diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 4a8727e522..a6a0c31774 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -622,8 +622,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t
-
-For more information, see [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).
+For more information, see [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen).
@@ -3174,7 +3173,7 @@ If you enable this setting, the system removes the Map Network Drive and Disconn
This setting doesn't prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
> [!NOTE]
->
+>
This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
diff --git a/windows/security/apps.md b/windows/security/apps.md
index a2e62786ce..b69ebc2103 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -23,4 +23,4 @@ The following table summarizes the Windows security features and capabilities fo
| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md) |
| Email Security | With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](identity-protection/configure-s-mime.md) |
-| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) |
+| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen) |
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index c90f5b2316..fcd058a974 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -32,7 +32,7 @@ items:
displayName: LAPS
href: /windows-server/identity/laps/laps-overview
- name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
- href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+ href: ../operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
displayName: EPP
- name: Access Control
items:
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 535f5f269a..8cd670d32e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -92,7 +92,7 @@ landingContent:
- text: Windows Sandbox
url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md
- text: Microsoft Defender SmartScreen
- url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+ url: operating-system-security\virus-and-threat-protection\microsoft-defender-smartscreen\index.md
- text: S/MIME for Windows
url: identity-protection/configure-s-mime.md
# Cards and links should be based on top customer tasks or top subjects
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
similarity index 99%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
index 3c1ed6dcea..18f1795945 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
@@ -4,7 +4,7 @@ description: A list of all available settings for Microsoft Defender SmartScreen
ms.prod: windows-client
author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.date: 09/28/2020
+ms.date: 05/31/2023
ms.reviewer:
manager: aaroncz
ms.author: vinpa
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
similarity index 99%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
index aebf090b15..1abefbf7f4 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@@ -8,7 +8,7 @@ ms.author: vinpa
ms.reviewer: paoloma
manager: aaroncz
ms.localizationpriority: medium
-ms.date: 10/07/2022
+ms.date: 05/31/2023
adobe-target: true
appliesto:
- ✅ Windows 11, version 22H2
@@ -73,7 +73,7 @@ Enhanced Phishing Protection can be configured using the following Administrativ
#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
-
+
| Setting | OMA-URI | Data type |
|-------------------------|---------------------------------------------------------------------------|-----------|
| **ServiceEnabled** | `./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled` | Integer |
@@ -90,7 +90,7 @@ By default, Enhanced Phishing Protection is deployed in audit mode, preventing n
To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings.
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
-
+
|Settings catalog element|Recommendation|
|---------|---------|
|Service Enabled|**Enable**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.|
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
similarity index 95%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
index b58a2be3ac..569457defe 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
@@ -12,7 +12,7 @@ adobe-target: true
ms.collection:
- tier2
- highpri
-ms.date: 03/20/2023
+ms.date: 05/31/2023
ms.topic: article
appliesto:
- ✅ Windows 11
@@ -42,7 +42,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites
- **Reputation-based URL and app protection:** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users don't see any warnings. If there's no reputation, the item is marked as a higher risk and presents a warning to the user.
- **Operating system integration:** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) that attempts to download and run.
- **Improved heuristics and diagnostic data:** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files.
-- **Management through group policy and Microsoft Intune:** Microsoft Defender SmartScreen supports using both group policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md).
+- **Management through group policy and Microsoft Intune:** Microsoft Defender SmartScreen supports using both group policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](available-settings.md).
- **Blocking URLs associated with potentially unwanted applications:** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
> [!IMPORTANT]
@@ -61,5 +61,4 @@ When submitting a file for Microsoft Defender SmartScreen, make sure to select *
## Related articles
- [SmartScreen frequently asked questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
-- [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md)
- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
index a8c5cdf1e5..639a85c09c 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
+++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
@@ -1,21 +1,26 @@
items:
-- name: Overview
- href: ../../threat-protection/index.md
-- name: Microsoft Defender Antivirus
- href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-- name: Configuring LSA Protection
- href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
-- name: Attack surface reduction (ASR)
- href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
-- name: Tamper protection for MDE
- href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-- name: Microsoft Vulnerable Driver Blocklist
- href: ../../threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
-- name: Controlled folder access
- href: /microsoft-365/security/defender-endpoint/controlled-folders
-- name: Exploit protection
- href: /microsoft-365/security/defender-endpoint/exploit-protection
-- name: Microsoft Defender SmartScreen
- href: ../../threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-- name: Microsoft Defender for Endpoint
- href: /microsoft-365/security/defender-endpoint
\ No newline at end of file
+ - name: Overview
+ href: index.md
+ - name: Microsoft Defender Antivirus 🔗
+ href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+ - name: Configuring LSA Protection 🔗
+ href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
+ - name: Attack surface reduction (ASR) 🔗
+ href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
+ - name: Tamper protection for MDE 🔗
+ href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+ - name: Microsoft Vulnerable Driver Blocklist
+ href: ../../threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+ - name: Controlled folder access 🔗
+ href: /microsoft-365/security/defender-endpoint/controlled-folders
+ - name: Exploit protection 🔗
+ href: /microsoft-365/security/defender-endpoint/exploit-protection
+ - name: Microsoft Defender SmartScreen
+ href: microsoft-defender-smartscreen/index.md
+ items:
+ - name: Available settings
+ href: microsoft-defender-smartscreen/available-settings.md
+ - name: Enhanced Phishing Protection
+ href: microsoft-defender-smartscreen/enhanced-phishing-protection.md
+ - name: Microsoft Defender for Endpoint 🔗
+ href: /microsoft-365/security/defender-endpoint
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index dfaa642ba7..83cd0757b5 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -12,13 +12,7 @@ ms.date: 12/31/2017
# Windows threat protection
-**Applies to:**
-- Windows 10
-- Windows 11
-
-In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.
-
-## Windows threat protection
+In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.
See the following articles to learn more about the different areas of Windows threat protection:
@@ -28,15 +22,16 @@ See the following articles to learn more about the different areas of Windows th
- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)
- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
+- [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/)
- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)
- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md)
- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)
-### Next-generation protection
-Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time.
+## Next-generation protection
+
+Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time.
- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
- [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index c72345df1e..5c41c76d73 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -1,5 +1,5 @@
---
-title: Mitigate threats by using Windows 10 security features
+title: Mitigate threats by using Windows 10 security features
description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
ms.prod: windows-client
ms.localizationpriority: medium
@@ -84,7 +84,7 @@ Windows Defender SmartScreen notifies users if they click on reported phishing a
For Windows 10, Microsoft improved SmartScreen (now called Windows Defender SmartScreen) protection capability by integrating its app reputation abilities into the operating system itself, which allows Windows Defender SmartScreen to check the reputation of files downloaded from the Internet and warn users when they're about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, Windows Defender SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, Windows Defender SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Microsoft Intune or Group Policy settings.
-For more information, see [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
+For more information, see [Microsoft Defender SmartScreen overview]().
### Microsoft Defender Antivirus
@@ -124,7 +124,7 @@ Data Execution Prevention (DEP) does exactly that, by substantially reducing the
5. Click **OK**.
-You can now see which processes have DEP enabled.
+You can now see which processes have DEP enabled.
@@ -296,7 +296,7 @@ Some of the protections available in Windows 10 are provided through functions t
| Extension point disable to block the use of certain third-party extension points | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_EXTENSION\_POINT\_DISABLE\_ALWAYS\_ON\] |
| Heap terminate on corruption to protect the system against a corrupted heap | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_HEAP\_TERMINATE\_ALWAYS\_ON\] |
-## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit
+## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit
You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/topic/emet-mitigations-guidelines-b529d543-2a81-7b5a-d529-84b30e1ecee0), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore haven't been brought into Windows 10.
@@ -322,7 +322,7 @@ One of EMET's strengths is that it allows you to import and export configuration
Install-Module -Name ProcessMitigations
```
-The Get-ProcessMitigation cmdlet gets the current mitigation settings from the registry or from a running process, or it can save all settings to an XML file.
+The Get-ProcessMitigation cmdlet gets the current mitigation settings from the registry or from a running process, or it can save all settings to an XML file.
To get the current settings on all running instances of notepad.exe:
@@ -377,7 +377,7 @@ ConvertTo-ProcessMitigationPolicy -EMETFilePath -OutputFilePath
**Enhanced Phishing Protection** in **Microsoft Defender SmartScreen** helps protect Microsoft school or work passwords against phishing and unsafe usage on websites and in applications. Enhanced Phishing Protection works alongside Windows security protections to help protect Windows 11 work or school sign-in passwords.
-For more information, see [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen) and [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog.
+For more information, see [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection) and [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog.
## Smart App Control