deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Updating after conversion

Browse Source
This commit is contained in:
LizRoss 2016-04-04 13:32:21 -07:00
parent c5a43bcdc8
commit b9e811f8c1
2 changed files with 9 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/keep-secure/index.md
View File

@ -33,7 +33,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
<td align="left"><p>This topic lists new and updated topics in the Keep Windows 10 secure documentation for [Windows 10 and Windows 10 Mobile](../index.md).</p></td>
</tr>
<tr class="even">
<td align="left"><p>[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md))</p></td>
<td align="left"><p>[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)</p></td>
<td align="left"><p>To help protect your company from attacks which may originate from untrusted or attacker controlled font files, weve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the %windir%/Fonts directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.</p></td>
</tr>
<tr class="odd">
@ -45,7 +45,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
<td align="left"><p>In Windows 10, Microsoft Passport replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a Windows Hello (biometric) or PIN.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>[Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md))</p></td>
<td align="left"><p>[Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)</p></td>
<td align="left"><p>Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.</p></td>
</tr>
<tr class="even">
@ -61,7 +61,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
<td align="left"><p>Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md))</p></td>
<td align="left"><p>[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)</p></td>
<td align="left"><p>With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
</tr>
<tr class="even">

40
windows/keep-secure/protect-enterprise-data-using-edp.md
View File

@ -80,44 +80,16 @@ EDP is still in development and is not yet integrated with Azure Rights Manageme
Use the following table to identify the scenarios that require Azure Rights Management, the behavior when Azure Rights Management is not used with EDP, and the recommended workarounds.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">EDP scenario</th>
<th align="left">Without Azure Rights Management</th>
<th align="left">Workaround</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Saving enterprise data to USB drives</p></td>
<td align="left"><p>Data in the new location remains encrypted, but becomes inaccessible on other devices or for other users. For example, the file won't open or the file opens, but doesn't contain readable text.</p></td>
<td align="left"><p>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.</p>
<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Sharing enterprise data through email attachments</p></td>
<td align="left"><p>The attachment is sent unprotected.</p></td>
<td align="left"><p>Store documents on enterprise cloud or network sites, and share links.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Synchronizing data to other services or public cloud storage</p></td>
<td align="left"><p>Synchronized files aren't protected on additional services or as part of public cloud storage.</p></td>
<td align="left"><p>Stop the app from synchronizing or don't add the app to your <strong>Protected App</strong> list.</p>
<p>For more info about adding apps to the <strong>Protected Apps</strong> list, see either the [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md)) or the [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md)) topic, depending on your management solution.</p></td>
</tr>
</tbody>
</table>
|EDP scenario |Without Azure Rights Management |Workaround |
|-------------|--------------------------------|-----------|
|Saving enterprise data to USB drives |Data in the new location remains encrypted, but becomes inaccessible on other devices or for other users. For example, the file won't open or the file opens, but doesn't contain readable text. |Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption. |
|Sharing enterprise data through email attachments |The attachment is sent unprotected. |Store documents on enterprise cloud or network sites, and share links. |
|Synchronizing data to other services or public cloud storage |Synchronized files aren't protected on additional services or as part of public cloud storage. |Stop the app from synchronizing or don't add the app to your **Protected App** list.<p>For more info about adding apps to the **Protected App** list, see either the [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md) or the [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md) topic, depending on your management solution.
## Next steps
After deciding to use EDP in your enterprise, you need to:
- [Create an enterprise data protection (EDP) policy](overview-create-edp-policy.md))
- [Create an enterprise data protection (EDP) policy](overview-create-edp-policy.md)