mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
updates
This commit is contained in:
Paolo Matarazzo
parent
1ad34e1e7a
commit
f940ee4e34
@ -1,18 +1,14 @@
|
|||||||
---
|
---
|
||||||
title: Windows application security
|
title: Windows application security
|
||||||
description: Get an overview of application security in Windows
|
description: Get an overview of application security in Windows
|
||||||
ms.date: 03/09/2023
|
ms.date: 08/02/2023
|
||||||
ms.topic: article
|
ms.topic: conceptual
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows application security
|
# Windows application security
|
||||||
|
|
||||||
Cyber-criminals regularly gain access to valuable data by hacking applications. This can include *code injection* attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security.
|
Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts, so that PCs run with least privilege to prevent malicious applications from accessing sensitive resources.
|
||||||
|
|
||||||
The following table summarizes the Windows security features and capabilities for apps:
|
Learn more about application security features in Windows.
|
||||||
|
|
||||||
| Security Measures | Features & Capabilities |
|
[!INCLUDE [application](../includes/sections/application.md)]
|
||||||
|:---|:---|
|
|
||||||
| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](application-control/windows-defender-application-control/wdac.md) |
|
|
||||||
| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md). |
|
|
||||||
| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-isolation/windows-sandbox/windows-sandbox-overview.md) |
|
|
||||||
|
|||||||
19
windows/security/cloud-security/index.md
Normal file
19
windows/security/cloud-security/index.md
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
title: Windows and cloud security
|
||||||
|
description: Get an overview of cloud security features in Windows
|
||||||
|
ms.date: 08/02/2023
|
||||||
|
ms.topic: conceptual
|
||||||
|
---
|
||||||
|
|
||||||
|
# Windows application security
|
||||||
|
|
||||||
|
Today's workforce has more freedom and mobility than ever before, and the risk of
|
||||||
|
|
||||||
|
data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
|
||||||
|
|
||||||
|
From identity and device management to Office apps and data storage, Windows 11 and
|
||||||
|
|
||||||
|
integrated cloud services can help improve productivity, security, and resilience anywhere.
|
||||||
|
Learn more about application security features in Windows.
|
||||||
|
|
||||||
|
[!INCLUDE [application](../includes/sections/cloud.md)]
|
||||||
@ -1,26 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Application and driver control features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|
|
|
||||||
|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|
|
|
||||||
|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Application and driver control features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,30 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Application Isolation features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|❌|Yes|
|
|
||||||
|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|❌|Yes|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|Yes|❌|Yes|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|❌|Yes|
|
|
||||||
|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Application Isolation features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|❌|❌|❌|❌|
|
|
||||||
|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,30 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Protect your work information features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Universal Print](/universal-print/)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|❌|Yes|
|
|
||||||
|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Protect your work information features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Universal Print](/universal-print/)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|Yes|❌|❌|
|
|
||||||
|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Hardware root-of-trust features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Hardware root-of-trust features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Secured-core PC features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Secured-core PC features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,24 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Silicon assisted security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Silicon assisted security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,28 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Advanced credential protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows LAPS](/windows-server/identity/laps/laps-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)|❌|Yes|❌|Yes|
|
|
||||||
|[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Advanced credential protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows LAPS](/windows-server/identity/laps/laps-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,28 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Passwordless sign in features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Federated sign-in](/education/windows/federated-sign-in)|❌|❌|Yes|Yes|
|
|
||||||
|[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Passwordless sign in features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Federated sign-in](/education/windows/federated-sign-in)|❌|❌|❌|Yes|Yes|
|
|
||||||
|[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -23,6 +23,6 @@ ms.topic: include
|
|||||||
| **[Windows LAPS](/windows-server/identity/laps/laps-overview)** | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it. |
|
| **[Windows LAPS](/windows-server/identity/laps/laps-overview)** | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it. |
|
||||||
| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. |
|
| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. |
|
||||||
| **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. |
|
| **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. |
|
||||||
| **[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.<br><br>Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. |
|
| **[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.<br><br>Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. |
|
||||||
| **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. <br><br>By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. |
|
| **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. <br><br>By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. |
|
||||||
| **[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)** | Window Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that is requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. <br><br>Administrator credentials are highly privileged and must be protected. When you use Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, your credential and credential derivatives are never passed over the network to the target device. If the target device is compromised, your credentials aren't exposed. |
|
| **[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)** | Window Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that is requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. <br><br>Administrator credentials are highly privileged and must be protected. When you use Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, your credential and credential derivatives are never passed over the network to the target device. If the target device is compromised, your credentials aren't exposed. |
|
||||||
|
|||||||
@ -1,26 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Encryption and data protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)|Yes|Yes|Yes|Yes|
|
|
||||||
|[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)|❌|Yes|❌|Yes|
|
|
||||||
|[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Encryption and data protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,36 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Network security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|Bluetooth pairing and connection protection|Yes|Yes|Yes|Yes|
|
|
||||||
|[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes|
|
|
||||||
|Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|❌|Yes|
|
|
||||||
|[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|❌|Yes|
|
|
||||||
|[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Network security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|Bluetooth pairing and connection protection|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|Yes|Yes|Yes|
|
|
||||||
|[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,24 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all System security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all System security features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,32 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Virus and threat protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Virus and threat protection features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)|❌|❌|Yes|❌|Yes|
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Certification features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Certification features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Offensive research features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes|
|
|
||||||
|OneFuzz service|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Offensive research features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|OneFuzz service|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 08/02/2023
|
|
||||||
ms.topic: include
|
|
||||||
---
|
|
||||||
|
|
||||||
The following table lists the edition applicability for all Secure supply chain features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes|
|
|
||||||
|
|
||||||
The following table lists the licensing applicability for all Secure supply chain features.
|
|
||||||
|
|
||||||
|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|
|
||||||
|:-:|:-:|:-:|:-:|:-:|:-:|
|
|
||||||
|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes|Yes|
|
|
||||||
@ -1,10 +1,4 @@
|
|||||||
items:
|
items:
|
||||||
- name: Security policy settings
|
|
||||||
href: ../../threat-protection/security-policy-settings/security-policy-settings.md
|
|
||||||
- name: Security auditing
|
|
||||||
href: ../../threat-protection/auditing/security-auditing-overview.md
|
|
||||||
- name: Secured-core configuration lock
|
|
||||||
href: /windows/client-management/config-lock
|
|
||||||
- name: Assigned Access (kiosk mode)
|
- name: Assigned Access (kiosk mode)
|
||||||
href: /windows/configuration/kiosk-methods
|
href: /windows/configuration/kiosk-methods
|
||||||
- name: Security baselines
|
- name: Security baselines
|
||||||
|
|||||||
@ -9,6 +9,10 @@ items:
|
|||||||
href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
|
href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
|
||||||
- name: Cryptography and certificate management
|
- name: Cryptography and certificate management
|
||||||
href: cryptography-certificate-mgmt.md
|
href: cryptography-certificate-mgmt.md
|
||||||
|
- name: Security policy settings
|
||||||
|
href: ../../threat-protection/security-policy-settings/security-policy-settings.md
|
||||||
|
- name: Security auditing
|
||||||
|
href: ../../threat-protection/auditing/security-auditing-overview.md
|
||||||
- name: Windows Security settings
|
- name: Windows Security settings
|
||||||
href: windows-defender-security-center/windows-defender-security-center.md
|
href: windows-defender-security-center/windows-defender-security-center.md
|
||||||
items:
|
items:
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
items:
|
items:
|
||||||
- name: Windows security
|
- name: Windows security
|
||||||
href: index.yml
|
href: index.yml
|
||||||
expanded: true
|
- name: Security foundations
|
||||||
|
href: security-foundations/toc.yml
|
||||||
- name: Introduction to Windows security
|
- name: Introduction to Windows security
|
||||||
href: introduction.md
|
href: introduction.md
|
||||||
- name: Security features licensing and edition requirements
|
- name: Security features licensing and edition requirements
|
||||||
@ -16,7 +17,5 @@ items:
|
|||||||
href: identity-protection/toc.yml
|
href: identity-protection/toc.yml
|
||||||
- name: Windows Privacy 🔗
|
- name: Windows Privacy 🔗
|
||||||
href: /windows/privacy
|
href: /windows/privacy
|
||||||
- name: Security foundations
|
|
||||||
href: security-foundations/toc.yml
|
|
||||||
- name: Cloud security
|
- name: Cloud security
|
||||||
href: cloud-security/toc.yml
|
href: cloud-security/toc.yml
|
||||||
Loading…
x
Reference in New Issue
Block a user