Merge branch 'dansimp-new-security-toc' of https://github.com/MicrosoftDocs/windows-docs-pr into dansimp-new-security-toc

2025-06-15 10:23:37 +00:00 · 2021-09-16 17:28:13 -07:00
parent c46601ff99 6d1f805d76
commit 6a19b38840
4 changed files with 51 additions and 10 deletions
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@ -441,13 +441,15 @@
              href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Security foundations
  items: 
-    - name: FIPS 140-2 Validation
-      href: threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: threat-protection/windows-platform-common-criteria.md
+    - name: Overview
+      href: security-foundations.md
    - name: Microsoft Security Development Lifecycle
      href: threat-protection/msft-security-dev-lifecycle.md
    - name: Microsoft Bug Bounty Program
      href: threat-protection/microsoft-bug-bounty-program.md
+    - name: FIPS 140-2 Validation
+      href: threat-protection/fips-140-validation.md
+    - name: Common Criteria Certifications
+      href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
  href: /windows/privacy/windows-10-and-privacy-compliance.md
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@ -11,7 +11,7 @@ metadata:
  ms.collection: m365-security-compliance
  author: dansimp #Required; your GitHub user alias, with correct capitalization.
  ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/14/2021
+  ms.date: 09/16/2021
  localization_priority: Priority
    
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -26,6 +26,8 @@ landingContent:
        links:
        - text: Trusted Platform Module
          url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+        - text: Hardware-based root of trust
+          url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
        - text: Protect domain credentials
          url: /windows/security/identity-protection/credential-guard/credential-guard.md
        - text: Kernel DMA Protection
@ -90,16 +92,20 @@ landingContent:
  # Card (optional)
  - title: Security foundations
    linkLists:
+      - linkListType: overview
+        links:
+        - text: Security foundations
+          url: security-foundations.md
      - linkListType: concept
        links:
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation.md
-          - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria.md
          - text: Microsoft Security Development Lifecycle
            url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
          - text: Microsoft Bug Bounty
            url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria.md
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
  # Card (optional)
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@ -37,5 +37,5 @@ Windows Security app | The Windows built-in security application found in setitn
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
+| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide). |

--- a/windows/security/security-foundations.md
+++ b/windows/security/security-foundations.md
@ -0,0 +1,33 @@
+---
+title: Windows security foundations
+description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
+ms.reviewer: 
+ms.topic: article
+manager: dansimp
+ms.author: deniseb
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: denisebmsft
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
+---
+
+# Windows security foundations
+
+Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
+
+Our strong security foundation leverages Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
+
+Use the links in the following table to learn more about the security foundations:<br/><br/>
+
+| Concept | Description |
+|:---|:---|
+| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
+| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
+| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
+| Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |
+
+
+