Merge pull request #8623 from paolomatarazzo/pm-20230728-security-landing

[Security] Landing page refresh

includes/licensing/_edition-requirements.md

@@ -44,11 +44,11 @@ ms.topic: include
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|
 |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|
 |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|
-|**OneFuzz service**|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|

includes/licensing/_licensing-requirements.md

@@ -44,11 +44,11 @@ ms.topic: include
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|

includes/licensing/federated-sign-in.md

@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+|Yes|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

windows/hub/breadcrumb/toc.yml

@@ -37,29 +37,31 @@ items:
             tocHref: /windows/security/
             topicHref: /windows/security/
             items:
+              - name: Hardware security
+                tocHref: /windows/security/hardware-security/
+                topicHref: /windows/security/hardware-security/
+              - name: Operating system security
+                tocHref: /windows/security/operating-system-security/
+                topicHref: /windows/security/operating-system-security/
               - name: Identity protection
                 tocHref: /windows/security/identity-protection/
                 topicHref: /windows/security/identity-protection/
+              - name: Application security
+                tocHref: /windows/security/application-security/
+                topicHref: /windows/security/application-security/
                 items:
-                - name: Windows Hello for Business
+                  - name: Application Control for Windows
-                  tocHref: /windows/security/identity-protection/hello-for-business/
+                    tocHref: /windows/security/application-security/application-control/windows-defender-application-control/
-                  topicHref: /windows/security/identity-protection/hello-for-business
+                    topicHref: /windows/security/application-security/application-control/windows-defender-application-control/
+                  - name: Microsoft Defender Application Guard
+                    tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/
+                    topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
+              - name: Security foundations
+                tocHref: /windows/security/security-foundations/
+                topicHref: /windows/security/security-foundations/
               - name: Security auditing
                 tocHref: /windows/security/threat-protection/auditing/
                 topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
-              - name: Microsoft Defender Application Guard
-                tocHref: /windows/security/threat-protection/microsoft-defender-application-guard/
-                topicHref: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
               - name: Security policy settings
                 tocHref: /windows/security/threat-protection/security-policy-settings/
                 topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
-              - name: Application Control for Windows
-                tocHref: /windows/security/threat-protection/windows-defender-application-control/
-                topicHref: /windows/security/threat-protection/windows-defender-application-control/
-              - name: OS
-                tocHref: /windows/security/operating-system-security/
-                topicHref: /windows/security/operating-system-security/
-              - name: Windows Defender Firewall
-                tocHref: /windows/security/operating-system-security/network-security/windows-firewall/
-                topicHref: /windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security
-                

windows/security/includes/sections/security-foundations.md

@@ -9,9 +9,9 @@ ms.topic: include
 
 | Feature name | Description |
 |:---|:---|
-| **Microsoft Security Development Lifecycle (SDL)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. |
+| **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. |
-| **OneFuzz service** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.  |
+| **[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.  |
-| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.<br><br>Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows.  |
+| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.<br><br>Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quickly fix the issues before releasing the final Windows.  |
 
 ## Certification
 

windows/security/index.yml

@@ -1,162 +1,168 @@
-### YamlMime:Landing
+### YamlMime:Hub
 
-title: Windows security
+title: Windows client security documentation
-summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
+summary: Learn how to secure Windows clients for your organization.
+brand: windows
 
 metadata:
-  title: Windows security
+  ms.topic: hub-page
-  description: Learn about Windows security technologies and how to use them to protect your data and devices.
-  ms.topic: landing-page
   ms.prod: windows-client
-  ms.technology: itpro-security
   ms.collection:
+    - highpri
     - tier1
   author: paolomatarazzo
   ms.author: paoloma
-  ms.date: 12/19/2022
+  manager: aaroncz
+  ms.date: 07/28/2023
 
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+highlightedContent:
+  items:
+  - title: Get started with Windows security
+    itemType: get-started
+    url: introduction.md
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Security features licensing and edition requirements
+    itemType: overview
+    url: /windows/security/licensing-and-edition-requirements
+
+
+productDirectory:
+  title: Get started
+  items:
 
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Zero Trust and Windows
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: zero-trust-windows-device-health.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
     - title: Hardware security
-    linkLists:
+      imageSrc: /media/common/i_usb.svg
-      - linkListType: overview
       links:
-        - text: Overview
+        - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
-          url: hardware.md
+          text: Trusted Platform Module
-      - linkListType: concept
+        - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
+          text: Microsoft Pluton
+        - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
+          text: Windows Defender System Guard
+        - url: /windows-hardware/design/device-experiences/oem-vbs
+          text: Virtualization-based security (VBS)
+        - url: /windows-hardware/design/device-experiences/oem-highly-secure-11
+          text: Secured-core PC
+        - url: /windows/security/hardware-security
+          text: Learn more about hardware security >
+
+    - title: OS security
+      imageSrc: /media/common/i_threat-protection.svg
       links:
-        - text: Trusted Platform Module
+        - url: /windows/security/operating-system-security
-          url: hardware-security/tpm/trusted-platform-module-top-node.md
+          text: Trusted boot
-        - text: Windows Defender System Guard firmware protection
+        - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
-          url: hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
+          text: Windows security settings
-        - text: System Guard Secure Launch and SMM protection enablement
+        - url: 	/windows/security/operating-system-security/data-protection/bitlocker/
-          url: hardware-security/system-guard-secure-launch-and-smm-protection.md
+          text: BitLocker
-        - text: Virtualization-based protection of code integrity
+        - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-          url: hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+          text: Windows security baselines
-        - text: Kernel DMA Protection
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
-          url: hardware-security/kernel-dma-protection-for-thunderbolt.md
+          text: MMicrosoft Defender SmartScreen
-# Cards and links should be based on top customer tasks or top subjects
+        - url: /windows/security/operating-system-security
-# Start card title with a verb
+          text: Learn more about OS security >
-  # Card (optional)
+
-  - title: Operating system security
+    - title: Identity protection
-    linkLists:
+      imageSrc: /media/common/i_identity-protection.svg
-      - linkListType: overview
       links:
-        - text: Overview
+        - url: /windows/security/identity-protection/hello-for-business
-          url: operating-system-security/index.md
+          text: Windows Hello for Business
-      - linkListType: concept
+        - url: /windows/security/identity-protection/credential-guard
-        links:
+          text: Windows Defender Credential Guard
-        - text: Trusted boot
+        - url: /windows-server/identity/laps/laps-overview
-          url: operating-system-security\system-security\trusted-boot.md
+          text: Windows LAPS (Local Administrator Password Solution)
-        - text: Windows security baselines
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
-          url: operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
+          text: Enhanced phishing protection with SmartScreen
-        - text: Virtual private network guide
+        - url: /education/windows/federated-sign-in
-          url: operating-system-security/network-security/vpn/vpn-guide.md
+          text: Federated sign-in (EDU)
-        - text: Windows Defender Firewall
+        - url: /windows/security/identity-protection
-          url: operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
+          text: Learn more about identity protection >
-        - text: Virus & threat protection
+
-          url: threat-protection/index.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
     - title: Application security
-    linkLists:
+      imageSrc: /media/common/i_queries.svg
-      - linkListType: overview
       links:
-        - text: Overview
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/
-          url: application-security/index.md
+          text: Windows Defender Application Control (WDAC)
-      - linkListType: concept
+        - url: /windows/security/application-security/application-control/user-account-control
-        links:
+          text: User Account Control (UAC)
-        - text: Application Control and virtualization-based protection
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
-          url: application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+          text: Microsoft vulnerable driver blocklist
-        - text: Application Control
+        - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
-          url: application-security/application-control/windows-defender-application-control/wdac.md
+          text: Microsoft Defender Application Guard (MDAG)
-        - text: Application Guard
+        - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
-          url: application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
+          text: Windows Sandbox
-        - text: Windows Sandbox
+        - url: /windows/security/application-security
-          url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md
+          text: Learn more about application security >
-        - text: Microsoft Defender SmartScreen
+
-          url: operating-system-security\virus-and-threat-protection\microsoft-defender-smartscreen\index.md
-        - text: S/MIME for Windows
-          url: operating-system-security/data-protection/configure-s-mime.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: User security and secured identity
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: identity.md
-      - linkListType: concept
-        links:
-        - text: Windows Hello for Business
-          url: identity-protection/hello-for-business/index.md
-        - text: Protect domain credentials
-          url: identity-protection/credential-guard/credential-guard.md
-        - text: Windows Defender Credential Guard
-          url: identity-protection/credential-guard/credential-guard.md
-        - text: Lost or forgotten passwords
-          url: identity-protection/password-support-policy.md
-        - text: Access control
-          url: identity-protection/access-control/access-control.md
-        - text: Smart cards
-          url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Cloud services
-    linkLists:
-      - linkListType: concept
-        links:
-        - text: Mobile device management
-          url: /windows/client-management/mdm/
-        - text: Azure Active Directory
-          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
-        - text: Your Microsoft Account
-          url: identity-protection/access-control/microsoft-accounts.md
-        - text: OneDrive
-          url: /onedrive/onedrive
-        - text: Family safety
-          url: operating-system-security\system-security\windows-defender-security-center\wdsc-family-options.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
     - title: Security foundations
-    linkLists:
+      imageSrc: /media/common/i_build.svg
-      - linkListType: overview
       links:
-        - text: Overview
+        - url: /windows/security/security-foundations/certification/fips-140-validation
-          url: security-foundations/index.md
+          text: FIPS 140-2 validation
-      - linkListType: reference
+        - url: /windows/security/security-foundations/certification/windows-platform-common-criteria
+          text: Common Criteria Certifications
+        - url: /windows/security/security-foundations/msft-security-dev-lifecycle
+          text: Microsoft Security Development Lifecycle (SDL)
+        - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
+          text: Microsoft Windows Insider Preview bounty program
+        - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+          text: OneFuzz service
+        - url: /windows/security/security-foundations
+          text: Learn more about security foundations >
+
+    - title: Cloud security
+      imageSrc: /media/common/i_cloud-security.svg
       links:
-          - text: Microsoft Security Development Lifecycle
+        - url: /mem/intune/protect/security-baselines
-            url: threat-protection/msft-security-dev-lifecycle.md
+          text: Security baselines with Intune
-          - text: Microsoft Bug Bounty
+        - url: /windows/deployment/windows-autopatch
-            url: /microsoft-365/security/intelligence/microsoft-bug-bounty-program
+          text: Windows Autopatch
-          - text: Common Criteria Certifications
+        - url: /windows/deployment/windows-autopilot
-            url: threat-protection/windows-platform-common-criteria.md
+          text: Windows Autopilot
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
+        - url: /universal-print
-            url: threat-protection/fips-140-validation.md
+          text: Universal Print
-# Cards and links should be based on top customer tasks or top subjects
+        - url: /windows/client-management/mdm/remotewipe-csp
-# Start card title with a verb
+          text: Remote wipe
-  # Card (optional)
+        - url: /windows/security/cloud-security
-  - title: Privacy controls
+          text: Learn more about cloud security >
-    linkLists:
+
-      - linkListType: reference
+additionalContent:
+  sections:
+    - title: More Windows resources
+      items:
+
+        - title: Windows Server
           links:
-        - text: Windows and Privacy Compliance
+            - text: Windows Server documentation
-          url: /windows/privacy/windows-10-and-privacy-compliance
+              url: /windows-server
+            - text: What's new in Windows Server 2022?
+              url: /windows-server/get-started/whats-new-in-windows-server-2022
+            - text: Windows Server blog
+              url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum

windows/security/security-foundations/toc.yml

@@ -3,7 +3,13 @@ items:
   href: index.md
 - name: Zero Trust and Windows
   href: zero-trust-windows-device-health.md
+- name: Offensive research
+  items:
   - name: Microsoft Security Development Lifecycle
     href: msft-security-dev-lifecycle.md
+  - name: OneFuzz service
+    href: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+  - name: Microsoft Windows Insider Preview bounty program 🔗
+    href: https://www.microsoft.com/msrc/bounty-windows-insider-preview
 - name: Certification
   href: certification/toc.yml

windows/security/toc.yml

@@ -1,6 +1,4 @@
 items:
-- name: Windows security
-  href: index.yml
 - name: Introduction to Windows security
   href: introduction.md
 - name: Security features licensing and edition requirements