deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'security-book-24' of github.com:paolomatarazzo/windows-docs-pr into security-book-24

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-10-15 07:52:00 -04:00
parent 35fa204bd4 43112711f9
commit 72e43a3bbc
7 changed files with 7 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/book/application-security.md
View File

@ -11,7 +11,4 @@ ms.date: 09/06/2024
:::image type="content" source="images/application-security-on.png" alt-text="Diagram of containing a list of security features." lightbox="images/application-security.png" border="false":::
Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows 11, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts so that PCs run with the least amount of privileges to prevent malicious applications from accessing sensitive resources.
In addition, organizations can control which applications run on their devices with App Control for Business (previously called Windows Defender Application Control - WDAC).
Applications are prime vectors for cyberattacks due to their frequent usage and access to valuable data. Common attempts include injection attacks that insert malicious code, man-in-the-middle attacks that intercept and potentially alter communication between users and applications, and various methods of tricking users into divulging sensitive information or changing system settings. Windows 11 protects users, apps, and data with features like Windows App Control for Business and the Microsoft vulnerable driver blocklist, which help ensure that only trusted apps and drivers can run on the device.

4
windows/security/book/cloud-services.md
View File

@ -11,6 +11,4 @@ ms.date: 09/06/2024
:::image type="content" source="images/cloud-security-on.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false":::
Today's workforce has more freedom and mobility than ever before, but the risk of data exposure is also at its highest. At Microsoft, we are focused on getting customers to the cloud to benefit from hybrid workstyles while improving security management. Built on Zero Trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
From identity and device management to Office apps and data storage, Windows 11 and integrated cloud services can help improve productivity, security, and resilience anywhere.
The workplace is constantly evolving, with many employees working outside the office at least some of the time. While remote work and cloud services provide more flexibility, they also result in more endpoints and locations for organizations to worry about. Windows 11, combined with Microsoft Entra ID for identity management, and modern device management (MDM) tools like Microsoft Intune, can be the foundation of a Zero Trust security model that enables flexible workstyles while controlling access, safeguarding sensitive information, and mitigating threats.

2
windows/security/book/conclusion.md
View File

@ -7,7 +7,7 @@ ms.date: 09/06/2024
# Conclusion
We will continue to bring you new features to protect against evolving threats, simplify management, and securely enable new workstyles. With Windows 11 devices, organizations of all sizes can benefit from the security and performance to thrive anywhere.
We will continue to innovate with security by design and security by default at the heart of every new Windows 11 PC and feature. This commitment ensures that our products not only meet, but exceed, the security expectations of our customers by providing robust protection against modern cyber threats while maintaining ease-of-use and performance. By integrating advanced security measures from the ground up, we aim to create a safer digital environment for everyone.
:::image type="content" source="images/chip-to-cloud.png" alt-text="Diagram of chip-to-cloud containing a list of security features." lightbox="images/chip-to-cloud.png" border="false":::

4
windows/security/book/hardware-security.md
View File

@ -11,6 +11,4 @@ ms.date: 09/06/2024
:::image type="content" source="images/hardware-on.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
Today's ever-evolving threats require strong alignment between hardware and software technologies to keep users, data, and devices protected. The operating system alone can't defend against the wide range of tools and techniques cybercriminals use to compromise a computer. Once intruders gain a foothold, they can be difficult to detect. They engage in multiple nefarious activities, ranging from stealing important data and credentials, to implanting malware into low-level device firmware. Once malware is installed in firmware, it becomes difficult to identify and remove. These new threats call for computing hardware that is secure down to the very core, including the hardware chips and processors that store sensitive business information. With hardware-based protection, we can enable strong mitigation against entire classes of vulnerabilities that are difficult to thwart with software alone. Hardware-based protection can also improve the system's overall security without measurably slowing performance, compared to implementing the same capability in software.
With Windows 11, Microsoft raises the hardware security bar to design the most secure version of Windows ever from chip to cloud. We have carefully chosen the hardware requirements and default security features based on threat intelligence, global regulatory requirements, and our own Microsoft Security team's expertise. We have worked with our chip and device manufacturing partners to integrate advanced security capabilities across software, firmware, and hardware. Through a powerful combination of hardware root-of-trust and silicon-assisted security, Windows 11 delivers built-in hardware protection out of the box.
Today's ever-evolving threats require strong alignment between hardware and software to keep users, data, and devices protected. The operating system and software alone cannot defend against the wide range of tools used by cybercriminals to steal credentials, take data, and implant malware. In partnership with our silicon and device manufacturing partners, Windows 11 PCs shield software, hardware, and firmware with features like TPM 2.0, Microsoft Pluton, and virtualization-based security. Windows 11 PCs provide hardware-backed protection by default to significantly improve security while maintaining the performance that users expect.

2
windows/security/book/operating-system-security.md
View File

@ -11,4 +11,4 @@ ms.date: 09/06/2024
:::image type="content" source="images/operating-system-on.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
Windows 11 is the most secure Windows yet with extensive security measures in the operating system designed to help keep devices, identities, and information safe. These measures include built-in advanced encryption and data protection, robust network system security, and intelligent safeguards against ever-evolving viruses and threats.
Operating systems face an onslaught of security threats, from malware and exploits to unauthorized access and privilege escalation. Windows 11 is the most secure Windows yet, with strong operating system safeguards to help keep devices, identities, and data safe. Defenses include a trusted boot process, layers of encryption, network security, and virus and threat protection. These comprehensive security features ensure that Windows 11 provides robust protection against modern cyber threats.

5
windows/security/book/privacy.md
View File

@ -11,8 +11,5 @@ ms.date: 09/06/2024
:::image type="content" source="images/privacy-on.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false":::
Privacy is becoming top of mind for organizations that want to know who is using their data and why. They also need to know how to control and manage the data that is being collected - so providing transparency and control over this personal data is essential. At Microsoft, we're focused on protecting the privacy and confidentiality of your data and only use it in a way that is consistent with your expectations.
Privacy is an important priority for individuals and organizations, and the rise of AI is bringing it into even sharper focus. Windows provides privacy controls that can be easily accessed in the Settings app or desktop system tray for speech, location, calendar, microphone, call history, and more. Users can also find more information and manage privacy settings for Microsoft apps and services by signing into their [account dashboard](https://privacy.microsoft.com/).
[!INCLUDE [learn-more](includes/learn-more.md)]
- [Privacy: Your data, powering your experiences, controlled by you](https://privacy.microsoft.com/)

6
windows/security/book/security-foundation.md
View File

@ -9,10 +9,6 @@ ms.date: 09/06/2024
:::image type="content" source="images/security-foundation-cover.png" alt-text="Cover of the security foundation chapter." border="false":::
Microsoft is committed to continuously investing in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest lifecycle phases of all our product design and software development processes. We build in security from the ground up for powerful defense in today's threat environment and have the infrastructure to protect and react quickly to future threats.
Every component of the Windows 11 technology stack, from chip-to-cloud, is purposefully built secure by design. Windows 11 meets the modern threats of today's flexible work environments by delivering hardware-based isolation, end-to-end encryption, and advanced malware protection.
With Windows 11, organizations can improve productivity and gain intuitive new experiences without compromising security.
Microsoft is committed to continuously investing in improving the development process, building highly secure-by-design software, and addressing security compliance requirements. Security and privacy considerations informed by offensive research are built into each phase of our product design and software development process. Microsofts security foundation includes not only our development and certification processes, but also our end-to-end supply chain. The comprehensive Windows 11 security foundation also reflects our deep commitment to principles of security by design and security by default.
:::image type="content" source="images/security-foundation-on.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::