Update TOC with new sections and update image sources and alt-text in hardware-security.md

windows/security/book/conclusion.md

@@ -0,0 +1,72 @@
+---
+title: Conclusion
+description: Conclusion
+ms.topic: overview
+ms.date: 03/12/2024
+---
+
+# Conclusion
+
+We will continue to bring you new features to protect against evolving threats, simplify
+management, and securely enable new workstyles. With Windows 11 devices, organizations
+of all sizes can benefit from the security and performance to thrive anywhere.
+For the latest information and version of this document see windows.com/business/
+windows-11-security
+
+## What's new
+
+New:
+
+- Config Refresh
+- 5G and eSIM
+- Win32 apps in isolation (public preview)
+- Passkey
+- Sign-in Session Token Protection
+- Windows Local Administrator Password Solution (LAPS) (public preview)
+- Microsoft Intune Suite Endpoint Privilège Management (EPM)
+- Microsoft Intune Suite Endpoint Privilege Management (EPM)
+
+Enhanced:
+
+- Hardware security user experience
+- BitLocker to go
+- Device encryption
+- Windows Firewall
+- Server Message Block direct
+- Smart App Control (SAC) going into Enforcement mode
+- Application Control for Business
+- Enhanced Sign-in security (ESS)
+- Windows Hello for Business
+- Presence Detection
+- Wake on approach, lock on leave
+- Universal Print
+- Lockout policies for local admin
+- Enhanced Phishing protection
+
+## Document revision history
+
+| Date | Summary |
+|-|-|
+|November 2021 |Link updates and formatting.|
+|February 2022 |Revisions to Hardware root-of-trust, Virus and threat protection, and Windows Hello for Business content.|
+|April 2022| Added Upcoming features section.|
+| September 2022| Updates with Windows 11 2022 Update features and enhancements.|
+|April 2023| Minor edits and updates to edition availability.|
+|September 2023| Updates with Windows 11 2023 Update features and enhancement.|
+|May 2024| Move form PDF format to web format.|
+
+> The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
+>
+> This paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.
+>
+> Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
+>
+> Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
+>
+> © 2024 Microsoft Corporation. All rights reserved.
+>
+> Microsoft, list Microsoft trademarks used in your white paper alphabetically are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
+>
+> The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
+>
+> Part No. May 2024

windows/security/book/hardware-security.md

@@ -7,7 +7,7 @@ ms.date: 03/12/2024
 
 # Hardware security
 
-:::image type="content" source="images\hardware.png" alt-text="Diagram of containng a list of security features." lightbox="hardware.png" border="false":::
+:::image type="content" source="images\hardware.png" alt-text="Diagram of containng a list of security features." lightbox="images\hardware.png" border="false":::
 
 Today's ever-evolving threats require strong alignment between hardware and software technologies to keep users, data, and devices protected. The operating system alone cannot defend against the wide range of tools and techniques cybercriminals use to compromise a computer. Once they gain a foothold, intruders can be difficult to detect as they engage in multiple nefarious activities ranging from stealing important data and credentials to implanting malware into low-level device firmware. Once malware is installed in firmware, it becomes difficult to identify and remove. These new threats call for computing hardware that is secure down to the very core, including the hardware chips and processors that store sensitive business information. With hardware-based protection, we can enable strong mitigation against entire classes of vulnerabilities that are difficult to thwart with software alone. Hardware-based protection can also improve the system's overall security without measurably slowing performance, compared to implementing the same capability in software.
 

windows/security/book/index.md

@@ -45,7 +45,7 @@ Increase protection and efficiency with Windows 11 and chip-to-cloud security. M
 
 In Windows 11, hardware and software work together to protect sensitive data from the core of your PC all the way to the cloud. Comprehensive protection helps keep your organization secure, no matter where people work. This simple diagram shows the layers of protection in Windows 11, while each chapter provides a layer-by-layer deep dive into features.
 
-:::image type="content" source="images\chip-to-cloud.svg" alt-text="Diagram of chip-to-cloud containng a list of security features." lightbox="chip-to-cloud.svg" border="false":::
+:::image type="content" source="images\chip-to-cloud.png" alt-text="Diagram of chip-to-cloud containng a list of security features." lightbox="images\chip-to-cloud.png" border="false":::
 
 Learn more: [Windows security features licensing and edition requirements](https://learn.microsoft.com/en-us/windows/security/licensing-and-edition-requirements?tabs=edition)
 

windows/security/book/operating-system-security.md

@@ -1,28 +1,8 @@
 ---
-title: Hardware security
+title: Operating System security
-description: Hardware security
+description: Operating System security
 ms.topic: overview
 ms.date: 03/12/2024
 ---
 
-# Hardware security
+# Operating System security
-
-:::image type="content" source="images\image-1.png" alt-text="aas" lightbox="image-1.png" border="false":::
-
-Windows 11 is the most secure Windows yet with extensive security measures in the operating system designed to help keep devices, identities, and information safe. These measures include built-in advanced encryption and data protection, robust network system security, and intelligent safeguards against ever-evolving viruses and threats.
-
-## System security
-
-### Trusted Boot (Secure Boot + Measured Boot)
-
-Windows 11 requires all PCs to use Unified Extensible Firmware Interface (UEFI)'s Secure Boot feature. When a Windows 11 device starts, Secure Boot and Trusted Boot work together to prevent malware and corrupted components from loading. Secure Boot provides initial protection, then Trusted Boot picks up the process. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments. To reduce the risk of firmware rootkits, the PC verifies that firmware is digitally signed as it begins the boot process. Then Secure Boot checks the OS bootloader's digital signature as well as all code that runs prior to the operating system starting to ensure the signature and code are uncompromised and trusted by the Secure Boot policy.
-
-Trusted Boot picks up the process that begins with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and any antimalware product's early-launch antimalware (ELAM) driver. If any of these files have been tampered with, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally. Tampering or malware attacks on the Windows boot sequence are blocked by the signature enforcement handshakes between the UEFI, bootloader, kernel, and application environments. For more information about these features and how they help prevent rootkits and bootkits from loading during the startup process, see Secure the Windows boot process.
-
-Learn more: Secure Boot and Trusted Boot.
-
-### Cryptography
-
-Cryptography is designed to protect user and system data. The cryptography stack in Windows 11 extends from the chip to the cloud, enabling Windows, applications, and services to protect system and user secrets. For example, data can be encrypted so that only a specific reader with a unique key can read it. As a basis for data security, cryptography helps prevent anyone except the intended recipient from reading data, performs integrity checks to ensure data is free of tampering, and authenticates identity to ensure that communication is secure. Windows 11 cryptography is certified to meet the Federal Information Processing Standard (FIPS) 140. FIPS 140 certification ensures that US government-approved algorithms are correctly implemented.
-
-Learn more: FIPS 140 validation

windows/security/book/security-foundations.md

@@ -0,0 +1,8 @@
+---
+title: Security foundations
+description: Security foundations
+ms.topic: overview
+ms.date: 03/12/2024
+---
+
+# Security foundations

windows/security/book/toc.yml

@@ -13,3 +13,7 @@ items:
     href: identity-protection.md
   - name: 5. Cloud security
     href: cloud-security.md
+  - name: 6. Security foundations
+    href: security-foundations.md
+  - name: Conclusion
+    href: conclusion.md

windows/security/hardware-security/index.md

@@ -3,20 +3,16 @@ title: Windows hardware security
 description: Learn more about hardware security features support in Windows.
 ms.date: 07/28/2023
 ms.topic: overview
+appliesto:
 ---
 
 # Windows hardware security
 
 >[!NOTE]
-> This article is an excerpt from the Windows 11 security book. For an in-depth exploration, refer to the complete book: [Windows 11 security book](..\book\index.md)."
+> This article is an excerpt from the [Windows 11 security book](..\book\index.md).
 
 :::image type="content" source="..\book\images\hardware.png" alt-text="Diagram of containng a list of security features." lightbox="..\book\images\hardware.png" border="false":::
 
 [!INCLUDE [hardware-root-of-trust](../book/includes/hardware-root-of-trust.md)]
 
 [!INCLUDE [silicon-assisted-security](../book/includes/silicon-assisted-security.md)]
-
-<!-->
-Learn more about hardware security features support in Windows.
-
-[!INCLUDE [hardware](../includes/sections/hardware.md)]