From c07cf27c7145d5289dcf89f935dfe03876471816 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:19:41 -0400 Subject: [PATCH] TOC update --- windows/security/TOC.yml | 53 +++-------------- .../application-control/toc.yml | 25 ++++++++ .../application-isolation/toc.yml | 12 ++++ windows/security/application-security/toc.yml | 8 +++ windows/security/cloud-security/toc.yml | 18 ++++++ windows/security/hardware-security/toc.yml | 4 +- windows/security/identity-protection/toc.yml | 56 +++++++++--------- .../data-protection/toc.yml | 51 ++++++++++++++++- .../device-management/toc.yml | 57 ++----------------- .../virus-and-threat-protection/toc.yml | 2 + .../certification/toc.yml | 5 ++ windows/security/security-foundations/toc.yml | 7 +++ 12 files changed, 171 insertions(+), 127 deletions(-) create mode 100644 windows/security/application-security/application-control/toc.yml create mode 100644 windows/security/application-security/application-isolation/toc.yml create mode 100644 windows/security/application-security/toc.yml create mode 100644 windows/security/cloud-security/toc.yml create mode 100644 windows/security/security-foundations/certification/toc.yml create mode 100644 windows/security/security-foundations/toc.yml diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index bcaab2b498..1a28b4a916 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -17,49 +17,14 @@ - name: Operating system security href: operating-system-security/toc.yml - name: Application security - items: - - name: Overview - href: apps.md - - name: Windows Defender Application Control and virtualization-based protection of code integrity - href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - - name: Windows Defender Application Control - href: threat-protection\windows-defender-application-control\windows-defender-application-control.md - - name: Microsoft Defender Application Guard - href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md - - name: Windows Sandbox - href: threat-protection/windows-sandbox/windows-sandbox-overview.md - items: - - name: Windows Sandbox architecture - href: threat-protection/windows-sandbox/windows-sandbox-architecture.md - - name: Windows Sandbox configuration - href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md - - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen - href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md - - name: Configure S/MIME for Windows - href: identity-protection\configure-s-mime.md - - name: Windows Credential Theft Mitigation Guide Abstract - href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md -- name: User security and secured identity + href: application-security/toc.yml +- name: Identity protection href: identity-protection/toc.yml -- name: Cloud services - items: - - name: Overview - href: cloud.md - - name: Mobile device management - href: /windows/client-management/mdm/ - - name: Windows 365 Cloud PCs - href: /windows-365/overview - - name: Azure Virtual Desktop - href: /azure/virtual-desktop/ -- name: Security foundations - items: - - name: Overview - href: security-foundations.md - - name: Microsoft Security Development Lifecycle - href: threat-protection/msft-security-dev-lifecycle.md - - name: FIPS 140-2 Validation - href: threat-protection/fips-140-validation.md - - name: Common Criteria Certifications - href: threat-protection/windows-platform-common-criteria.md - name: Windows Privacy - href: /windows/privacy/windows-10-and-privacy-compliance \ No newline at end of file + href: /windows/privacy/windows-10-and-privacy-compliance +- name: Security foundations + href: security-foundations/toc.yml +- name: Cloud services + href: cloud-services/toc.yml +- name: Security policy settings + href: /windows/security/threat-protection/security-policy-settings \ No newline at end of file diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml new file mode 100644 index 0000000000..05774f9405 --- /dev/null +++ b/windows/security/application-security/application-control/toc.yml @@ -0,0 +1,25 @@ +items: +- name: User Account Control (UAC) + items: + - name: Overview + href: ../../identity-protection/user-account-control/user-account-control-overview.md + - name: How User Account Control works + href: ../../identity-protection/user-account-control/how-user-account-control-works.md + - name: User Account Control security policy settings + href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md + - name: User Account Control Group Policy and registry key settings + href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md + - name: Windows Defender Application Control and virtualization-based protection of code integrity + href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + - name: Windows Defender Application Control + href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + - name: Smart App Control + href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + - name: Microsoft Defender Application Guard (MDAG) for Edge standalone mode + href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md + - name: Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management + href: /deployedge/microsoft-edge-security-windows-defender-application-guard + - name: Microsoft Defender Application Guard (MDAG) for Microsoft Office + href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46 + - name: Microsoft Defender Application Guard (MDAG) configure via MDM + href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml new file mode 100644 index 0000000000..5d2361090b --- /dev/null +++ b/windows/security/application-security/application-isolation/toc.yml @@ -0,0 +1,12 @@ +items: +- name: Microsoft Defender Application Guard + href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md +- name: Windows containers + href: /virtualization/windowscontainers/about +- name: Windows Sandbox + href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md + items: + - name: Windows Sandbox architecture + href: ../../threat-protection/windows-sandbox/windows-sandbox-architecture.md + - name: Windows Sandbox configuration + href: ../../threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md \ No newline at end of file diff --git a/windows/security/application-security/toc.yml b/windows/security/application-security/toc.yml new file mode 100644 index 0000000000..5e2bd70284 --- /dev/null +++ b/windows/security/application-security/toc.yml @@ -0,0 +1,8 @@ +items: +- name: Overview + href: ../apps.md +- name: Application Control + href: application-control/toc.yml +- name: Application Isolation + href: application-isolation/toc.yml + diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml new file mode 100644 index 0000000000..87f69eadc0 --- /dev/null +++ b/windows/security/cloud-security/toc.yml @@ -0,0 +1,18 @@ +items: +- name: Overview + href: ../../cloud.md +- name: Join Active Directory and Azure AD with single sign-on (SSO) ⇒ + href: /azure/active-directory/devices/concept-azure-ad-join +- name: Security baselines with Intune ⇒ + href: /mem/intune/protect/security-baselines +- name: Remote wipe (Autopilot reset) ⇒ + href: /windows/client-management/mdm/remotewipe-csp +- name: Mobile Device Management (MDM) ⇒ + href: /windows/client-management/mdm/ +- name: Universal Print ⇒ + href: /universal-print +- name: Windows Autopatch ⇒ + href: /windows/deployment/windows-autopatch +- name: Windows Autopilot ⇒ + href: /windows/deployment/windows-autopilot + diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml index ea8046d653..a812a513d8 100644 --- a/windows/security/hardware-security/toc.yml +++ b/windows/security/hardware-security/toc.yml @@ -42,11 +42,11 @@ items: href: /windows-hardware/design/device-experiences/oem-vbs - name: Memory integrity (HVCI) href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md - - name: Memory integrity and VBS enablement + - name: Memory integrity and VBS enablement ⇒ href: /windows-hardware/design/device-experiences/oem-hvci-enablement - name: Hardware-enforced stack protection href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815 - - name: Secured-core PC + - name: Secured-core PC ⇒ href: /windows-hardware/design/device-experiences/oem-highly-secure-11 - name: Kernel Direct Memory Access (DMA) protection href: ../information-protection/kernel-dma-protection-for-thunderbolt.md diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml index 55be6bbf33..16b2a51847 100644 --- a/windows/security/identity-protection/toc.yml +++ b/windows/security/identity-protection/toc.yml @@ -7,10 +7,14 @@ items: items: - name: Windows Hello for Business ⇒ href: hello-for-business/index.yml - - name: Windows presence sensing + - name: Windows presence sensing ⇒ href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb - - name: FIDO 2 security keys ⇒ + - name: Windows Hello for Business Enhanced Security Sign-in (ESS) ⇒ + href: /windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security + - name: FIDO 2 security key ⇒ href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key + - name: Federated sign-in ⇒ + href: /education/windows/federated-sign-in - name: Smart Cards href: smart-cards/smart-card-windows-smart-card-technical-reference.md items: @@ -54,12 +58,26 @@ items: href: virtual-smart-cards/virtual-smart-card-evaluate-security.md - name: Tpmvscmgr href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md - - name: Windows LAPS (Local Administrator Password Solution) ⇒ - href: /windows-server/identity/laps/laps-overview - - name: Enterprise Certificate Pinning - href: enterprise-certificate-pinning.md - - name: Credential Guard + - name: Windows LAPS (Local Administrator Password Solution) ⇒ + href: /windows-server/identity/laps/laps-overview + - name: Enterprise Certificate Pinning + href: enterprise-certificate-pinning.md + - name: Advanced credential protection items: + - name: Account Lockout Policy + href: ../threat-protection/security-policy-settings/account-lockout-policy.md + - name: Technical support policy for lost or forgotten passwords + href: password-support-policy.md + - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen + href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md + - name: Access Control + items: + - name: Overview + href: access-control/access-control.md + - name: Local Accounts + href: access-control/local-accounts.md + - name: Windows Defender Credential Guard + items: - name: Protect derived domain credentials with Credential Guard href: credential-guard/credential-guard.md - name: How Credential Guard works @@ -76,25 +94,5 @@ items: href: credential-guard/additional-mitigations.md - name: Known issues href: credential-guard/credential-guard-known-issues.md - - name: Remote Credential Guard - href: remote-credential-guard.md - - name: Configuring LSA Protection - href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json - - name: Technical support policy for lost or forgotten passwords - href: password-support-policy.md - - name: Access Control - items: - - name: Overview - href: access-control/access-control.md - - name: Local Accounts - href: access-control/local-accounts.md - - name: User Account Control (UAC) - items: - - name: Overview - href: user-account-control/user-account-control-overview.md - - name: How User Account Control works - href: user-account-control/how-user-account-control-works.md - - name: User Account Control security policy settings - href: user-account-control/user-account-control-security-policy-settings.md - - name: User Account Control Group Policy and registry key settings - href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md \ No newline at end of file + - name: Windows Defender Remote Credential Guard + href: remote-credential-guard.md \ No newline at end of file diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml index bd47960568..bd7afea8da 100644 --- a/windows/security/operating-system-security/data-protection/toc.yml +++ b/windows/security/operating-system-security/data-protection/toc.yml @@ -100,4 +100,53 @@ items: - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md - name: Configure S/MIME for Windows - href: ../../identity-protection/configure-s-mime.md \ No newline at end of file + href: ../../identity-protection/configure-s-mime.md +- name: Windows Information Protection (WIP) + href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md + items: + - name: Create a WIP policy using Microsoft Intune + href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md + items: + - name: Create a WIP policy in Microsoft Intune + href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md + items: + - name: Deploy your WIP policy in Microsoft Intune + href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md + - name: Associate and deploy a VPN policy for WIP in Microsoft Intune + href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md + - name: Create and verify an EFS Data Recovery Agent (DRA) certificate + href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md + - name: Determine the enterprise context of an app running in WIP + href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md + - name: Create a WIP policy using Microsoft Configuration Manager + href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md + items: + - name: Create and deploy a WIP policy in Configuration Manager + href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md + - name: Create and verify an EFS Data Recovery Agent (DRA) certificate + href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md + - name: Determine the enterprise context of an app running in WIP + href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md + - name: Mandatory tasks and settings required to turn on WIP + href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md + - name: Testing scenarios for WIP + href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md + - name: Limitations while using WIP + href: ../../information-protection/windows-information-protection/limitations-with-wip.md + - name: How to collect WIP audit event logs + href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md + - name: General guidance and best practices for WIP + href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md + items: + - name: Enlightened apps for use with WIP + href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md + - name: Unenlightened and enlightened app behavior while using WIP + href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md + - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP + href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md + - name: Using Outlook Web Access with WIP + href: ../../information-protection/windows-information-protection/using-owa-with-wip.md + - name: Fine-tune WIP Learning + href: ../../information-protection/windows-information-protection/wip-learning.md + - name: Disable WIP + href: ../../information-protection/windows-information-protection/how-to-disable-wip.md \ No newline at end of file diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml index 154075b5f4..b52d3b78a7 100644 --- a/windows/security/operating-system-security/device-management/toc.yml +++ b/windows/security/operating-system-security/device-management/toc.yml @@ -5,7 +5,11 @@ items: href: ../../threat-protection/security-policy-settings/security-policy-settings.md - name: Security auditing href: ../../threat-protection/auditing/security-auditing-overview.md -- name: Windows security baselines + - name: Secured-core configuration lock + href: ../../../client-management/config-lock + - name: Assigned Access (kiosk mode) + href: ../../../configuration/kiosk-methods +- name: Security baselines href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md items: - name: Security Compliance Toolkit @@ -21,53 +25,4 @@ items: - name: Use Windows Event Forwarding to help with intrusion detection href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md - name: Block untrusted fonts in an enterprise - href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md - - name: Windows Information Protection (WIP) - href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md - items: - - name: Create a WIP policy using Microsoft Intune - href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md - items: - - name: Create a WIP policy in Microsoft Intune - href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md - items: - - name: Deploy your WIP policy in Microsoft Intune - href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md - - name: Associate and deploy a VPN policy for WIP in Microsoft Intune - href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md - - name: Create and verify an EFS Data Recovery Agent (DRA) certificate - href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md - - name: Determine the enterprise context of an app running in WIP - href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md - - name: Create a WIP policy using Microsoft Configuration Manager - href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md - items: - - name: Create and deploy a WIP policy in Configuration Manager - href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md - - name: Create and verify an EFS Data Recovery Agent (DRA) certificate - href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md - - name: Determine the enterprise context of an app running in WIP - href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md - - name: Mandatory tasks and settings required to turn on WIP - href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md - - name: Testing scenarios for WIP - href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md - - name: Limitations while using WIP - href: ../../information-protection/windows-information-protection/limitations-with-wip.md - - name: How to collect WIP audit event logs - href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md - - name: General guidance and best practices for WIP - href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md - items: - - name: Enlightened apps for use with WIP - href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md - - name: Unenlightened and enlightened app behavior while using WIP - href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md - - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP - href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md - - name: Using Outlook Web Access with WIP - href: ../../information-protection/windows-information-protection/using-owa-with-wip.md - - name: Fine-tune WIP Learning - href: ../../information-protection/windows-information-protection/wip-learning.md - - name: Disable WIP - href: ../../information-protection/windows-information-protection/how-to-disable-wip.md \ No newline at end of file + href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md \ No newline at end of file diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml index 0649858634..a8c5cdf1e5 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml +++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml @@ -3,6 +3,8 @@ items: href: ../../threat-protection/index.md - name: Microsoft Defender Antivirus href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows +- name: Configuring LSA Protection + href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json - name: Attack surface reduction (ASR) href: /microsoft-365/security/defender-endpoint/attack-surface-reduction - name: Tamper protection for MDE diff --git a/windows/security/security-foundations/certification/toc.yml b/windows/security/security-foundations/certification/toc.yml new file mode 100644 index 0000000000..70d9d800b8 --- /dev/null +++ b/windows/security/security-foundations/certification/toc.yml @@ -0,0 +1,5 @@ +items: +- name: FIPS 140-2 Validation + href: ../../threat-protection/fips-140-validation.md +- name: Common Criteria Certifications + href: ../../threat-protection/windows-platform-common-criteria.md \ No newline at end of file diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml new file mode 100644 index 0000000000..d52c477387 --- /dev/null +++ b/windows/security/security-foundations/toc.yml @@ -0,0 +1,7 @@ +items: +- name: Overview + href: ../security-foundations.md +- name: Microsoft Security Development Lifecycle + href: ../threat-protection/msft-security-dev-lifecycle.md +- name: Certification + href: certification/toc.yml \ No newline at end of file