diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 28c4806fa3..61194f2482 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -21479,6 +21479,11 @@ "source_path": "windows/security/identity-protection/user-account-control/user-account-control-overview.md", "redirect_url": "/windows/security/application-security/application-control/user-account-control", "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/configure-s-mime.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/configure-s-mime", + "redirect_document_id": false } ] } \ No newline at end of file diff --git a/windows/security/application-security/application-control/user-account-control/how-it-works.md b/windows/security/application-security/application-control/user-account-control/how-it-works.md index 35c7ebd6f9..861c6bc68b 100644 --- a/windows/security/application-security/application-control/user-account-control/how-it-works.md +++ b/windows/security/application-security/application-control/user-account-control/how-it-works.md @@ -29,7 +29,7 @@ To better understand how this process works, let's take a closer look at the Win The following diagram shows how the sign in process for an administrator differs from the sign in process for a standard user. -:::image type="content" source="images/uac-windows-logon-process.gif" alt-text="UAC Windows logon process diagram."::: +:::image type="content" source="images/uac-windows-logon-process.gif" alt-text="Diagram that describes the UAC Windows logon process."::: By default, both standard and administrator users access resources and execute apps in the security context of a standard user.\ When a user signs in, the system creates an access token for that user. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges. @@ -83,7 +83,7 @@ The elevation prompt color-coding is as follows: Some Control Panel items, such as **Date and Time**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screenshot of the **Date and Time** Control Panel item. -:::image type="content" source="images/uac-shield-icon.png" alt-text="Screenshot showing the UAC Shield Icon in Date and Time Properties" border="false"::: +:::image type="content" source="images/uac-shield-icon.png" alt-text="Screenshot showing the UAC Shield Icon in Date and Time Properties." border="false"::: The shield icon on the **Change date and time...** button indicates that the process requires a full administrator access token. @@ -101,7 +101,7 @@ While malware could present an imitation of the secure desktop, this issue can't The following diagram details the UAC architecture. -:::image type="content" source="images/uac-architecture.gif" alt-text="UAC architecture diagram."::: +:::image type="content" source="images/uac-architecture.gif" alt-text="Diagram that describes the UAC architecture."::: To better understand each component, review the following tables: diff --git a/windows/security/identity-protection/images/emailsecurity.png b/windows/security/identity-protection/images/emailsecurity.png deleted file mode 100644 index 4181fc4f45..0000000000 Binary files a/windows/security/identity-protection/images/emailsecurity.png and /dev/null differ diff --git a/windows/security/identity-protection/images/mailsettings.png b/windows/security/identity-protection/images/mailsettings.png deleted file mode 100644 index 02423ab89c..0000000000 Binary files a/windows/security/identity-protection/images/mailsettings.png and /dev/null differ diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/operating-system-security/data-protection/configure-s-mime.md similarity index 68% rename from windows/security/identity-protection/configure-s-mime.md rename to windows/security/operating-system-security/data-protection/configure-s-mime.md index b363e74eac..641280cb30 100644 --- a/windows/security/identity-protection/configure-s-mime.md +++ b/windows/security/operating-system-security/data-protection/configure-s-mime.md @@ -2,7 +2,7 @@ title: Configure S/MIME for Windows description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows. ms.topic: how-to -ms.date: 05/30/2023 +ms.date: 05/31/2023 --- @@ -35,28 +35,26 @@ A digitally signed message reassures the recipient that the message hasn't been On the device, perform the following steps: (add select certificate) -1. Open the Mail app -1. Open **Settings** - :::image type="content" alt-text="settings icon in mail app." source="images/mailsettings.png"::: -1. Select **Email security** - :::image type="content" alt-text="email security settings." source="images/emailsecurity.png"::: -1. In **Select an account**, select the account for which you want to configure S/MIME options. -1. Make a certificate selection for digital signature and encryption. - - Select **Automatically** to let the app choose the certificate. - - Select **Manually** to specify the certificate yourself from the list of valid certificates on the device. -1. (Optional) Select **Always sign with S/MIME**, **Always encrypt with S/MIME**, or both, to automatically digitally sign or encrypt all outgoing messages. +1. Open the Mail app +1. Open **Settings > Email security** + :::image type="content" alt-text="Screenshot of the Windows Mail app, security settings." source="images/email-security.png"::: +1. In **Select an account**, select the account for which you want to configure S/MIME options +1. Make a certificate selection for digital signature and encryption + - Select **Automatically** to let the app choose the certificate + - Select **Manually** to specify the certificate yourself from the list of valid certificates on the device +1. (Optional) Select **Always sign with S/MIME**, **Always encrypt with S/MIME**, or both, to automatically digitally sign or encrypt all outgoing messages - > [!NOTE] - > The option to sign or encrypt can be changed for individual messages, unless EAS policies prevent it. + > [!NOTE] + > The option to sign or encrypt can be changed for individual messages, unless EAS policies prevent it. -1. Select the back arrow. +1. Select the back arrow ## Encrypt or sign individual messages -1. While composing a message, select **Options** from the ribbon -1. Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message +1. While composing a message, select **Options** from the ribbon +1. Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message - :::image type="content" alt-text="sign or encrypt message." source="images/signencrypt.png"::: + :::image type="content" alt-text="Screenshot of the Windows Mail app, showing the options to sign or encrypt message." source="images/sign-encrypt.png"::: ## Read signed or encrypted messages @@ -66,8 +64,8 @@ When you receive an encrypted message, the mail app checks whether there's a cer When you receive a signed email, the app provides a feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person. -1. Open a signed email -1. Select the digital signature icon in the reading pane -1. Select **Install.** +1. Open a signed email +1. Select the digital signature icon in the reading pane +1. Select **Install.** - :::image type="content" alt-text="message security information." source="images/installcert.png"::: + :::image type="content" alt-text="Screenshot of the Windows Mail app, showing a message to install the sender's encryption certificate." source="images/install-cert.png"::: diff --git a/windows/security/operating-system-security/data-protection/images/email-security.png b/windows/security/operating-system-security/data-protection/images/email-security.png new file mode 100644 index 0000000000..f8157ef180 Binary files /dev/null and b/windows/security/operating-system-security/data-protection/images/email-security.png differ diff --git a/windows/security/identity-protection/images/installcert.png b/windows/security/operating-system-security/data-protection/images/install-cert.png similarity index 100% rename from windows/security/identity-protection/images/installcert.png rename to windows/security/operating-system-security/data-protection/images/install-cert.png diff --git a/windows/security/identity-protection/images/signencrypt.png b/windows/security/operating-system-security/data-protection/images/sign-encrypt.png similarity index 100% rename from windows/security/identity-protection/images/signencrypt.png rename to windows/security/operating-system-security/data-protection/images/sign-encrypt.png diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml index 89647a44e4..c85fb02887 100644 --- a/windows/security/operating-system-security/data-protection/toc.yml +++ b/windows/security/operating-system-security/data-protection/toc.yml @@ -100,7 +100,7 @@ items: - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md - name: Configure S/MIME for Windows - href: ../../identity-protection/configure-s-mime.md + href: configure-s-mime.md - name: Windows Information Protection (WIP) href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md items: