updates

windows/security/application-security/application-control/user-account-control/how-user-account-control-works.md

@@ -4,19 +4,24 @@ description: User Account Control (UAC) is a fundamental component of Microsoft'
 ms.collection: 
   - highpri
   - tier2
-ms.topic: article
-ms.date: 09/23/2021
+ms.topic: conceptual
+ms.date: 05/24/2023
 ---
 
 # How User Account Control works
 
-User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-
 ## UAC process and interactions
 
-Each app that requires the administrator access token must prompt for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same integrity level. Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Apps with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provide valid administrator credentials.
+Each application that requires the *administrator access token* must prompt for consent. The only exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same *integrity level*.
 
-To better understand how this process happens, let's look at the Windows logon process.
+Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust:
+
+- A *high integrity application* is one that performs tasks that modify system data, such as a disk partitioning application
+- A *low integrity application* is one that performs tasks that could potentially compromise the operating system, like as a Web brows
+
+Applications with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provide valid administrator credentials.
+
+To better understand how this process works, let's take a closer look at the Windows logon process.
 
 ### Logon process
 

windows/security/application-security/application-control/user-account-control/index.md

@@ -5,23 +5,24 @@ ms.collection:
   - highpri
   - tier2
 ms.topic: conceptual
-ms.date: 05/23/2023
+ms.date: 05/24/2023
 ---
 
 # User Account Control overview
 
-User Account Control (UAC) is a Windows security feature designed to protect the system from unauthorized changes, reducing the impact of malicious software executions. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve the change. UAC improves the security of your device by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
+User Account Control (UAC) is a Windows security feature designed to protect the operating system from unauthorized changes. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve or deny the change. UAC improves the security of Windows devices by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
 
-Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default and can only be disabled by a user with administrator privileges.
+Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default, and can be configured or disabled by a user with administrative privileges.
 
 ## Benefits of UAC
 
-UAC allows all users to log on to their computers using a **standard user account**. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including those that are included with the operating system, are designed to work properly in this way.
+UAC allows all users to sign in their devices using a **standard user account**. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Any applications that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including the ones included with the operating system, are designed to work properly this way.\
+Other applications, especially those that weren't designed with security settings in mind, may require more permissions to run successfully. These applications are referred to as *legacy apps*.
 
-Other applications, especially those that were not specifically designed with security settings in mind, may require additional permissions to run successfully. These types of applications are referred to as *legacy apps*. When a user attempts to perform an action that requires administrative privileges, such as installing software, changing system settings, or modifying critical files, UAC triggers a **consent prompt**. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
+When a user attempts to perform an action that requires administrative privileges, such as installing software, changing system settings, or modifying critical files, UAC triggers a **consent prompt**. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
 
 - If the user approves the change, the action is performed with the highest available privilege
-- If the user does not approve the change, the action is not performed and the application that requested the change is prevented from running
+- If the user doesn't approve the change, the action isn't performed and the application that requested the change is prevented from running
 
 :::image type="content" source="images/uacconsentprompt.png" alt-text="UAC prompt in Windows 11.":::
 
@@ -33,6 +34,6 @@ When an app requires to run with more than standard user rights, UAC allows user
 
 Learn more about UAC in the following articles:
 
-- [How UAC works](how-user-account-control-works.md)
+- [How User Account Control works](how-user-account-control-works.md)
 - [User Account Control policy settings](user-account-control-security-policy-settings.md): you can configure UAC using group policy or MDM
 - [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md): list of UAC group policy, CSP, and registry key settings that your organization can use to manage UAC

windows/security/cloud-security/index.md

@@ -1,17 +1,10 @@
 ---
 title: Windows and cloud security
-description: Get an overview of cloud services supported in Windows 11 and Windows 10
-ms.reviewer: 
+description: Learn about the cloud services supported in Windows
 author: paolomatarazzo
 ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
-ms.date: 09/20/2021
-ms.localizationpriority: medium
-ms.custom: 
-search.appverid: MET150
-ms.prod: windows-client
-ms.technology: itpro-security
+ms.date: 05/24/2023
 ---
 
 # Windows and cloud security
@@ -24,10 +17,10 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 |:---|:---|
 | Mobile device management (MDM) and Microsoft Intune | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](/windows-server/identity/ad-ds/manage/understand-microsoft-accounts).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>If there's a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>If there's a ransomware attack, OneDrive can enable recovery. And if you've configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 
 ## Next steps
 
-- [Learn more about MDM and Windows 11](/windows/client-management/mdm/)
-- [Learn more about Windows security](index.yml)
+- [Learn about Mobile Device Management in Windows](/windows/client-management/mdm/)
+- [Learn about Windows security](../index.yml)

windows/security/cloud-security/toc.yml

@@ -1,6 +1,6 @@
 items:
 - name: Overview
-  href: ../cloud.md
+  href: ../index.md
 - name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗
   href: /azure/active-directory/devices/concept-azure-ad-join
 - name: Security baselines with Intune 🔗