Merge pull request #8623 from paolomatarazzo/pm-20230728-security-landing

[Security] Landing page refresh

includes/licensing/_edition-requirements.md

@@ -44,11 +44,11 @@ ms.topic: include
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|
 |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|
 |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|
-|**OneFuzz service**|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|

includes/licensing/_licensing-requirements.md

@@ -44,11 +44,11 @@ ms.topic: include
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|

includes/licensing/federated-sign-in.md

@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+|Yes|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

windows/hub/breadcrumb/toc.yml

@@ -37,29 +37,31 @@ items:
             tocHref: /windows/security/
             topicHref: /windows/security/
             items:
+              - name: Hardware security
+                tocHref: /windows/security/hardware-security/
+                topicHref: /windows/security/hardware-security/
+              - name: Operating system security
+                tocHref: /windows/security/operating-system-security/
+                topicHref: /windows/security/operating-system-security/
               - name: Identity protection
                 tocHref: /windows/security/identity-protection/
                 topicHref: /windows/security/identity-protection/
+              - name: Application security
+                tocHref: /windows/security/application-security/
+                topicHref: /windows/security/application-security/
                 items:
-                - name: Windows Hello for Business
+                  - name: Application Control for Windows
-                  tocHref: /windows/security/identity-protection/hello-for-business/
+                    tocHref: /windows/security/application-security/application-control/windows-defender-application-control/
-                  topicHref: /windows/security/identity-protection/hello-for-business
+                    topicHref: /windows/security/application-security/application-control/windows-defender-application-control/
+                  - name: Microsoft Defender Application Guard
+                    tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/
+                    topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
+              - name: Security foundations
+                tocHref: /windows/security/security-foundations/
+                topicHref: /windows/security/security-foundations/
               - name: Security auditing
                 tocHref: /windows/security/threat-protection/auditing/
                 topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
-              - name: Microsoft Defender Application Guard
-                tocHref: /windows/security/threat-protection/microsoft-defender-application-guard/
-                topicHref: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
               - name: Security policy settings
                 tocHref: /windows/security/threat-protection/security-policy-settings/
-                topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
+                topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
-              - name: Application Control for Windows
-                tocHref: /windows/security/threat-protection/windows-defender-application-control/
-                topicHref: /windows/security/threat-protection/windows-defender-application-control/
-              - name: OS
-                tocHref: /windows/security/operating-system-security/
-                topicHref: /windows/security/operating-system-security/
-              - name: Windows Defender Firewall
-                tocHref: /windows/security/operating-system-security/network-security/windows-firewall/
-                topicHref: /windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security
-                

windows/security/includes/sections/security-foundations.md

@@ -9,9 +9,9 @@ ms.topic: include
 
 | Feature name | Description |
 |:---|:---|
-| **Microsoft Security Development Lifecycle (SDL)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. |
+| **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. |
-| **OneFuzz service** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.  |
+| **[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.  |
-| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.<br><br>Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows.  |
+| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.<br><br>Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quickly fix the issues before releasing the final Windows.  |
 
 ## Certification
 

windows/security/index.yml

@@ -1,162 +1,168 @@
-### YamlMime:Landing
+### YamlMime:Hub
 
-title: Windows security
+title: Windows client security documentation
-summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
+summary: Learn how to secure Windows clients for your organization.
+brand: windows
 
 metadata:
-  title: Windows security
+  ms.topic: hub-page
-  description: Learn about Windows security technologies and how to use them to protect your data and devices.
-  ms.topic: landing-page
   ms.prod: windows-client
-  ms.technology: itpro-security
   ms.collection:
+    - highpri
     - tier1
   author: paolomatarazzo
   ms.author: paoloma
-  ms.date: 12/19/2022
+  manager: aaroncz
+  ms.date: 07/28/2023
 
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+highlightedContent:
+  items:
+  - title: Get started with Windows security
+    itemType: get-started
+    url: introduction.md
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Security features licensing and edition requirements
+    itemType: overview
+    url: /windows/security/licensing-and-edition-requirements
 
-landingContent:
+
-# Cards and links should be based on top customer tasks or top subjects
+productDirectory:
-# Start card title with a verb
+  title: Get started
-  # Card (optional)
+  items:
-  - title: Zero Trust and Windows
+
-    linkLists:
+    - title: Hardware security
-      - linkListType: overview
+      imageSrc: /media/common/i_usb.svg
-        links:
+      links:
-        - text: Overview
+        - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
-          url: zero-trust-windows-device-health.md
+          text: Trusted Platform Module
-# Cards and links should be based on top customer tasks or top subjects
+        - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
-# Start card title with a verb
+          text: Microsoft Pluton
-  # Card (optional)
+        - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
-  - title: Hardware security
+          text: Windows Defender System Guard
-    linkLists:
+        - url: /windows-hardware/design/device-experiences/oem-vbs
-      - linkListType: overview
+          text: Virtualization-based security (VBS)
-        links:
+        - url: /windows-hardware/design/device-experiences/oem-highly-secure-11
-        - text: Overview
+          text: Secured-core PC
-          url: hardware.md
+        - url: /windows/security/hardware-security
-      - linkListType: concept
+          text: Learn more about hardware security >
-        links:
+
-        - text: Trusted Platform Module
+    - title: OS security
-          url: hardware-security/tpm/trusted-platform-module-top-node.md
+      imageSrc: /media/common/i_threat-protection.svg
-        - text: Windows Defender System Guard firmware protection
+      links:
-          url: hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
+        - url: /windows/security/operating-system-security
-        - text: System Guard Secure Launch and SMM protection enablement
+          text: Trusted boot
-          url: hardware-security/system-guard-secure-launch-and-smm-protection.md
+        - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
-        - text: Virtualization-based protection of code integrity
+          text: Windows security settings
-          url: hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+        - url: 	/windows/security/operating-system-security/data-protection/bitlocker/
-        - text: Kernel DMA Protection
+          text: BitLocker
-          url: hardware-security/kernel-dma-protection-for-thunderbolt.md
+        - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-# Cards and links should be based on top customer tasks or top subjects
+          text: Windows security baselines
-# Start card title with a verb
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
-  # Card (optional)
+          text: MMicrosoft Defender SmartScreen
-  - title: Operating system security
+        - url: /windows/security/operating-system-security
-    linkLists:
+          text: Learn more about OS security >
-      - linkListType: overview
+
-        links:
+    - title: Identity protection
-        - text: Overview
+      imageSrc: /media/common/i_identity-protection.svg
-          url: operating-system-security/index.md
+      links:
-      - linkListType: concept
+        - url: /windows/security/identity-protection/hello-for-business
-        links:
+          text: Windows Hello for Business
-        - text: Trusted boot
+        - url: /windows/security/identity-protection/credential-guard
-          url: operating-system-security\system-security\trusted-boot.md
+          text: Windows Defender Credential Guard
-        - text: Windows security baselines
+        - url: /windows-server/identity/laps/laps-overview
-          url: operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
+          text: Windows LAPS (Local Administrator Password Solution)
-        - text: Virtual private network guide
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
-          url: operating-system-security/network-security/vpn/vpn-guide.md
+          text: Enhanced phishing protection with SmartScreen
-        - text: Windows Defender Firewall
+        - url: /education/windows/federated-sign-in
-          url: operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
+          text: Federated sign-in (EDU)
-        - text: Virus & threat protection
+        - url: /windows/security/identity-protection
-          url: threat-protection/index.md
+          text: Learn more about identity protection >
-# Cards and links should be based on top customer tasks or top subjects
+
-# Start card title with a verb
+    - title: Application security
-  # Card (optional)
+      imageSrc: /media/common/i_queries.svg
-  - title: Application security
+      links:
-    linkLists:
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/
-      - linkListType: overview
+          text: Windows Defender Application Control (WDAC)
-        links:
+        - url: /windows/security/application-security/application-control/user-account-control
-        - text: Overview
+          text: User Account Control (UAC)
-          url: application-security/index.md
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
-      - linkListType: concept
+          text: Microsoft vulnerable driver blocklist
-        links:
+        - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
-        - text: Application Control and virtualization-based protection
+          text: Microsoft Defender Application Guard (MDAG)
-          url: application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+        - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
-        - text: Application Control
+          text: Windows Sandbox
-          url: application-security/application-control/windows-defender-application-control/wdac.md
+        - url: /windows/security/application-security
-        - text: Application Guard
+          text: Learn more about application security >
-          url: application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
+
-        - text: Windows Sandbox
+    - title: Security foundations
-          url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md
+      imageSrc: /media/common/i_build.svg
-        - text: Microsoft Defender SmartScreen
+      links:
-          url: operating-system-security\virus-and-threat-protection\microsoft-defender-smartscreen\index.md
+        - url: /windows/security/security-foundations/certification/fips-140-validation
-        - text: S/MIME for Windows
+          text: FIPS 140-2 validation
-          url: operating-system-security/data-protection/configure-s-mime.md
+        - url: /windows/security/security-foundations/certification/windows-platform-common-criteria
-# Cards and links should be based on top customer tasks or top subjects
+          text: Common Criteria Certifications
-# Start card title with a verb
+        - url: /windows/security/security-foundations/msft-security-dev-lifecycle
-  # Card (optional)
+          text: Microsoft Security Development Lifecycle (SDL)
-  - title: User security and secured identity
+        - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
-    linkLists:
+          text: Microsoft Windows Insider Preview bounty program
-      - linkListType: overview
+        - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
-        links:
+          text: OneFuzz service
-        - text: Overview
+        - url: /windows/security/security-foundations
-          url: identity.md
+          text: Learn more about security foundations >
-      - linkListType: concept
+
-        links:
+    - title: Cloud security
-        - text: Windows Hello for Business
+      imageSrc: /media/common/i_cloud-security.svg
-          url: identity-protection/hello-for-business/index.md
+      links:
-        - text: Protect domain credentials
+        - url: /mem/intune/protect/security-baselines
-          url: identity-protection/credential-guard/credential-guard.md
+          text: Security baselines with Intune
-        - text: Windows Defender Credential Guard
+        - url: /windows/deployment/windows-autopatch
-          url: identity-protection/credential-guard/credential-guard.md
+          text: Windows Autopatch
-        - text: Lost or forgotten passwords
+        - url: /windows/deployment/windows-autopilot
-          url: identity-protection/password-support-policy.md
+          text: Windows Autopilot
-        - text: Access control
+        - url: /universal-print
-          url: identity-protection/access-control/access-control.md
+          text: Universal Print
-        - text: Smart cards
+        - url: /windows/client-management/mdm/remotewipe-csp
-          url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+          text: Remote wipe
-# Cards and links should be based on top customer tasks or top subjects
+        - url: /windows/security/cloud-security
-# Start card title with a verb
+          text: Learn more about cloud security >
-  # Card (optional)
+
-  - title: Cloud services
+additionalContent:
-    linkLists:
+  sections:
-      - linkListType: concept
+    - title: More Windows resources
-        links:
+      items:
-        - text: Mobile device management
+
-          url: /windows/client-management/mdm/
+        - title: Windows Server
-        - text: Azure Active Directory
+          links:
-          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
+            - text: Windows Server documentation
-        - text: Your Microsoft Account
+              url: /windows-server
-          url: identity-protection/access-control/microsoft-accounts.md
+            - text: What's new in Windows Server 2022?
-        - text: OneDrive
+              url: /windows-server/get-started/whats-new-in-windows-server-2022
-          url: /onedrive/onedrive
+            - text: Windows Server blog
-        - text: Family safety
+              url: https://cloudblogs.microsoft.com/windowsserver/
-          url: operating-system-security\system-security\windows-defender-security-center\wdsc-family-options.md
+
-# Cards and links should be based on top customer tasks or top subjects
+        - title: Windows product site and blogs
-# Start card title with a verb
+          links:
-  # Card (optional)
+            - text: Find out how Windows enables your business to do more
-  - title: Security foundations
+              url: https://www.microsoft.com/microsoft-365/windows
-    linkLists:
+            - text: Windows blogs
-      - linkListType: overview
+              url: https://blogs.windows.com/
-        links:
+            - text: Windows IT Pro blog
-        - text: Overview
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-          url: security-foundations/index.md
+            - text: Microsoft Intune blog
-      - linkListType: reference
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
-        links:
+            - text: "Windows help & learning: end-user documentation"
-          - text: Microsoft Security Development Lifecycle
+              url: https://support.microsoft.com/windows
-            url: threat-protection/msft-security-dev-lifecycle.md
+
-          - text: Microsoft Bug Bounty
+        - title: Participate in the community
-            url: /microsoft-365/security/intelligence/microsoft-bug-bounty-program
+          links:
-          - text: Common Criteria Certifications
+            - text: Windows community
-            url: threat-protection/windows-platform-common-criteria.md
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            - text: Microsoft Intune community
-            url: threat-protection/fips-140-validation.md
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
-# Cards and links should be based on top customer tasks or top subjects
+            - text: Microsoft Support community
-# Start card title with a verb
+              url: https://answers.microsoft.com/windows/forum
-  # Card (optional)
-  - title: Privacy controls
-    linkLists:
-      - linkListType: reference
-        links:
-        - text: Windows and Privacy Compliance
-          url: /windows/privacy/windows-10-and-privacy-compliance

windows/security/security-foundations/toc.yml

@@ -3,7 +3,13 @@ items:
   href: index.md
 - name: Zero Trust and Windows
   href: zero-trust-windows-device-health.md
-- name: Microsoft Security Development Lifecycle
+- name: Offensive research
-  href: msft-security-dev-lifecycle.md
+  items:
+  - name: Microsoft Security Development Lifecycle
+    href: msft-security-dev-lifecycle.md
+  - name: OneFuzz service
+    href: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+  - name: Microsoft Windows Insider Preview bounty program 🔗
+    href: https://www.microsoft.com/msrc/bounty-windows-insider-preview
 - name: Certification
-  href: certification/toc.yml
+  href: certification/toc.yml

windows/security/toc.yml

@@ -1,6 +1,4 @@
 items:
-- name: Windows security
-  href: index.yml
 - name: Introduction to Windows security
   href: introduction.md
 - name: Security features licensing and edition requirements