deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updaters

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-10-14 07:57:49 -04:00
parent 1eb547ef4a
commit a38e321493
6 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/book/conclusion.md
View File

@ -68,8 +68,9 @@ Enhanced:
|**<sup><a name="footnote13"></a>13</sup>**| Requires Microsoft Entra ID Premium; sold separately.|
|**<sup><a name="footnote14"></a>14</sup>**| Hardware dependent.|
|**<sup><a name="footnote15"></a>15</sup>**| Microsoft 365 E3 or E5 required; sold separately.|
| **<sup><a name="footnote16"></a>16</sup>**| The Total Economic Impact&trade; of Windows Pro Device, Forrester study commissioned by Microsoft, June 2020.|
| **<sup><a name="footnote17"></a>17</sup>**|All users with a Microsoft Account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
|**<sup><a name="footnote16"></a>16</sup>**| The Total Economic Impact&trade; of Windows Pro Device, Forrester study commissioned by Microsoft, June 2020.|
|**<sup><a name="footnote17"></a>17</sup>**|All users with a Microsoft Account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
|**<sup><a name="footnote18"></a>17</sup>**|Feature or functionality delivered using [servicing technology](https://support.microsoft.com/topic/b0aa0a27-ea9a-4365-9224-cb155e517f12).|
---

4
windows/security/book/hardware-security-silicon-assisted-security.md
View File

@ -50,7 +50,9 @@ Hardware-enforced stack protection integrates software and hardware for a modern
Application code includes a program processing stack that hackers seek to corrupt or disrupt in a type of attack called *stack smashing*. When defenses like executable space protection began thwarting such attacks, hackers turned to new methods like return-oriented programming. Return-oriented programming, a form of advanced stack smashing, can bypass defenses, hijack the data stack, and ultimately force a device to perform harmful operations. To guard against these control-flow hijacking attacks, the Windows kernel creates a separate *shadow stack* for return addresses. Windows 11 extends stack protection capabilities to provide both user mode and kernel mode support.
🆕 Starting in windows 11, version 24H2, **Hypervisor-enforced paging translation (HVPT)** is a security enhancement for the system. HVPT protects linear address translations from being tampered with, to protect sensitive system structures from write-what-where attacks.
[!INCLUDE [new-24h2](includes/new-24h2.md)]
**Hypervisor-enforced paging translation (HVPT)** is a security feature designed to safeguard linear address translations from tampering. It ensures the integrity of sensitive system structures, protecting them from write-what-where attacks.
[!INCLUDE [learn-more](includes/learn-more.md)]

4
windows/security/book/identity-protection-advanced-credential-protection.md
View File

@ -38,7 +38,9 @@ By protecting the LSA process with Virtualization-based security, Credential Gua
:::column-end:::
:::row-end:::
🆕 Starting in Windows 11, version 24H2, protections are expanded to optionally include machine account passwords for Active Directory-joined devices. Administrators can enable audit mode or enforcement of this capability using Credential Guard policy settings.
[!INCLUDE [new-24h2](includes/new-24h2.md)]
Credential Guard protections are expanded to optionally include machine account passwords for Active Directory-joined devices. Administrators can enable audit mode or enforcement of this capability using Credential Guard policy settings.
[!INCLUDE [learn-more](includes/learn-more.md)]

4
windows/security/book/identity-protection-passwordless-sign-in.md
View File

@ -137,7 +137,9 @@ A passkey is a unique, unguessable cryptographic secret that is securely stored
Passkeys created and saved with Windows Hello are protected by Windows Hello or Windows Hello for Business. Users can sign in to the site or app using their face, fingerprint, or device PIN. Users can manage their passkeys from **Settings** > **Accounts** > **Passkeys**.
🔜 Coming soon in Windows 11, version 24H2, a plug-in model for 3rd party passkey providers allows users to manage their passkeys with third-party passkey managers. This model is designed to provide a seamless platform experience, whether passkeys are managed directly by Windows or by a third-party authenticator. When a third-party passkey provider is used, passkeys are protected and managed by the third-party.
[!INCLUDE [coming-soon](includes/coming-soon.md)]
A plug-in model for 3rd party passkey providers allows users to manage their passkeys with third-party passkey managers. This model is designed to provide a seamless platform experience, whether passkeys are managed directly by Windows or by a third-party authenticator. When a third-party passkey provider is used, passkeys are protected and managed by the third-party.
[!INCLUDE [learn-more](includes/learn-more.md)]

2
windows/security/book/includes/coming-soon.md
View File

@ -6,4 +6,4 @@ ms.topic: include
ms.service: windows-client
---
:::image type="icon" source="../images/soon-arrow.svg" border="false"::: **Coming soon:**
:::image type="icon" source="../images/soon-arrow.svg" border="false"::: **Coming soon<sup>[\[18\]](..\conclusion.md#footnote18)</sup>:**

8
windows/security/book/operating-system-security-encryption-and-data-protection.md
View File

@ -33,7 +33,9 @@ Device encryption is a Windows feature that simplifies the process of enabling B
Organizations have the option to disable device encryption in favor of a full BitLocker implementation. This allows for more granular control over encryption policies and settings, ensuring that the organization's specific security requirements are met.
🆕 Starting with Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby is removed. This change makes more devices eligible for both automatic and manual device encryption.
[!INCLUDE [new-24h2](includes/new-24h2.md)]
The Device Encryption prerequisites of DMA and HSTI/Modern Standby are removed. This change makes more devices eligible for both automatic and manual device encryption.
[!INCLUDE [learn-more](includes/learn-more.md)]
@ -62,7 +64,9 @@ Personal Data Encryption (PDE) is a user-authenticated encryption mechanism desi
The initial release of PDE in Windows 11, version 22H2, introduced a set of public APIs that applications can adopt to safeguard content.
🆕 Starting in Windows 11, version 24H2, PDE is further enhanced with *PDE for known folders*, which extends protection to the Windows folders: Documents, Pictures, and Desktop.
[!INCLUDE [new-24h2](includes/new-24h2.md)]
PDE is further enhanced with *PDE for known folders*, which extends protection to the Windows folders: Documents, Pictures, and Desktop.
[!INCLUDE [learn-more](includes/learn-more.md)]