Merge branch 'main' into pm-7847341-bitlocker-refresh

windows/security/identity-protection/web-sign-in/index.md

@@ -28,6 +28,9 @@ To use web sign-in, the clients must meet the following prerequisites:
 - Must be [Microsoft Entra joined](/entra/identity/devices/concept-directory-join)
 - Must have Internet connectivity, as the authentication is done over the Internet
 
+> [!IMPORTANT]
+> Web sign-in is not supported for Microsoft Entra hybrid joined or domain joined devices.
+
 [!INCLUDE [federated-sign-in](../../../../includes/licensing/web-sign-in.md)]
 
 ## Configure web sign-in

windows/security/includes/virtual-smart-card-deprecation-notice.md

@@ -1,9 +1,9 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 02/22/2023
+ms.date: 11/04/2023
 ms.topic: include
 ---
 
 > [!WARNING]
-> [Windows Hello for Business](../identity-protection/hello-for-business/hello-identity-verification.md) is the modern, two-factor authentication for Windows. Microsoft will deprecate virtual smart cards in the near future. Customers using virtual smart cards are strongly encouraged to move to Windows Hello for Business. Microsoft will publish the deprecation date to ensure customers have adequate lead time to move to Windows Hello for Business. We recommend that new Windows deployments use Windows Hello for Business.
+> [Windows Hello for Business](../identity-protection/hello-for-business/index.md) and FIDO2 security keys are modern, two-factor authentication methods for Windows. Customers using virtual smart cards are encouraged to move to Windows Hello for Business or FIDO2. For new Windows installations, we recommend Windows Hello for Business or FIDO2 security keys.

windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml

@@ -11,48 +11,41 @@ summary: |
   Here are some answers to common questions regarding Personal Data Encryption (PDE)
 
 sections:
-  - name: Single section - ignored
+  - name: General
     questions:
       - question: Can PDE encrypt entire volumes or drives?
         answer: |
           No. PDE only encrypts specified files and content.
-
-      - question: Is PDE a replacement for BitLocker?
-        answer: |
-          No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
-
       - question: How are files and content protected by PDE selected?
         answer: |
           [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files and content are protected using PDE.
-
-      - question: Do I need to use OneDrive in Microsoft 365 as my backup provider?
-        answer: |
-          No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.
-
-      - question: What is the relation between Windows Hello for Business and PDE?
-        answer: |
-          During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.
-
-      - question: Can a file be protected with both PDE and EFS at the same time?
-        answer: |
-          No. PDE and EFS are mutually exclusive.
-
-      - question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?
-        answer: |
-          No. Accessing PDE protected content over RDP isn't currently supported.
-
-      - question: Can PDE protected content be accessed via a network share?
-        answer: |
-          No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
-
       - question: Can users manually encrypt and decrypt files with PDE?
         answer: |
           Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section [Decrypt PDE-encrypted content](configure.md#decrypt-pde-encrypted-content). 
-
-      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
+      - question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?
         answer: |
-          No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
-
+          No. Accessing PDE protected content over RDP isn't currently supported.
+      - question: Can PDE protected content be accessed via a network share?
+        answer: |
+          No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
       - question: What encryption method and strength does PDE use?
         answer: |
           PDE uses AES-CBC with a 256-bit key to encrypt content.
+
+  - name: PDE and other Windows features
+    questions:
+      - question: What is the relation between Windows Hello for Business and PDE?
+        answer: |
+          During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.
+      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
+        answer: |
+          No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
+      - question: Can a file be protected with both PDE and EFS at the same time?
+        answer: |
+          No. PDE and EFS are mutually exclusive.
+      - question: Is PDE a replacement for BitLocker?
+        answer: |
+          No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
+      - question: Do I need to use OneDrive in Microsoft 365 as my backup provider?
+        answer: |
+          No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.