diff --git a/windows/security/book/conclusion.md b/windows/security/book/conclusion.md index 407988fcde..07d695befd 100644 --- a/windows/security/book/conclusion.md +++ b/windows/security/book/conclusion.md @@ -28,7 +28,7 @@ Enhanced: - [BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker) - [Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard) -- [Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption) +- [Device encryption](operating-system-security-encryption-and-data-protection.md#device-encryption) - [Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection) - [Passkeys](identity-protection-passwordless-sign-in.md#passkeys) - [Personal data encryption (PDE)](operating-system-security-encryption-and-data-protection.md#personal-data-encryption-pde) diff --git a/windows/security/book/images/chip-to-cloud.png b/windows/security/book/images/chip-to-cloud.png index 062b27eab1..9e7a26add4 100644 Binary files a/windows/security/book/images/chip-to-cloud.png and b/windows/security/book/images/chip-to-cloud.png differ diff --git a/windows/security/book/images/operating-system.png b/windows/security/book/images/operating-system.png index 842a8b42c5..f1a7f25c8c 100644 Binary files a/windows/security/book/images/operating-system.png and b/windows/security/book/images/operating-system.png differ diff --git a/windows/security/book/operating-system-security-encryption-and-data-protection.md b/windows/security/book/operating-system-security-encryption-and-data-protection.md index 1527eda884..b1914a6c41 100644 --- a/windows/security/book/operating-system-security-encryption-and-data-protection.md +++ b/windows/security/book/operating-system-security-encryption-and-data-protection.md @@ -33,7 +33,7 @@ BitLocker To Go refers to BitLocker on removable data drives. BitLocker To Go in - [BitLocker FAQ](../operating-system-security/data-protection/bitlocker/faq.yml) -## Device Encryption +## Device encryption Device encryption is a Windows feature that simplifies the process of enabling BitLocker encryption on certain devices. It ensures that only the OS drive and fixed drives are encrypted, while external/USB drives remain unencrypted. Additionally, devices with externally accessible ports that allow DMA access are not eligible for device encryption. Unlike standard BitLocker implementation, device encryption is enabled automatically to ensure continuous protection. Once a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use with encryption already in place. @@ -41,7 +41,7 @@ Organizations have the option to disable device encryption in favor of a full Bi [!INCLUDE [new-24h2](includes/new-24h2.md)] -The Device Encryption prerequisites of DMA and HSTI/Modern Standby are removed. This change makes more devices eligible for both automatic and manual device encryption. +The Device encryption prerequisites of DMA and HSTI/Modern Standby are removed. This change makes more devices eligible for both automatic and manual device encryption. [!INCLUDE [learn-more](includes/learn-more.md)] @@ -49,7 +49,7 @@ The Device Encryption prerequisites of DMA and HSTI/Modern Standby are removed. ## Encrypted hard drive -Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level. They allow for full-disk hardware encryption and are transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption, with the power of self-encrypting drives. +Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level. They allow for full-disk hardware encryption and are transparent to the user. These drives combine the security and management benefits provided by BitLocker, with the power of self-encrypting drives. By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity. diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml index 0bbff1840a..7cacd9e8a8 100644 --- a/windows/security/hardware-security/toc.yml +++ b/windows/security/hardware-security/toc.yml @@ -1,5 +1,5 @@ items: - - name: Hardware root of trust + - name: Hardware root-of-trust items: - name: System Guard href: how-hardware-based-root-of-trust-helps-protect-windows.md diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml index d1a86c2bc6..ac6a619963 100644 --- a/windows/security/identity-protection/toc.yml +++ b/windows/security/identity-protection/toc.yml @@ -26,6 +26,12 @@ items: href: /education/windows/federated-sign-in - name: Advanced credential protection items: + - name: LSA Protection 🔗 + href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection + - name: Credential Guard + href: credential-guard/toc.yml + - name: Remote Credential Guard + href: remote-credential-guard.md - name: Windows LAPS 🔗 displayName: Local Administrator Password Solution href: /windows-server/identity/laps/laps-overview @@ -37,11 +43,5 @@ items: - name: Access Control href: access-control/access-control.md displayName: ACL/SACL - - name: Credential Guard - href: credential-guard/toc.yml - - name: Remote Credential Guard - href: remote-credential-guard.md - - name: LSA Protection 🔗 - href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection - name: Local Accounts href: access-control/local-accounts.md diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml index 81f918fba2..d77de4f59e 100644 --- a/windows/security/operating-system-security/data-protection/toc.yml +++ b/windows/security/operating-system-security/data-protection/toc.yml @@ -7,5 +7,3 @@ items: href: personal-data-encryption/toc.yml - name: Email Encryption (S/MIME) href: configure-s-mime.md -- name: Windows Information Protection (WIP) - href: /previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip diff --git a/windows/security/operating-system-security/system-security/toc.yml b/windows/security/operating-system-security/system-security/toc.yml index 657b99e5df..0309711be5 100644 --- a/windows/security/operating-system-security/system-security/toc.yml +++ b/windows/security/operating-system-security/system-security/toc.yml @@ -13,7 +13,7 @@ items: href: ../../threat-protection/security-policy-settings/security-policy-settings.md - name: Security auditing href: ../../threat-protection/auditing/security-auditing-overview.md -- name: Assigned Access 🔗 +- name: Kiosks and restricted user experiences 🔗 href: /windows/configuration/assigned-access - name: Windows Security settings href: windows-defender-security-center/windows-defender-security-center.md diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml index 395a08d729..5c37753d30 100644 --- a/windows/security/operating-system-security/toc.yml +++ b/windows/security/operating-system-security/toc.yml @@ -3,9 +3,9 @@ items: href: system-security/toc.yml - name: Encryption and data protection href: data-protection/toc.yml -- name: Device management - href: device-management/toc.yml - name: Network security href: network-security/toc.yml - name: Virus and threat protection - href: virus-and-threat-protection/toc.yml \ No newline at end of file + href: virus-and-threat-protection/toc.yml +- name: Device management + href: device-management/toc.yml \ No newline at end of file