updates

windows/security/book/cloud-services-protect-your-personal-information.md

@@ -41,7 +41,7 @@ Microsoft OneDrive for personal<sup>[\[13\]](conclusion.md#footnote13)</sup> off
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [Get started with OneDrive][LINK-6]
-- [How to recover from a ransomware attack using Microsoft 365](/microsoft-365/security/office-365-security/recover-from-ransomware)
+- [How to recover from a ransomware attack using Microsoft 365][LINK-7]
 - [How to restore from OneDrive][LINK-3]
 
 ## OneDrive Personal Vault
@@ -62,3 +62,4 @@ Once the Personal Vault is configured, users can access it using a strong authen
 [LINK-4]: https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4
 [LINK-5]: https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856
 [LINK-6]: https://support.microsoft.com/onedrive
+[LINK-7]: /microsoft-365/security/office-365-security/recover-from-ransomware

windows/security/book/conclusion.md

@@ -34,6 +34,7 @@ Enhanced:
 - [Personal data encryption (PDE)](operating-system-security-encryption-and-data-protection.md#personal-data-encryption-pde)
 - [Server Message Block file services](operating-system-security-network-security.md#server-message-block-file-services)
 - [Windows Hello PIN](identity-protection-passwordless-sign-in.md#windows-hello-pin)
+- [Windows Firewall](operating-system-security-network-security.md#windows-firewall)
 - [Windows Local Administrator Password Solution (LAPS)](cloud-services-protect-your-work-information.md#windows-local-administrator-password-solution-laps)
 - [Windows Subsystem for Linux (WSL)](application-security-application-isolation.md#windows-subsystem-for-linux-wsl)
 

windows/security/book/identity-protection-advanced-credential-protection.md

@@ -108,6 +108,14 @@ IT administrators can refine the application and management of access to:
 
 - [Access control][LINK-7]
 
+## :::image type="icon" source="images/soon-button-title.svg" border="false"::: Administrator protection
+
+Most people run as full admins on their devices, which means apps and services have the same access to the kernel and other critical services as users. And the problem is that these apps and services can access critical resources without the user knowing. This is why Windows is being updated to require just in time administrative access to the kernel and other critical services as needed, not all the time, and certainly not by default. This makes it harder for an app to unexpectedly abuse admin privileges and secretly put malware or malicious code on Windows.
+
+When Administrator protection is enabled, if an app needs special permissions like administrative rights, you'll be asked for approval. When an approval is needed, Windows Hello provides a secure and easy way to approve or deny these requests, giving you, and only you, full control over your device.
+
+This helps reduce elevation of privilege (EOP) attacks on Windows where admin privileges are abused. The feature is currently in preview available on Windows Insider channel.
+
 <!--links-->
 
 [LINK-2]: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection

windows/security/book/operating-system-security-network-security.md

@@ -70,27 +70,27 @@ Opportunistic Wireless Encryption (OWE), a technology that allows wireless devic
 
 ## Windows Firewall
 
-Windows Firewall with Advanced Security is an important part of a layered security model. It provides host-based, two-way network traffic
+Windows Firewall is an important part of a layered security model. It provides host-based, two-way network traffic
 filtering, blocking unauthorized traffic flowing into or out of the local device based on the types of networks the device is connected to.
 
-Windows Firewall in Windows 11 offers the following benefits:
+Windows Firewall offers the following benefits:
 
-- Reduces the risk of network security threats: Windows Firewall reduces the attack surface of a device with rules that restrict or allow traffic by many properties, such as IP addresses,
+- Reduces the risk of network security threats: Windows Firewall reduces the attack surface of a device with rules that restrict or allow traffic by many properties, such as IP addresses, ports, or program paths. This functionality increases manageability and decreases the likelihood of a successful attack
-ports, or program paths. This functionality increases manageability and decreases the likelihood of a successful attack
 - Safeguards sensitive data and intellectual property: By integrating with Internet Protocol Security (IPSec), Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data
 - Extends the value of existing investments: Because Windows Firewall is a host-based firewall that is included with the operating system, there's no extra hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API)
 
 Windows 11 makes the Windows Firewall easier to analyze and debug. IPSec behavior is integrated with Packet Monitor, an in-box, cross-component network diagnostic tool for Windows. Additionally, the Windows Firewall event logs are enhanced to ensure an audit can identify the specific filter that was responsible for any given event. This enables analysis of firewall behavior and rich packet capture without relying on third-party tools.
 
-Admins can now configure more settings through the Firewall and Firewall Rule policy templates in the Endpoint Security node in Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>, using the platform
+Admins can configure more settings through the Firewall and Firewall Rule policy templates in the Endpoint Security node in Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>, using the platform support from the Firewall configuration service provider (CSP) and applying these settings to Windows endpoints.
-support from the Firewall configuration service provider (CSP) and applying these settings to Windows endpoints.
 
-Firewal. rule configuration with Package Family Name (PFN) is a new security feature introduced with the 22H2 release of Windows 11. PFN based rules enforced on an app will include processes request by the app to run on its behalf.
+[!INCLUDE [new-24h2](includes/new-24h2.md)]
-Currently FW rules can be set on UWP apps with packageSID. However, the processes requested by the app can have different SID and hence the rules applied to the app can be bypassed. The new PFN condition feature ensures the FW rule is uniformly applied to a package and its associated processes.
+
+The Firewall Configuration Service Provider (CSP) in Windows now enforces an all-or-nothing approach to applying firewall rules within each atomic block. Previously, if the CSP encountered an issue with any rule in a block, it would not only stop processing that rule but also cease processing subsequent rules, potentially leaving a security gap with partially deployed rule blocks. Now, if any rule in the block cannot be successfully applied, the CSP stops processing subsequent rules and roll back all rules from that atomic block, eliminating the ambiguity of partially deployed rule blocks.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [Windows Firewall overview](../operating-system-security/network-security/windows-firewall/index.md)
+- [Firewall CSP](/windows/client-management/mdm/firewall-csp)
 
 ## Virtual private networks (VPN)