Merge branch 'security-book-24' of github.com:paolomatarazzo/windows-docs-pr into security-book-24

windows/security/book/cloud-services-protect-your-personal-information.md

@@ -33,7 +33,7 @@ When location services and *Find my device* settings are turned on, basic system
 
 ## OneDrive for personal
 
-Microsoft OneDrive for personal<sup>[\[11\]](conclusion.md#footnote11)</sup> offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
+Microsoft OneDrive for personal<sup>[\[10\]](conclusion.md#footnote10)</sup> offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
 
 - If a device is lost or stolen, users can quickly recover all their important files from the cloud
 - If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks

windows/security/book/cloud-services-protect-your-work-information.md

@@ -130,7 +130,7 @@ Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> is a comprehensive c
 
 Intune works with Microsoft Entra ID to manage security features and processes, including multifactor authentication and conditional access.
 
-Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies<sup>[\[12\]](conclusion.md#footnote12)</sup>. For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot.
+Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies<sup>[\[11\]](conclusion.md#footnote11)</sup>. For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot.
 
 Windows 11 enables IT professionals to move to the cloud while consistently enforcing security policies. Windows 11 provides expanded support for group policy administrative templates (ADMX-backed policies) in cloud-native device management solutions like Microsoft Intune, enabling IT professionals to easily apply the same security policies to both on-premises and remote devices.
 

windows/security/book/conclusion.md

@@ -64,10 +64,9 @@ Enhanced:
 |**<sup><a name="footnote6"></a>6</sup>**| Commissioned study delivered by Forrester Consulting "The Total Economic Impact&trade; of Windows 11 Pro Devices", December 2022. Note, quantified benefits reflect results over three years combined into a single composite organization that generates $1 billion in annual revenue, has 2,000 employees, refreshes hardware on a four-year cycle, and migrates the entirety of its workforce to Windows 11 devices.|
 |**<sup><a name="footnote7"></a>7</sup>**| Feature or functionality delivered using [servicing technology](https://support.microsoft.com/topic/b0aa0a27-ea9a-4365-9224-cb155e517f12).|
 |**<sup><a name="footnote8"></a>8</sup>**| Email encryption is supported on products such as Microsoft Exchange Server and Microsoft Exchange Online.|
-|**<sup><a name="footnote9"></a>9</sup>**| Microsoft internal data.|
-|**<sup><a name="footnote10"></a>10</sup>**| Hardware dependent.|
-|**<sup><a name="footnote11"></a>11</sup>**|All users with a Microsoft Account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
-|**<sup><a name="footnote12"></a>12</sup>**|The Total Economic Impact&trade; of Windows Pro Device, Forrester study commissioned by Microsoft, June 2020.|
+|**<sup><a name="footnote9"></a>9</sup>**| Hardware dependent.|
+|**<sup><a name="footnote10"></a>10</sup>**|All users with a Microsoft Account get 5GB of OneDrive storage free, and all Microsoft 365 subscriptions include 1TB of OneDrive storage. Additional OneDrive storage is sold separately.|
+|**<sup><a name="footnote11"></a>11</sup>**|The Total Economic Impact&trade; of Windows Pro Device, Forrester study commissioned by Microsoft, June 2020.|
 
 
 ---

windows/security/book/hardware-security-hardware-root-of-trust.md

@@ -29,6 +29,10 @@ As with other TPMs, credentials, encryption keys, and other sensitive informatio
 
 Pluton also solves the major security challenge of keeping its own security processor firmware up to date across the entire PC ecosystem. Today customers receive security firmware updates from different sources, which might make it difficult to get alerts about security updates, and keeping systems in a vulnerable state. Pluton provides a flexible, updateable platform for its firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton is integrated with the Windows Update service, benefiting from over a decade of operational experience in reliably delivering updates across over a billion endpoint systems. Microsoft Pluton is available with select new Windows PCs.
 
+Pluton aims to ensure long-term security resilience. With the rising threat landscape influenced by artificial intelligence, memory safety will become ever more critical. To meet these demands, in addition to facilitating reliable updates to security processor firmware, we chose the open-source Tock system as the Rust-based foundation to develop the Pluton security processor firmware and actively contribute back to the Tock community. This collaboration with an open community ensures rigorous security scrutiny, and using Rust mitigates memory safety threats.
+
+Ultimately, Pluton establishes the security backbone for Copilot + PC, thanks to tight partnerships with our silicon collaborators and OEMs. The Qualcomm Snapdragon X, AMD Ryzen AI, and Intel Core Ultra 200V mobile processors (codenamed Lunar Lake) processor platforms all incorporate Pluton as their security subsystem . 
+
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
 - [Microsoft Pluton processor - The security chip designed for the future of Windows PCs][LINK-4]

windows/security/book/hardware-security-silicon-assisted-security.md

@@ -13,7 +13,7 @@ In addition to a modern hardware root-of-trust, there are multiple capabilities
 
 ## Secured kernel
 
-To secure the kernel, we have two key features: Virtualization-based security (VBS) and hypervisor-protected code integrity (HVCI). All Windows 11 devices support HVCI and most new devices come with VBS and HVCI protection turned on by default.
+To secure the kernel, we have two key features: Virtualization-based security (VBS) and hypervisor-protected code integrity (HVCI). All Windows 11 devices support HVCI and come with VBS and HVCI protection turned on by default on most/all devices.
 
 ### Virtualization-based security (VBS)
 

windows/security/book/identity-protection-advanced-credential-protection.md

@@ -19,7 +19,7 @@ By loading only trusted, signed code, LSA provides significant protection agains
 
 [!INCLUDE [new-24h2](includes/new-24h2.md)]
 
-To help keep these credentials safe, LSA protection is enabled by default on all devices (MSA, Microsoft Entra joined, hybrid, and local). For new installs, LSA protection is enabled immediately, and for upgrades, it's enabled after an evaluation period.
+To help keep these credentials safe, LSA protection is enabled by default on all devices (MSA, Microsoft Entra joined, hybrid, and local). For new installs, it is enabled immediately. For upgrades, it is enabled after rebooting after an evaluation period of 10 days.
 
 Users have the ability to manage the LSA protection state in the Windows Security application under **Device Security** > **Core Isolation** > **Local Security Authority protection**.
 

windows/security/book/identity-protection-passwordless-sign-in.md

@@ -53,7 +53,7 @@ If a peripheral camera is attached to the device after enrollment, it can be use
 
 ## Windows presence sensing
 
-Windows presence sensing<sup>[\[10\]](conclusion.md#footnote10)</sup> provides another layer of data security protection for hybrid workers. Windows 11 devices can intelligently adapt to a user's presence to help them stay secure and productive, whether they're working at home, the office, or a public environment.
+Windows presence sensing<sup>[\[9\]](conclusion.md#footnote9)</sup> provides another layer of data security protection for hybrid workers. Windows 11 devices can intelligently adapt to a user's presence to help them stay secure and productive, whether they're working at home, the office, or a public environment.
 
 Windows presence sensing combines presence detection sensors with Windows Hello facial recognition to sign the user in hands-free and automatically locks the device when the user leaves. With adaptive dimming, the PC dims the screen when the user looks away on compatible devices with presence sensors. It's also easier than ever to configure presence sensors on devices, with easy enablement in the out-of-the-box experience and new links in Settings to help find presence sensing features. Device manufacturers can customize and build extensions for the presence sensor.