updates

windows/security/book/conclusion.md

@@ -28,7 +28,7 @@ Enhanced:
 
 - [BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker)
 - [Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard)
-- [Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)
+- [Device encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)
 - [Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection)
 - [Passkeys](identity-protection-passwordless-sign-in.md#passkeys)
 - [Personal data encryption (PDE)](operating-system-security-encryption-and-data-protection.md#personal-data-encryption-pde)

windows/security/book/operating-system-security-encryption-and-data-protection.md

@@ -33,7 +33,7 @@ BitLocker To Go refers to BitLocker on removable data drives. BitLocker To Go in
 
 - [BitLocker FAQ](../operating-system-security/data-protection/bitlocker/faq.yml)
 
-## Device Encryption
+## Device encryption
 
 Device encryption is a Windows feature that simplifies the process of enabling BitLocker encryption on certain devices. It ensures that only the OS drive and fixed drives are encrypted, while external/USB drives remain unencrypted. Additionally, devices with externally accessible ports that allow DMA access are not eligible for device encryption. Unlike standard BitLocker implementation, device encryption is enabled automatically to ensure continuous protection. Once a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use with encryption already in place.
 
@@ -41,7 +41,7 @@ Organizations have the option to disable device encryption in favor of a full Bi
 
 [!INCLUDE [new-24h2](includes/new-24h2.md)]
 
-The Device Encryption prerequisites of DMA and HSTI/Modern Standby are removed. This change makes more devices eligible for both automatic and manual device encryption.
+The Device encryption prerequisites of DMA and HSTI/Modern Standby are removed. This change makes more devices eligible for both automatic and manual device encryption.
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
@@ -49,7 +49,7 @@ The Device Encryption prerequisites of DMA and HSTI/Modern Standby are removed.
 
 ## Encrypted hard drive
 
-Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level. They allow for full-disk hardware encryption and are transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption, with the power of self-encrypting drives.
+Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level. They allow for full-disk hardware encryption and are transparent to the user. These drives combine the security and management benefits provided by BitLocker, with the power of self-encrypting drives.
 
 By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity.
 

windows/security/hardware-security/toc.yml

@@ -1,5 +1,5 @@
 items:
-  - name: Hardware root of trust
+  - name: Hardware root-of-trust
     items:
       - name: System Guard
         href: how-hardware-based-root-of-trust-helps-protect-windows.md

windows/security/identity-protection/toc.yml

@@ -26,6 +26,12 @@ items:
     href: /education/windows/federated-sign-in
   - name: Advanced credential protection
     items:
+    - name: LSA Protection 🔗
+      href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
+    - name: Credential Guard
+      href: credential-guard/toc.yml
+    - name: Remote Credential Guard
+      href: remote-credential-guard.md
     - name: Windows LAPS 🔗
       displayName: Local Administrator Password Solution
       href: /windows-server/identity/laps/laps-overview
@@ -37,11 +43,5 @@ items:
     - name: Access Control
       href: access-control/access-control.md
       displayName: ACL/SACL
-    - name: Credential Guard
-      href: credential-guard/toc.yml
-    - name: Remote Credential Guard
-      href: remote-credential-guard.md
-  - name: LSA Protection 🔗
-    href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
   - name: Local Accounts
     href: access-control/local-accounts.md

windows/security/operating-system-security/data-protection/toc.yml

@@ -7,5 +7,3 @@ items:
   href: personal-data-encryption/toc.yml
 - name: Email Encryption (S/MIME)
   href: configure-s-mime.md
-- name: Windows Information Protection (WIP)
-  href: /previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

windows/security/operating-system-security/system-security/toc.yml

@@ -13,7 +13,7 @@ items:
   href: ../../threat-protection/security-policy-settings/security-policy-settings.md
 - name: Security auditing
   href: ../../threat-protection/auditing/security-auditing-overview.md
-- name: Assigned Access 🔗
+- name: Kiosks and restricted user experiences 🔗
   href: /windows/configuration/assigned-access
 - name: Windows Security settings
   href: windows-defender-security-center/windows-defender-security-center.md

windows/security/operating-system-security/toc.yml

@@ -3,9 +3,9 @@ items:
   href: system-security/toc.yml
 - name: Encryption and data protection
   href: data-protection/toc.yml
-- name: Device management
-  href: device-management/toc.yml
 - name: Network security
   href: network-security/toc.yml
 - name: Virus and threat protection
   href: virus-and-threat-protection/toc.yml
+- name: Device management
+  href: device-management/toc.yml