deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 04:43:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into fr-usmt-aad-support

Browse Source
This commit is contained in:
Frank Rojas
2024-01-09 15:44:55 -05:00
parent 4bb18457b6 26cf42f5ea
commit ea4198dd49
2 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
education/windows/windows-11-se-overview.md
View File

@ -2,7 +2,7 @@
title: Windows 11 SE Overview
description: Learn about Windows 11 SE, and the apps that are included with the operating system.
ms.topic: overview
ms.date: 11/02/2023
ms.date: 01/09/2024
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
@ -88,6 +88,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `AristotleK12 Borderless Classroom ` | 3.0.11. | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Analytics ` | 10.0.6 | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Network filter` | 3.1.10 | `Win32` | `Sergeant Laboratories` |
| `Bluebook` | 0.9.203 | `Win32` | `Collegeboard` |
| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` |
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
| `CA Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
@ -101,8 +102,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` |
| `DigiExam` | 14.1.0 | `Win32` | `Digiexam` |
| `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` |
| `Dolphin Guide Connect` | 1.25 | `Win32` | `Dolphin Guide Connect` |
| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
| `DRC INSIGHT Online Assessments` | 14.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` |
| `Dyknow` | 7.9.13.7 | `Win32` | `Dyknow` |
| `e-Speaking Voice and Speech recognition` | 4.4.0.11 | `Win32` | `e-speaking` |
@ -125,9 +127,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Impero Backdrop Client` | 5.0.151 | `Win32` | `Impero Software` |
| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` |
| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` |
| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` |
| `JAWS for Windows` | 2023.2307.37 | `Win32` | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` |
| `Keyman` | 16.0.141 | `Win32` | `SIL International` |
| `Keyman` | 16.0.142 | `Win32` | `SIL International` |
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` |
@ -135,10 +137,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Lexibar` | 3.07.02 | `Win32` | `Lexibar` |
| `LGfL HomeProtect` | 8.3.44.11 | `Win32` | `LGFL` |
| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Classroom` | 3.4.5.0 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Filter Agent` | 2.5.2 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Digital` | 3.12.3.11 | `Win32` | `Lightspeed Systems` |
| `Linewize Authentication agent ` |1.4.1 | `Win32` | `Linewize` |
| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
| `Mind+ Desktop` | 1.8.0 | `Win32` | `Mind+Desktop` |
| `Mozilla Firefox` | 116.0.2 | `Win32` | `Mozilla` |
| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
| `Musescore` | 4.1.1.232071203 | `Win32` | `Musescore` |
@ -157,19 +162,20 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` |
| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
| `Project Monarch Outlook` | 1.2023.831.400 | `Store` | `Microsoft` |
| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` |
| `Questar Secure Browser` | 5.0.5.536 | `Win32` | `Questar, Inc` |
| `ReadAndWriteForWindows` | 12.0.78 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4487.0 | `Win32` | `Microsoft` |
| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` |
| `Remote Help` | 5.0.1311.0 | `Win32` | `Microsoft` |
| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` |
| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` |
|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` |
|`School Manager` | 3.6.10-1149 | `Win32` |`Linewize` |
|`Schoolnet Secure Tester` | 2.1.0 | `Win32` |`School Net` |
|`Scratch` | 3.0 | `Win32` |`MIT` |
| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Senso.Cloud` |2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Skoolnext` | 2.19 | `Win32` | `Skool.net` |
| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` |
| `SuperNova Magnifier & Screen Reader` | 22.02 | `Win32` | `Dolphin Computer Access` |
| `SuperNova Magnifier & Screen Reader` | 22.03 | `Win32` | `Dolphin Computer Access` |
| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` |

13
windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
View File

@ -4,15 +4,14 @@ description: Learn how Kernel DMA Protection protects Windows devices against dr
ms.collection:
- tier1
ms.topic: conceptual
ms.date: 07/31/2023
ms.date: 01/09/2024
---
# Kernel DMA Protection
Kernel DMA Protection is a Windows security feature that protects against external peripherals from gaining unauthorized access to memory.
Kernel Direct Memory Access (DMA) Protection is a Windows security feature that protects against external peripherals from gaining unauthorized access to memory.
PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach classes of external peripherals, including graphics cards, to their devices with the plug-and-play ease of USB.\
These devices are DMA-capable, and can access system memory and perform read and write operations without the need for the system processor's involvement. This capability is the reason behind the exceptional performance of PCI devices, but it also makes them susceptible to *drive-by DMA attacks*.
PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach classes of external peripherals, including graphics cards, to their devices with the plug-and-play ease of USB. These devices are DMA-capable, and can access system memory and perform read and write operations without the need for the system processor's involvement. This capability is the reason behind the exceptional performance of PCI devices, but it also makes them susceptible to *drive-by DMA attacks*.
Drive-by DMA attacks are attacks that occur while the owner of the system isn't present and usually take just a few minutes, with simple-to-moderate attacking tools (affordable, off-the-shelf hardware and software), that don't require the disassembly of the device. For example, attackers can plug in a USB-like device while the device owner is on a break, and walk away with all the secrets on the machine, or inject a malware that allows them to have full control over the device remotely while bypassing the lock screen.
@ -21,8 +20,7 @@ Drive-by DMA attacks are attacks that occur while the owner of the system isn't
## How Windows protects against DMA drive-by attacks
Windows uses the system *Input/Output Memory Management Unit (IOMMU)* to block external peripherals from starting and performing DMA, unless the drivers for these peripherals support memory isolation (such as DMA-remapping).
Peripherals with [DMA Remapping compatible drivers][LINK-1] will be automatically enumerated, started, and allowed to perform DMA to their assigned memory regions.
Windows uses the system *Input/Output Memory Management Unit (IOMMU)* to block external peripherals from starting and performing DMA, unless the drivers for these peripherals support memory isolation (such as DMA-remapping). Peripherals with [DMA Remapping compatible drivers][LINK-1] will be automatically enumerated, started, and allowed to perform DMA to their assigned memory regions.
By default, peripherals with DMA Remapping incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen. IT administrators can modify the default behavior applied to devices with DMA Remapping incompatible drivers using MDM or group policies.
@ -83,8 +81,7 @@ No, Kernel DMA Protection only protects against drive-by DMA attacks after the O
### How can I check if a certain driver supports DMA-remapping?
Not all devices and drivers support DMA-remapping. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of **0** or **1** means that the device driver doesn't support DMA-remapping. A value of **2** means that the device driver supports DMA-remapping. If the property isn't available, then the device driver doesn't support DMA-remapping.
Check the driver instance for the device you're testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
Not all devices and drivers support DMA-remapping. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of **0** or **1** means that the device driver doesn't support DMA-remapping. A value of **2** means that the device driver supports DMA-remapping. If the property isn't available, then the device driver doesn't support DMA-remapping. Check the driver instance for the device you're testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
:::image type="content" source="images/device-details.png" alt-text="Screenshot of device details for a Thunderbolt controller showing a value of 2." border="false":::