Acrolinx

.openpublishing.redirection.windows-security.json

@@ -9175,11 +9175,6 @@
       "redirect_url": "/windows/security/cloud-services",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/cloud-security/index.md",
-      "redirect_url": "/windows/security/cloud-services",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment",

windows/security/identity-protection/hello-for-business/dual-enrollment.md

@@ -16,18 +16,18 @@ ms.topic: how-to
 > [!IMPORTANT]
 > Dual enrollment does not replace or provide the same security as Privileged Access Workstations feature. Microsoft encourages organizations to use the Privileged Access Workstations for their privileged credential users. Organizations can consider Windows Hello for Business dual enrollment in situations where the Privileged Access feature can't be used. To learn more, see [Privileged Access Workstations](/windows-server/identity/securing-privileged-access/privileged-access-workstations).
 
-Dual enrollment enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device.
+Dual enrollment enables administrators to perform elevated, administrative functions by enrolling both their nonprivileged and privileged credentials on their device.
 
 By design, Windows doesn't enumerate all Windows Hello for Business users from within a user's session. Using the group policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices.
 
-With this setting, administrative users can sign in to Windows using their non-privileged Windows Hello credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN. Administrators can also take advantage of this feature with command-line applications by using `runas.exe` combined with the `/smartcard` argument. This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads.
+With this setting, administrative users can sign in to Windows using their nonprivileged Windows Hello credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN. Administrators can also take advantage of this feature with command-line applications by using `runas.exe` combined with the `/smartcard` argument. This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and nonprivileged workloads.
 
 > [!IMPORTANT]
 > You must configure a Windows computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business. Dual enrollment is a special setting that is configured on the Windows Hello container during creation.
 
 ## Configure Windows Hello for Business Dual Enrollment
 
-In this task, you will
+Here are the steps to enable Dual Enrollment:
 
 - Configure Active Directory to support Domain Administrator enrollment
 - Configure Dual Enrollment using Group Policy
@@ -36,9 +36,9 @@ In this task, you will
 
 The designed Windows Hello for Business configuration gives the `Key Admins` group read and write permissions to the `msDS-KeyCredentialsLink` attribute. You provided these permissions at root of the domain and use object inheritance to ensure the permissions apply to all users in the domain regardless of their location within the domain hierarchy.
 
-Active Directory Domain Services uses `AdminSDHolder` to secure privileged users and groups from unintentional modification by comparing and replacing the security on privileged users and groups to match those defined on the AdminSDHolder object on an hourly cycle. For Windows Hello for Business, your domain administrator account may receive the permissions but they will disappear from the user object unless you give the `AdminSDHolder` read and write permissions to the `msDS-KeyCredential` attribute.
+Active Directory Domain Services uses `AdminSDHolder` to secure privileged users and groups from unintentional modification by comparing and replacing the security on privileged users and groups to match those defined on the AdminSDHolder object on an hourly cycle. For Windows Hello for Business, your domain administrator account might receive the permissions but they disappear from the user object unless you give the `AdminSDHolder` read and write permissions to the `msDS-KeyCredential` attribute.
 
-Sign in to a domain controller or management workstation with access equivalent to *domain administrator*
+Sign in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
 1. Type the following command to add the **allow** read and write property permissions for msDS-KeyCredentialLink attribute for the `Key Admins` group on the `AdminSDHolder` object
 
@@ -69,4 +69,4 @@ You configure Windows to support dual enrollment using the computer configuratio
 1. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC
 1. Restart computers targeted by this Group Policy object
 
-The computer is ready for dual enrollment. Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the non-privileged user and enroll for Windows Hello for Business. You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
+The computer is ready for dual enrollment. Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the nonprivileged user and enroll for Windows Hello for Business. You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.

windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml

@@ -15,7 +15,7 @@ sections:
     questions:
       - question: Can PDE encrypt entire volumes or drives?
         answer: |
-          No. PDE only encrypts specified files and content.
+          No, PDE only encrypts specified files and content.
       - question: How are files and content protected by PDE selected?
         answer: |
           [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files and content are protected using PDE.
@@ -24,10 +24,10 @@ sections:
           Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section [Decrypt PDE-encrypted content](configure.md#decrypt-pde-encrypted-content).
       - question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?
         answer: |
-          No. Accessing PDE protected content over RDP isn't currently supported.
+          No, it's not supported to access PDE-protected content over RDP.
       - question: Can PDE protected content be accessed via a network share?
         answer: |
-          No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
+          No, PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
       - question: What encryption method and strength does PDE use?
         answer: |
           PDE uses AES-CBC with a 256-bit key to encrypt content.
@@ -39,13 +39,13 @@ sections:
           During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.
       - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
         answer: |
-          No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
+          No, the keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
       - question: Can a file be protected with both PDE and EFS at the same time?
         answer: |
-          No. PDE and EFS are mutually exclusive.
+          No, PDE and EFS are mutually exclusive.
       - question: Is PDE a replacement for BitLocker?
         answer: |
-          No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
+          No, it's recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
       - question: Do I need to use OneDrive in Microsoft 365 as my backup provider?
         answer: |
-          No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.
+          No, PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.