diff --git a/windows/security/book/cloud-services-protect-your-personal-information.md b/windows/security/book/cloud-services-protect-your-personal-information.md
index 24628c757f..ec1c687f3f 100644
--- a/windows/security/book/cloud-services-protect-your-personal-information.md
+++ b/windows/security/book/cloud-services-protect-your-personal-information.md
@@ -11,26 +11,21 @@ ms.date: 09/06/2024
## Microsoft Account
-Your Microsoft Account (MSA) gives you access to Microsoft products and services with just one login, allowing you to manage everything all in one place. Keep tabs on your subscriptions and order history, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud, across devices, and between OS ecosystems, including iOS and Android.
+Your Microsoft Account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
-You can even go passwordless with your Microsoft Account by removing the password from your MSA and using the Microsoft Authenticator app on your Android or iOS device.
+You can even go passwordless with your Microsoft Account by removing the password from your MSA:
-- Windows Reauthentication upon updating settings for **If you've been away, when should Windows require you to sign in again**. When users seek to disable their password for unlocking when away via Windows Settings, they'll be prompted to reauthenticate with their account and password.
-- Windows Reauthentication upon disabling password for device restarts: When users try to enable this setting, they're reauthenticated with their account and password. Upon successful authentication, the password is disabled for future device restarts.
+- Use Windows Hello to eliminate the password sign-in method for an even more secure experience
+- Use the Microsoft Authenticator app on your Android or iOS device
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
- [What is a Microsoft account?][LINK-1]
-
-## User reauthentication before password disablement
-
-Windows provides greater flexibility for users to balance ease of use with security. Users can choose the interval that the machine remains idle before it automatically signs out the user. To avoid a security breach and prevent users from accidentally making settings changes, Windows reauthenticates the user before they're allowed to change the setting to not sign out the user even after the device remains idle indefinitely.
-
-This setting is available on the Sign-in options page in Settings and is available on Windows 11 and onward for MSA users worldwide.
+- [Go passwordless with your Microsoft account][LINK-5]
## Find my device
-When location services and Find my device settings are turned on, basic system services like time zone and Find my device will be allowed to use the device's location. When enabled, Find my device can be used by the admin on the device to help recover lost or stolen Windows devices to reduce security threats that rely on physical access.
+When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
@@ -38,21 +33,26 @@ When location services and Find my device settings are turned on, basic system s
## OneDrive for personal
-Microsoft OneDrive[\[17\]](conclusion.md#footnote17) for personal provides more security, backup, and restore options for important personal files. OneDrive stores and protects files in the cloud, allowing users to access them from laptops, desktops, and mobile devices. Plus, OneDrive provides an excellent solution for backing up folders. If a device is lost or stolen, the user can quickly recover all their important files from the cloud.
+Microsoft OneDrive for personal[\[17\]](conclusion.md#footnote17) offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
-In the event of a ransomware attack, OneDrive can enable recovery. And if backups are configured in OneDrive, users have additional options to mitigate and recover from a ransomware attack.
+- If a device is lost or stolen, users can quickly recover all their important files from the cloud
+- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
-- [OneDrive](/onedrive/plan-onedrive-enterprise)
+- [Get started with OneDrive][LINK-6]
- [How to recover from a ransomware attack using Microsoft 365](/microsoft-365/security/office-365-security/recover-from-ransomware)
- [How to restore from OneDrive][LINK-3]
## OneDrive Personal Vault
-OneDrive Personal Vault also provides protection for the most important or sensitive files and photos without sacrificing the convenience of anywhere access. Protect digital copies of important documents in OneDrive Personal Vault. Files will be secured by identity verification yet are still easily accessible across devices.
+OneDrive Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in OneDrive Personal Vault, where they're protected by identity verification and are easily accessible across devices.
-Learn how to [set up a Personal Vault][LINK-4] with a strong authentication method or a second step of identity verification, such as fingerprint, face, PIN, or a code sent via email or SMS.
+Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text.
+
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [Protect your OneDrive files in Personal Vault][LINK-4]
@@ -60,3 +60,5 @@ Learn how to [set up a Personal Vault][LINK-4] with a strong authentication meth
[LINK-2]: https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316
[LINK-3]: https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15
[LINK-4]: https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4
+[LINK-5]: https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856
+[LINK-6]: https://support.microsoft.com/onedrive
diff --git a/windows/security/book/conclusion.md b/windows/security/book/conclusion.md
index 6bba07b15f..63fac890d0 100644
--- a/windows/security/book/conclusion.md
+++ b/windows/security/book/conclusion.md
@@ -1,11 +1,12 @@
---
title: Conclusion
-description: Conclusion
+description: Windows 11 security book conclusion.
ms.topic: overview
ms.date: 09/06/2024
---
# Conclusion
+
We will continue to bring you new features to protect against evolving threats, simplify management, and securely enable new workstyles. With Windows 11 devices, organizations of all sizes can benefit from the security and performance to thrive anywhere.
:::image type="content" source="images/chip-to-cloud.png" alt-text="Diagram of chip-to-cloud containing a list of security features." lightbox="images/chip-to-cloud.png" border="false":::
@@ -14,38 +15,33 @@ We will continue to bring you new features to protect against evolving threats,
New:
-- Config Refresh
-- 5G and eSIM
-- Win32 apps in isolation (public preview)
-- Passkey
-- Sign-in Session Token Protection
-- Windows Local Administrator Password Solution (LAPS) (public preview)
-- Microsoft Intune Suite Endpoint Privilege Management (EPM)
-- VBS enclaves
-- Hypervisor-enforced paging translation (HVPT)
-- VBS key protection
-- Trusted signing
+- [Config Refresh](operating-system-security-system-security.md#config-refresh)
+- [Trusted signing](application-security-application-and-driver-control.md#trusted-signing)
+- [VBS Key Protection](identity-protection-advanced-credential-protection.md#vbs-key-protection)
+- [Virtualization-based security enclave](hardware-security-silicon-assisted-security.md#virtualization-based-security-enclave)
+- [Win32 app isolation](application-security-application-isolation.md#win32-app-isolation)
Enhanced:
-- Hardware security user experience
+- Application Control for Business
- BitLocker to go
+- Credential guard
- Device encryption
-- Windows Firewall
+- Enhanced Phishing protection
+- Enhanced Sign-in security (ESS)
+- Hardware security user experience
+- Local Security Authority
+- Lockout policies for local admin
+- Microsoft Authenticator
+- Presence Detection
- Server Message Block direct
- Smart App Control (SAC) going into Enforcement mode
-- Application Control for Business
-- Enhanced Sign-in security (ESS)
-- Windows Hello for Business
-- Presence Detection
-- Wake on approach, lock on leave
- Universal Print
-- Lockout policies for local admin
-- Enhanced Phishing protection
+- Wake on approach, lock on leave
+- Windows Firewall
+- Windows Hello for Business
+- Windows Local Administrator Password Solution (LAPS)
- Windows Presence sensing
-- Credential guard
-- Local Security Authority
-- Microsoft Authenticator
## Document revision history
@@ -56,8 +52,9 @@ Enhanced:
|April 2022| Added Upcoming features section.|
| September 2022| Updates with Windows 11 2022 Update features and enhancements.|
|April 2023| Minor edits and updates to edition availability.|
-|September 2023| Updates with Windows 11 2023 Update features and enhancement.|
+|September 2023| Updates with Windows 11 2023 Update features and enhancements.|
|May 2024| Move form PDF format to web format.|
+|November 2024| Updates with Windows 11 2024 Update features and enhancements.|
## Endnotes
diff --git a/windows/security/book/features-index.md b/windows/security/book/features-index.md
index da049a3a5a..9d4f7eecad 100644
--- a/windows/security/book/features-index.md
+++ b/windows/security/book/features-index.md
@@ -7,6 +7,6 @@ ms.date: 09/06/2024
# Features index
-[5G and eSIM](operating-system-security-network-security.md#5g-and-esim)
[Access management and control](identity-protection-advanced-credential-protection.md#access-management-and-control)
[Account lockout policies](identity-protection-advanced-credential-protection.md#account-lockout-policies)
[App containers](application-security-application-isolation.md#app-containers)
[App Control for Business](application-security-application-and-driver-control.md#app-control-for-business)
[Attack surface reduction](operating-system-security-virus-and-threat-protection.md#attack-surface-reduction)
[BitLocker To Go](operating-system-security-encryption-and-data-protection.md#bitlocker-to-go)
[BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker)
[Bluetooth protection](operating-system-security-network-security.md#bluetooth-protection)
[Certificates](operating-system-security-system-security.md#certificates)
[Cloud-native management](cloud-services-protect-your-work-information.md#cloud-native-management)
[Code signing and integrity](operating-system-security-system-security.md#code-signing-and-integrity)
[Common Criteria (CC)](security-foundation-certification.md#common-criteria-cc)
[Config Refresh](operating-system-security-system-security.md#config-refresh)
[Controlled folder access](operating-system-security-virus-and-threat-protection.md#controlled-folder-access)
[Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard)
[Cryptography](operating-system-security-system-security.md#cryptography)
[Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)
[Device health attestation](operating-system-security-system-security.md#device-health-attestation)
[Domain Name System (DNS) security](operating-system-security-network-security.md#domain-name-system-dns-security)
[Email encryption](operating-system-security-encryption-and-data-protection.md#email-encryption)
[Encrypted hard drive](operating-system-security-encryption-and-data-protection.md#encrypted-hard-drive)
[Enhanced phishing protection with Microsoft Defender SmartScreen](identity-protection-advanced-credential-protection.md#enhanced-phishing-protection-with-microsoft-defender-smartscreen)
[Enhanced Sign-in Security (ESS)](identity-protection-passwordless-sign-in.md#enhanced-sign-in-security-ess)
[Enterprise State Roaming with Azure](cloud-services-protect-your-work-information.md#enterprise-state-roaming-with-azure)
[Exploit protection](operating-system-security-virus-and-threat-protection.md#exploit-protection)
[Federal Information Processing Standard (FIPS)](security-foundation-certification.md#federal-information-processing-standard-fips)
[Federated sign-in](identity-protection-passwordless-sign-in.md#federated-sign-in)
[FIDO2 support](identity-protection-passwordless-sign-in.md#fido2-support)
[Find my device](cloud-services-protect-your-personal-information.md#find-my-device)
[Hardware-enforced stack protection](hardware-security-silicon-assisted-security.md#hardware-enforced-stack-protection)
[Kernel Direct Memory Access (DMA) protection](hardware-security-silicon-assisted-security.md#kernel-direct-memory-access-dma-protection)
[Kiosk mode](operating-system-security-system-security.md#kiosk-mode)
[Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection)
[MDM enrollment certificate attestation](cloud-services-protect-your-work-information.md#mdm-enrollment-certificate-attestation)
[MDM security baseline](cloud-services-protect-your-work-information.md#mdm-security-baseline)
[Microsoft Account](cloud-services-protect-your-personal-information.md#microsoft-account)
[Microsoft Authenticator](identity-protection-passwordless-sign-in.md#microsoft-authenticator)
[Microsoft Azure Attestation Service](cloud-services-protect-your-work-information.md#microsoft-azure-attestation-service)
[Microsoft Defender Antivirus](operating-system-security-virus-and-threat-protection.md#microsoft-defender-antivirus)
[Microsoft Defender for Endpoint](operating-system-security-virus-and-threat-protection.md#microsoft-defender-for-endpoint)
[Microsoft Defender SmartScreen](operating-system-security-virus-and-threat-protection.md#microsoft-defender-smartscreen)
[Microsoft Entra ID](cloud-services-protect-your-work-information.md#microsoft-entra-id)
[Microsoft Intune](cloud-services-protect-your-work-information.md#microsoft-intune)
[Microsoft Offensive Research and Security Engineering](security-foundation-offensive-research.md#microsoft-offensive-research-and-security-engineering)
[Microsoft Pluton security processor](hardware-security-hardware-root-of-trust.md#microsoft-pluton-security-processor)
[Microsoft security baselines](cloud-services-protect-your-work-information.md#microsoft-security-baselines)
[Microsoft Security Development Lifecycle (SDL)](security-foundation-offensive-research.md#microsoft-security-development-lifecycle-sdl)
[Microsoft vulnerable driver blocklist](application-security-application-and-driver-control.md#microsoft-vulnerable-driver-blocklist)
[OneDrive for personal](cloud-services-protect-your-personal-information.md#onedrive-for-personal)
[OneDrive for work or school](cloud-services-protect-your-work-information.md#onedrive-for-work-or-school)
[OneDrive Personal Vault](cloud-services-protect-your-personal-information.md#onedrive-personal-vault)
[OneFuzz service](security-foundation-offensive-research.md#onefuzz-service)
[Passkeys](identity-protection-passwordless-sign-in.md#passkeys)
[Personal data encryption (PDE)](operating-system-security-encryption-and-data-protection.md#personal-data-encryption-pde)
[Privacy dashboard and report](privacy-controls.md#privacy-dashboard-and-report)
[Privacy resource usage](privacy-controls.md#privacy-resource-usage)
[Privacy transparency and controls](privacy-controls.md#privacy-transparency-and-controls)
[Remote Credential Guard](identity-protection-advanced-credential-protection.md#remote-credential-guard)
[Remote Wipe](cloud-services-protect-your-work-information.md#remote-wipe)
[Secured kernel](hardware-security-silicon-assisted-security.md#secured-kernel)
[Secured-core PC](hardware-security-silicon-assisted-security.md#secured-core-pc)
[Server Message Block file services](operating-system-security-network-security.md#server-message-block-file-services)
[Smart App Control](application-security-application-and-driver-control.md#smart-app-control)
[Smart cards for Windows service](identity-protection-passwordless-sign-in.md#smart-cards-for-windows-service)
[Software bill of materials (SBOM)](security-foundation-secure-supply-chain.md#software-bill-of-materials-sbom)
[Tamper protection](operating-system-security-virus-and-threat-protection.md#tamper-protection)
[Token protection](identity-protection-advanced-credential-protection.md#token-protection)
[Transport layer security (TLS)](operating-system-security-network-security.md#transport-layer-security-tls)
[Trusted Boot (Secure Boot + Measured Boot)](operating-system-security-system-security.md#trusted-boot-secure-boot--measured-boot)
[Trusted Platform Module (TPM)](hardware-security-hardware-root-of-trust.md#trusted-platform-module-tpm)
[Trusted signing](application-security-application-and-driver-control.md#trusted-signing)
[Universal Print](cloud-services-protect-your-work-information.md#universal-print)
[User Account Control](application-security-application-and-driver-control.md#user-account-control)
[User reauthentication before password disablement](cloud-services-protect-your-personal-information.md#user-reauthentication-before-password-disablement)
[VBS Key Protection](identity-protection-advanced-credential-protection.md#vbs-key-protection)
[Virtual private networks (VPN)](operating-system-security-network-security.md#virtual-private-networks-vpn)
[Wi-Fi connections](operating-system-security-network-security.md#wi-fi-connections)
[Win32 app isolation](application-security-application-isolation.md#win32-app-isolation)
[Windows App software development kit (SDK)](security-foundation-secure-supply-chain.md#windows-app-software-development-kit-sdk)
[Windows Autopatch](cloud-services-protect-your-work-information.md#windows-autopatch)
[Windows Autopilot and zero-touch deployment](cloud-services-protect-your-work-information.md#windows-autopilot-and-zero-touch-deployment)
[Windows diagnostic data processor configuration](privacy-controls.md#windows-diagnostic-data-processor-configuration)
[Windows Firewall](operating-system-security-network-security.md#windows-firewall)
[Windows Hello biometric](identity-protection-passwordless-sign-in.md#windows-hello-biometric)
[Windows Hello for Business multi-factor unlock](identity-protection-passwordless-sign-in.md#windows-hello-for-business-multi-factor-unlock)
[Windows Hello for Business](identity-protection-passwordless-sign-in.md#windows-hello-for-business)
[Windows Hello PIN](identity-protection-passwordless-sign-in.md#windows-hello-pin)
[Windows Hello](identity-protection-passwordless-sign-in.md#windows-hello)
[Windows Insider and Bug Bounty program](security-foundation-offensive-research.md#windows-insider-and-bug-bounty-program)
[Windows passwordless experience](identity-protection-passwordless-sign-in.md#windows-passwordless-experience)
[Windows presence sensing](identity-protection-passwordless-sign-in.md#windows-presence-sensing)
[Windows Sandbox](application-security-application-isolation.md#windows-sandbox)
[Windows security policy settings and auditing](operating-system-security-system-security.md#windows-security-policy-settings-and-auditing)
[Windows security settings](operating-system-security-system-security.md#windows-security-settings)
[Windows Subsystem for Linux (WSL)](application-security-application-isolation.md#windows-subsystem-for-linux-wsl)
[Windows Update for Business deployment service](cloud-services-protect-your-work-information.md#windows-update-for-business-deployment-service)
+[5G and eSIM](operating-system-security-network-security.md#5g-and-esim)
[Access management and control](identity-protection-advanced-credential-protection.md#access-management-and-control)
[Account lockout policies](identity-protection-advanced-credential-protection.md#account-lockout-policies)
[App containers](application-security-application-isolation.md#app-containers)
[App Control for Business](application-security-application-and-driver-control.md#app-control-for-business)
[Attack surface reduction](operating-system-security-virus-and-threat-protection.md#attack-surface-reduction)
[BitLocker To Go](operating-system-security-encryption-and-data-protection.md#bitlocker-to-go)
[BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker)
[Bluetooth protection](operating-system-security-network-security.md#bluetooth-protection)
[Certificates](operating-system-security-system-security.md#certificates)
[Cloud-native management](cloud-services-protect-your-work-information.md#cloud-native-management)
[Code signing and integrity](operating-system-security-system-security.md#code-signing-and-integrity)
[Common Criteria (CC)](security-foundation-certification.md#common-criteria-cc)
[Config Refresh](operating-system-security-system-security.md#config-refresh)
[Controlled folder access](operating-system-security-virus-and-threat-protection.md#controlled-folder-access)
[Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard)
[Cryptography](operating-system-security-system-security.md#cryptography)
[Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)
[Device health attestation](operating-system-security-system-security.md#device-health-attestation)
[Domain Name System (DNS) security](operating-system-security-network-security.md#domain-name-system-dns-security)
[Email encryption](operating-system-security-encryption-and-data-protection.md#email-encryption)
[Encrypted hard drive](operating-system-security-encryption-and-data-protection.md#encrypted-hard-drive)
[Enhanced phishing protection with Microsoft Defender SmartScreen](identity-protection-advanced-credential-protection.md#enhanced-phishing-protection-with-microsoft-defender-smartscreen)
[Enhanced Sign-in Security (ESS)](identity-protection-passwordless-sign-in.md#enhanced-sign-in-security-ess)
[Enterprise State Roaming with Azure](cloud-services-protect-your-work-information.md#enterprise-state-roaming-with-azure)
[Exploit protection](operating-system-security-virus-and-threat-protection.md#exploit-protection)
[Federal Information Processing Standard (FIPS)](security-foundation-certification.md#federal-information-processing-standard-fips)
[Federated sign-in](identity-protection-passwordless-sign-in.md#federated-sign-in)
[FIDO2 support](identity-protection-passwordless-sign-in.md#fido2-support)
[Find my device](cloud-services-protect-your-personal-information.md#find-my-device)
[Hardware-enforced stack protection](hardware-security-silicon-assisted-security.md#hardware-enforced-stack-protection)
[Kernel Direct Memory Access (DMA) protection](hardware-security-silicon-assisted-security.md#kernel-direct-memory-access-dma-protection)
[Kiosk mode](operating-system-security-system-security.md#kiosk-mode)
[Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection)
[MDM enrollment certificate attestation](cloud-services-protect-your-work-information.md#mdm-enrollment-certificate-attestation)
[MDM security baseline](cloud-services-protect-your-work-information.md#mdm-security-baseline)
[Microsoft Account](cloud-services-protect-your-personal-information.md#microsoft-account)
[Microsoft Authenticator](identity-protection-passwordless-sign-in.md#microsoft-authenticator)
[Microsoft Azure Attestation Service](cloud-services-protect-your-work-information.md#microsoft-azure-attestation-service)
[Microsoft Defender Antivirus](operating-system-security-virus-and-threat-protection.md#microsoft-defender-antivirus)
[Microsoft Defender for Endpoint](operating-system-security-virus-and-threat-protection.md#microsoft-defender-for-endpoint)
[Microsoft Defender SmartScreen](operating-system-security-virus-and-threat-protection.md#microsoft-defender-smartscreen)
[Microsoft Entra ID](cloud-services-protect-your-work-information.md#microsoft-entra-id)
[Microsoft Intune](cloud-services-protect-your-work-information.md#microsoft-intune)
[Microsoft Offensive Research and Security Engineering](security-foundation-offensive-research.md#microsoft-offensive-research-and-security-engineering)
[Microsoft Pluton security processor](hardware-security-hardware-root-of-trust.md#microsoft-pluton-security-processor)
[Microsoft security baselines](cloud-services-protect-your-work-information.md#microsoft-security-baselines)
[Microsoft Security Development Lifecycle (SDL)](security-foundation-offensive-research.md#microsoft-security-development-lifecycle-sdl)
[Microsoft vulnerable driver blocklist](application-security-application-and-driver-control.md#microsoft-vulnerable-driver-blocklist)
[OneDrive for personal](cloud-services-protect-your-personal-information.md#onedrive-for-personal)
[OneDrive for work or school](cloud-services-protect-your-work-information.md#onedrive-for-work-or-school)
[OneDrive Personal Vault](cloud-services-protect-your-personal-information.md#onedrive-personal-vault)
[OneFuzz service](security-foundation-offensive-research.md#onefuzz-service)
[Passkeys](identity-protection-passwordless-sign-in.md#passkeys)
[Personal data encryption (PDE)](operating-system-security-encryption-and-data-protection.md#personal-data-encryption-pde)
[Privacy dashboard and report](privacy-controls.md#privacy-dashboard-and-report)
[Privacy resource usage](privacy-controls.md#privacy-resource-usage)
[Privacy transparency and controls](privacy-controls.md#privacy-transparency-and-controls)
[Remote Credential Guard](identity-protection-advanced-credential-protection.md#remote-credential-guard)
[Remote Wipe](cloud-services-protect-your-work-information.md#remote-wipe)
[Secured kernel](hardware-security-silicon-assisted-security.md#secured-kernel)
[Secured-core PC](hardware-security-silicon-assisted-security.md#secured-core-pc)
[Server Message Block file services](operating-system-security-network-security.md#server-message-block-file-services)
[Smart App Control](application-security-application-and-driver-control.md#smart-app-control)
[Smart cards for Windows service](identity-protection-passwordless-sign-in.md#smart-cards-for-windows-service)
[Software bill of materials (SBOM)](security-foundation-secure-supply-chain.md#software-bill-of-materials-sbom)
[Tamper protection](operating-system-security-virus-and-threat-protection.md#tamper-protection)
[Token protection](identity-protection-advanced-credential-protection.md#token-protection)
[Transport layer security (TLS)](operating-system-security-network-security.md#transport-layer-security-tls)
[Trusted Boot (Secure Boot + Measured Boot)](operating-system-security-system-security.md#trusted-boot-secure-boot--measured-boot)
[Trusted Platform Module (TPM)](hardware-security-hardware-root-of-trust.md#trusted-platform-module-tpm)
[Trusted signing](application-security-application-and-driver-control.md#trusted-signing)
[Universal Print](cloud-services-protect-your-work-information.md#universal-print)
[User Account Control](application-security-application-and-driver-control.md#user-account-control)
[User reauthentication before password disablement](cloud-services-protect-your-personal-information.md#user-reauthentication-before-password-disablement)
[VBS Key Protection](identity-protection-advanced-credential-protection.md#vbs-key-protection)
[Virtual private networks (VPN)](operating-system-security-network-security.md#virtual-private-networks-vpn)
[Virtualization-based security enclave](hardware-security-silicon-assisted-security.md#virtualization-based-security-enclave)
[Wi-Fi connections](operating-system-security-network-security.md#wi-fi-connections)
[Win32 app isolation](application-security-application-isolation.md#win32-app-isolation)
[Windows App software development kit (SDK)](security-foundation-secure-supply-chain.md#windows-app-software-development-kit-sdk)
[Windows Autopatch](cloud-services-protect-your-work-information.md#windows-autopatch)
[Windows Autopilot and zero-touch deployment](cloud-services-protect-your-work-information.md#windows-autopilot-and-zero-touch-deployment)
[Windows diagnostic data processor configuration](privacy-controls.md#windows-diagnostic-data-processor-configuration)
[Windows Firewall](operating-system-security-network-security.md#windows-firewall)
[Windows Hello biometric](identity-protection-passwordless-sign-in.md#windows-hello-biometric)
[Windows Hello for Business multi-factor unlock](identity-protection-passwordless-sign-in.md#windows-hello-for-business-multi-factor-unlock)
[Windows Hello for Business](identity-protection-passwordless-sign-in.md#windows-hello-for-business)
[Windows Hello PIN](identity-protection-passwordless-sign-in.md#windows-hello-pin)
[Windows Hello](identity-protection-passwordless-sign-in.md#windows-hello)
[Windows Insider and Bug Bounty program](security-foundation-offensive-research.md#windows-insider-and-bug-bounty-program)
[Windows passwordless experience](identity-protection-passwordless-sign-in.md#windows-passwordless-experience)
[Windows presence sensing](identity-protection-passwordless-sign-in.md#windows-presence-sensing)
[Windows Sandbox](application-security-application-isolation.md#windows-sandbox)
[Windows security policy settings and auditing](operating-system-security-system-security.md#windows-security-policy-settings-and-auditing)
[Windows security settings](operating-system-security-system-security.md#windows-security-settings)
[Windows Subsystem for Linux (WSL)](application-security-application-isolation.md#windows-subsystem-for-linux-wsl)
[Windows Update for Business deployment service](cloud-services-protect-your-work-information.md#windows-update-for-business-deployment-service)
diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md
index 2da7ebc9cc..d37963eff8 100644
--- a/windows/security/book/hardware-security-silicon-assisted-security.md
+++ b/windows/security/book/hardware-security-silicon-assisted-security.md
@@ -70,7 +70,7 @@ Thousands of PC vendors produce numerous device models with diverse UEFI firmwar
In Secured-core PCs, System Guard Secure Launch protects bootup with a technology known as the *Dynamic Root of Trust for Measurement (DRTM)*. With DRTM, the system initially follows the normal UEFI Secure Boot process. However, before launching, the system enters a hardware-controlled trusted state that forces the CPU down a hardware-secured code path. If a malware rootkit or bootkit bypasses UEFI Secure Boot and resides in memory, DRTM prevents it from accessing secrets and critical code protected by the Virtualization-based security environment. Firmware Attack Surface Reduction (FASR) technology can be used instead of DRTM on supported devices, such as Microsoft Surface.
-System Management Mode (SMM) isolation is an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. SMM complements the protections provided by DRTM by helping to reduce the attack surface. Relying on capab ilities provided by silicon providers like Intel and AMD, SMM isolation enforces policies that implement restrictions such as preventing SMM code from accessing OS memory. The SMM isolation policy is included as part of the DRTM measurements that can be sent to a verifier like Microsoft Azure Remote Attestation.
+System Management Mode (SMM) isolation is an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. SMM complements the protections provided by DRTM by helping to reduce the attack surface. Relying on capabilities provided by silicon providers like Intel and AMD, SMM isolation enforces policies that implement restrictions such as preventing SMM code from accessing OS memory. The SMM isolation policy is included as part of the DRTM measurements that can be sent to a verifier like Microsoft Azure Remote Attestation.
:::image type="content" source="images/secure-launch.png" alt-text="Diagram of secure launch components." lightbox="images/secure-launch.png" border="false":::