps keep your organization secure, no matter where people work. This simple diagram shows the layers of protection in Windows 11, while each chapter provides a layer-by-layer deep dive into features.
 
-:::image type="content" source="chip-to-cloud.png" alt-text="aas" lightbox="chip-to-cloud.png":::
+:::image type="content" source="images\chip-to-cloud.png" alt-text="Disagram of chip-to-cloud containng a list of security features." lightbox="chip-to-cloud.png":::
 
-Learn more: Windows security features licensing and edition requirements
+Learn more: [Windows security features licensing and edition requirements](https://learn.microsoft.com/en-us/windows/security/licensing-and-edition-requirements?tabs=edition)
+
+> [!div class="nextstepaction"]
+> [Next: Hardware security >](hardware-security.md)

windows/security/book/operating-system-security.md

@@ -7,7 +7,7 @@ ms.date: 03/12/2024
 
 # Hardware security
 
-:::image type="content" source="image-1.png" alt-text="aas" lightbox="image-1.png" border="false":::
+:::image type="content" source="images\image-1.png" alt-text="aas" lightbox="image-1.png" border="false":::
 
 Windows 11 is the most secure Windows yet with extensive security measures in the operating system designed to help keep devices, identities, and information safe. These measures include built-in advanced encryption and data protection, robust network system security, and intelligent safeguards against ever-evolving viruses and threats.