deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-08 02:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update security features documentation

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-07-25 16:36:06 -04:00
parent 32b06c4da9
commit a1ebaabfa3
1 changed files with 59 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
windows/security/book/subject-index.md
View File

@ -7,35 +7,11 @@ ms.date: 06/17/2024
# Subject index # Subject index
## Security foundation
:::image type="content" source="images/security-foundation.png" alt-text="Diagram containing a list of security features." border="false":::
- Common Criteria (CC)
- Federal Information Processing Standard (FIPS)
- Microsoft Offensive Research and Security Engineering
- Microsoft Security Development Lifecycle (SDL)
- OneFuzz service
- Software bill of materials (SBOM)
- Windows App software development kit (SDK)
- Windows Insider and Bug Bounty program
## Hardware security
:::image type="content" source="images/hardware.png" alt-text="Diagram containing a list of security features." lightbox="images/hardware.png" border="false":::
- Hardware-enforced stack protection
- Kernel Direct Memory Access (DMA) protection
- Microsoft Pluton security processor
- Secured kernel
- Secured-core PC
- Trusted Platform Module (TPM)
## Operating system security
:::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
- 5G and eSIM - 5G and eSIM
- Access management and control
- Account lockout policies
- App containers
- App Control for Business
- Assigned Access - Assigned Access
- Attack surface reduction - Attack surface reduction
- BitLocker - BitLocker
@ -43,98 +19,88 @@ ms.date: 06/17/2024
- Bluetooth protection - Bluetooth protection
- Certificates - Certificates
- Code signing and integrity - Code signing and integrity
- Common Criteria (CC)
- Config Refresh - Config Refresh
- Controlled folder access - Controlled folder access
- Credential Guard
- Cryptography - Cryptography
- Device Encryption - Device Encryption
- Device health attestation - Device health attestation
- DNS security - DNS security
- Email encryption - Email encryption
- Encrypted hard drive - Encrypted hard drive
- Enhanced phishing protection with Microsoft Defender SmartScreen
- Enterprise State Roaming with Azure
- Exploit protection - Exploit protection
- Federal Information Processing Standard (FIPS)
- Federated sign-in
- FIDO support
- Find my device
- Hardware-enforced stack protection
- Kernel Direct Memory Access (DMA) protection
- Local Security Authority (LSA) protection
- MDM enrollment certificate attestation
- MDM security baseline
- Microsoft Account
- Microsoft Authenticator
- Microsoft Azure Attestation Service
- Microsoft Defender Antivirus - Microsoft Defender Antivirus
- Microsoft Defender for Endpoint - Microsoft Defender for Endpoint
- Microsoft Defender SmartScreen - Microsoft Defender SmartScreen
- Microsoft Entra ID
- Microsoft Intune
- Microsoft Offensive Research and Security Engineering
- Microsoft Pluton security processor
- Microsoft security baselines
- Microsoft Security Development Lifecycle (SDL)
- Microsoft vulnerable driver blocklist
- Modern device management through (MDM)
- OneDrive for personal
- OneDrive for work or school
- OneDrive Personal Vault
- OneFuzz service
- Passkeys
- Personal data encryption - Personal data encryption
- Privacy dashboard and report
- Privacy resource usage
- Privacy transparency and controls
- Remote Credential Guard
- Remote Wipe
- Secured kernel
- Secured-core PC
- Securing Wi-Fi connections - Securing Wi-Fi connections
- Server Message Block file services - Server Message Block file services
- Smart App Control
- Smart cards for Windows service
- Software bill of materials (SBOM)
- Tamper protection - Tamper protection
- Token protection
- Transport layer security (TLS) - Transport layer security (TLS)
- Trusted Boot (Secure Boot + Measured Boot) - Trusted Boot (Secure Boot + Measured Boot)
- Virtual private networks (VPN) - Trusted Platform Module (TPM)
- Windows Firewall
- Windows security policy settings and auditing
- Windows security settings
## Application security
:::image type="content" source="images/application-security.png" alt-text="Diagram containing a list of security features." lightbox="images/application-security.png" border="false":::
- App containers
- App Control for Business
- Microsoft vulnerable driver blocklist
- Smart App Control
- Trusted signing - Trusted signing
- Universal Print
- User Account Control - User Account Control
- Win32 app isolation - User reauthentication before password disablement
- Windows Sandbox
- Windows Subsystem for Linux (WSL)
## Identity protection
:::image type="content" source="images/identity-protection.png" alt-text="Diagram containing a list of security features." lightbox="images/identity-protection.png" border="false":::
- Access management and control
- Account lockout policies
- Credential Guard
- Enhanced phishing protection with Microsoft Defender SmartScreen
- Federated sign-in
- FIDO support
- Local Security Authority (LSA) protection
- Microsoft Authenticator
- Passkeys
- Remote Credential Guard
- Smart cards for Windows service
- Token protection
- VBS Key Protection - VBS Key Protection
- Virtual private networks (VPN)
- Win32 app isolation
- Windows App software development kit (SDK)
- Windows Autopatch
- Windows Autopilot and zero-touch deployment
- Windows diagnostic data processor configuration
- Windows Firewall
- Windows Hello - Windows Hello
- Windows Hello biometric sign-in - Windows Hello biometric sign-in
- Windows Hello Enhanced Sign-in Security - Windows Hello Enhanced Sign-in Security
- Windows Hello for Business - Windows Hello for Business
- Windows Hello for Business multi-factor unlock - Windows Hello for Business multi-factor unlock
- Windows Hello PIN - Windows Hello PIN
- Windows Insider and Bug Bounty program
- Windows passwordless experience - Windows passwordless experience
- Windows presence sensing - Windows presence sensing
- Windows Sandbox
## Privacy - Windows security policy settings and auditing
- Windows security settings
:::image type="content" source="images/privacy.png" alt-text="Diagram containing a list of security features." lightbox="images/privacy.png" border="false"::: - Windows Subsystem for Linux (WSL)
- Privacy dashboard and report
- Privacy transparency and controls
- Privacy resource usage
- Windows diagnostic data processor configuration
## Cloud services
:::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features." lightbox="images/cloud-security.png" border="false":::
- Enterprise State Roaming with Azure
- Find my device
- MDM enrollment certificate attestation
- MDM security baseline
- Microsoft Account
- Microsoft Azure Attestation Service
- Microsoft Entra ID
- Microsoft Intune
- Microsoft security baselines
- Modern device management through (MDM)
- OneDrive for personal
- OneDrive for work or school
- OneDrive Personal Vault
- Remote Wipe
- Universal Print
- User reauthentication before password disablement
- Windows Autopatch
- Windows Autopilot and zero-touch deployment
- Windows Update for Business deployment service - Windows Update for Business deployment service