diff --git a/windows/security/book/subject-index.md b/windows/security/book/subject-index.md index d1e6892f99..6dbb88a41e 100644 --- a/windows/security/book/subject-index.md +++ b/windows/security/book/subject-index.md @@ -7,35 +7,11 @@ ms.date: 06/17/2024 # Subject index -## Security foundation - -:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." border="false"::: - -- Common Criteria (CC) -- Federal Information Processing Standard (FIPS) -- Microsoft Offensive Research and Security Engineering -- Microsoft Security Development Lifecycle (SDL) -- OneFuzz service -- Software bill of materials (SBOM) -- Windows App software development kit (SDK) -- Windows Insider and Bug Bounty program - -## Hardware security - -:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false"::: - -- Hardware-enforced stack protection -- Kernel Direct Memory Access (DMA) protection -- Microsoft Pluton security processor -- Secured kernel -- Secured-core PC -- Trusted Platform Module (TPM) - -## Operating system security - -:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false"::: - - 5G and eSIM +- Access management and control +- Account lockout policies +- App containers +- App Control for Business - Assigned Access - Attack surface reduction - BitLocker @@ -43,98 +19,88 @@ ms.date: 06/17/2024 - Bluetooth protection - Certificates - Code signing and integrity +- Common Criteria (CC) - Config Refresh - Controlled folder access +- Credential Guard - Cryptography - Device Encryption - Device health attestation - DNS security - Email encryption - Encrypted hard drive +- Enhanced phishing protection with Microsoft Defender SmartScreen +- Enterprise State Roaming with Azure - Exploit protection +- Federal Information Processing Standard (FIPS) +- Federated sign-in +- FIDO support +- Find my device +- Hardware-enforced stack protection +- Kernel Direct Memory Access (DMA) protection +- Local Security Authority (LSA) protection +- MDM enrollment certificate attestation +- MDM security baseline +- Microsoft Account +- Microsoft Authenticator +- Microsoft Azure Attestation Service - Microsoft Defender Antivirus - Microsoft Defender for Endpoint - Microsoft Defender SmartScreen +- Microsoft Entra ID +- Microsoft Intune +- Microsoft Offensive Research and Security Engineering +- Microsoft Pluton security processor +- Microsoft security baselines +- Microsoft Security Development Lifecycle (SDL) +- Microsoft vulnerable driver blocklist +- Modern device management through (MDM) +- OneDrive for personal +- OneDrive for work or school +- OneDrive Personal Vault +- OneFuzz service +- Passkeys - Personal data encryption +- Privacy dashboard and report +- Privacy resource usage +- Privacy transparency and controls +- Remote Credential Guard +- Remote Wipe +- Secured kernel +- Secured-core PC - Securing Wi-Fi connections - Server Message Block file services +- Smart App Control +- Smart cards for Windows service +- Software bill of materials (SBOM) - Tamper protection +- Token protection - Transport layer security (TLS) - Trusted Boot (Secure Boot + Measured Boot) -- Virtual private networks (VPN) -- Windows Firewall -- Windows security policy settings and auditing -- Windows security settings - -## Application security - -:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false"::: - -- App containers -- App Control for Business -- Microsoft vulnerable driver blocklist -- Smart App Control +- Trusted Platform Module (TPM) - Trusted signing +- Universal Print - User Account Control -- Win32 app isolation -- Windows Sandbox -- Windows Subsystem for Linux (WSL) - -## Identity protection - -:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false"::: - -- Access management and control -- Account lockout policies -- Credential Guard -- Enhanced phishing protection with Microsoft Defender SmartScreen -- Federated sign-in -- FIDO support -- Local Security Authority (LSA) protection -- Microsoft Authenticator -- Passkeys -- Remote Credential Guard -- Smart cards for Windows service -- Token protection +- User reauthentication before password disablement - VBS Key Protection +- Virtual private networks (VPN) +- Win32 app isolation +- Windows App software development kit (SDK) +- Windows Autopatch +- Windows Autopilot and zero-touch deployment +- Windows diagnostic data processor configuration +- Windows Firewall - Windows Hello - Windows Hello biometric sign-in - Windows Hello Enhanced Sign-in Security - Windows Hello for Business - Windows Hello for Business multi-factor unlock - Windows Hello PIN +- Windows Insider and Bug Bounty program - Windows passwordless experience - Windows presence sensing - -## Privacy - -:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false"::: - -- Privacy dashboard and report -- Privacy transparency and controls -- Privacy resource usage -- Windows diagnostic data processor configuration - -## Cloud services - -:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false"::: - -- Enterprise State Roaming with Azure -- Find my device -- MDM enrollment certificate attestation -- MDM security baseline -- Microsoft Account -- Microsoft Azure Attestation Service -- Microsoft Entra ID -- Microsoft Intune -- Microsoft security baselines -- Modern device management through (MDM) -- OneDrive for personal -- OneDrive for work or school -- OneDrive Personal Vault -- Remote Wipe -- Universal Print -- User reauthentication before password disablement -- Windows Autopatch -- Windows Autopilot and zero-touch deployment +- Windows Sandbox +- Windows security policy settings and auditing +- Windows security settings +- Windows Subsystem for Linux (WSL) - Windows Update for Business deployment service