acrolinx and chapter review

windows/security/book/cloud-services-protect-your-personal-information.md

@@ -11,26 +11,21 @@ ms.date: 09/06/2024
 
 ## Microsoft Account
 
-Your Microsoft Account (MSA) gives you access to Microsoft products and services with just one login, allowing you to manage everything all in one place. Keep tabs on your subscriptions and order history, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud, across devices, and between OS ecosystems, including iOS and Android.
+Your Microsoft Account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
 
-You can even go passwordless with your Microsoft Account by removing the password from your MSA and using the Microsoft Authenticator app on your Android or iOS device.
+You can even go passwordless with your Microsoft Account by removing the password from your MSA:
 
-- Windows Reauthentication upon updating settings for **If you've been away, when should Windows require you to sign in again**. When users seek to disable their password for unlocking when away via Windows Settings, they'll be prompted to reauthenticate with their account and password.
-- Windows Reauthentication upon disabling password for device restarts: When users try to enable this setting, they're reauthenticated with their account and password. Upon successful authentication, the password is disabled for future device restarts.
+- Use Windows Hello to eliminate the password sign-in method for an even more secure experience
+- Use the Microsoft Authenticator app on your Android or iOS device
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [What is a Microsoft account?][LINK-1]
-
-## User reauthentication before password disablement
-
-Windows provides greater flexibility for users to balance ease of use with security. Users can choose the interval that the machine remains idle before it automatically signs out the user. To avoid a security breach and prevent users from accidentally making settings changes, Windows reauthenticates the user before they're allowed to change the setting to not sign out the user even after the device remains idle indefinitely.
-
-This setting is available on the Sign-in options page in Settings and is available on Windows 11 and onward for MSA users worldwide.
+- [Go passwordless with your Microsoft account][LINK-5]
 
 ## Find my device
 
-When location services and Find my device settings are turned on, basic system services like time zone and Find my device will be allowed to use the device's location. When enabled, Find my device can be used by the admin on the device to help recover lost or stolen Windows devices to reduce security threats that rely on physical access.
+When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access.
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
@@ -38,21 +33,26 @@ When location services and Find my device settings are turned on, basic system s
 
 ## OneDrive for personal
 
-Microsoft OneDrive<sup>[\[17\]](conclusion.md#footnote17)</sup> for personal provides more security, backup, and restore options for important personal files. OneDrive stores and protects files in the cloud, allowing users to access them from laptops, desktops, and mobile devices. Plus, OneDrive provides an excellent solution for backing up folders. If a device is lost or stolen, the user can quickly recover all their important files from the cloud.
+Microsoft OneDrive for personal<sup>[\[17\]](conclusion.md#footnote17)</sup> offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
 
-In the event of a ransomware attack, OneDrive can enable recovery. And if backups are configured in OneDrive, users have additional options to mitigate and recover from a ransomware attack.
+- If a device is lost or stolen, users can quickly recover all their important files from the cloud
+- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
-- [OneDrive](/onedrive/plan-onedrive-enterprise)
+- [Get started with OneDrive][LINK-6]
 - [How to recover from a ransomware attack using Microsoft 365](/microsoft-365/security/office-365-security/recover-from-ransomware)
 - [How to restore from OneDrive][LINK-3]
 
 ## OneDrive Personal Vault
 
-OneDrive Personal Vault also provides protection for the most important or sensitive files and photos without sacrificing the convenience of anywhere access. Protect digital copies of important documents in OneDrive Personal Vault. Files will be secured by identity verification yet are still easily accessible across devices.
+OneDrive Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in OneDrive Personal Vault, where they're protected by identity verification and are easily accessible across devices.
 
-Learn how to [set up a Personal Vault][LINK-4] with a strong authentication method or a second step of identity verification, such as fingerprint, face, PIN, or a code sent via email or SMS.
+Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text.
+
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [Protect your OneDrive files in Personal Vault][LINK-4]
 
 <!--links-->
 
@@ -60,3 +60,5 @@ Learn how to [set up a Personal Vault][LINK-4] with a strong authentication meth
 [LINK-2]: https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316
 [LINK-3]: https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15
 [LINK-4]: https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4
+[LINK-5]: https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856
+[LINK-6]: https://support.microsoft.com/onedrive

windows/security/book/conclusion.md

@@ -1,11 +1,12 @@
 ---
 title: Conclusion
-description: Conclusion
+description: Windows 11 security book conclusion.
 ms.topic: overview
 ms.date: 09/06/2024
 ---
 
 # Conclusion
+
 We will continue to bring you new features to protect against evolving threats, simplify management, and securely enable new workstyles. With Windows 11 devices, organizations of all sizes can benefit from the security and performance to thrive anywhere.
 
 :::image type="content" source="images/chip-to-cloud.png" alt-text="Diagram of chip-to-cloud containing a list of security features." lightbox="images/chip-to-cloud.png" border="false":::
@@ -14,38 +15,33 @@ We will continue to bring you new features to protect against evolving threats,
 
 New:
 
-- Config Refresh
-- 5G and eSIM
-- Win32 apps in isolation (public preview)
-- Passkey
-- Sign-in Session Token Protection
-- Windows Local Administrator Password Solution (LAPS) (public preview)
-- Microsoft Intune Suite Endpoint Privilege Management (EPM)
-- VBS enclaves
-- Hypervisor-enforced paging translation (HVPT)
-- VBS key protection
-- Trusted signing
+- [Config Refresh](operating-system-security-system-security.md#config-refresh)
+- [Trusted signing](application-security-application-and-driver-control.md#trusted-signing)
+- [VBS Key Protection](identity-protection-advanced-credential-protection.md#vbs-key-protection)
+- [Virtualization-based security enclave](hardware-security-silicon-assisted-security.md#virtualization-based-security-enclave)
+- [Win32 app isolation](application-security-application-isolation.md#win32-app-isolation)
 
 Enhanced:
 
-- Hardware security user experience
+- Application Control for Business
 - BitLocker to go
+- Credential guard
 - Device encryption
-- Windows Firewall
+- Enhanced Phishing protection
+- Enhanced Sign-in security (ESS)
+- Hardware security user experience
+- Local Security Authority
+- Lockout policies for local admin
+- Microsoft Authenticator
+- Presence Detection
 - Server Message Block direct
 - Smart App Control (SAC) going into Enforcement mode
-- Application Control for Business
-- Enhanced Sign-in security (ESS)
-- Windows Hello for Business
-- Presence Detection
-- Wake on approach, lock on leave
 - Universal Print
-- Lockout policies for local admin
-- Enhanced Phishing protection
+- Wake on approach, lock on leave
+- Windows Firewall
+- Windows Hello for Business
+- Windows Local Administrator Password Solution (LAPS)
 - Windows Presence sensing
-- Credential guard
-- Local Security Authority
-- Microsoft Authenticator
 
 ## Document revision history
 
@@ -56,8 +52,9 @@ Enhanced:
 |April 2022| Added Upcoming features section.|
 | September 2022| Updates with Windows 11 2022 Update features and enhancements.|
 |April 2023| Minor edits and updates to edition availability.|
-|September 2023| Updates with Windows 11 2023 Update features and enhancement.|
+|September 2023| Updates with Windows 11 2023 Update features and enhancements.|
 |May 2024| Move form PDF format to web format.|
+|November 2024| Updates with Windows 11 2024 Update features and enhancements.|
 
 ## Endnotes
 

windows/security/book/hardware-security-silicon-assisted-security.md

@@ -70,7 +70,7 @@ Thousands of PC vendors produce numerous device models with diverse UEFI firmwar
 
 In Secured-core PCs, System Guard Secure Launch protects bootup with a technology known as the *Dynamic Root of Trust for Measurement (DRTM)*. With DRTM, the system initially follows the normal UEFI Secure Boot process. However, before launching, the system enters a hardware-controlled trusted state that forces the CPU down a hardware-secured code path. If a malware rootkit or bootkit bypasses UEFI Secure Boot and resides in memory, DRTM prevents it from accessing secrets and critical code protected by the Virtualization-based security environment. Firmware Attack Surface Reduction (FASR) technology can be used instead of DRTM on supported devices, such as Microsoft Surface.
 
-System Management Mode (SMM) isolation is an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. SMM complements the protections provided by DRTM by helping to reduce the attack surface. Relying on capab ilities provided by silicon providers like Intel and AMD, SMM isolation enforces policies that implement restrictions such as preventing SMM code from accessing OS memory. The SMM isolation policy is included as part of the DRTM measurements that can be sent to a verifier like Microsoft Azure Remote Attestation.
+System Management Mode (SMM) isolation is an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. SMM complements the protections provided by DRTM by helping to reduce the attack surface. Relying on capabilities provided by silicon providers like Intel and AMD, SMM isolation enforces policies that implement restrictions such as preventing SMM code from accessing OS memory. The SMM isolation policy is included as part of the DRTM measurements that can be sent to a verifier like Microsoft Azure Remote Attestation.
 
 :::image type="content" source="images/secure-launch.png" alt-text="Diagram of secure launch components." lightbox="images/secure-launch.png" border="false":::