- name: Windows security href: index.yml - name: Zero Trust and Windows href: zero-trust-windows-device-health.md expanded: true - name: Hardware security items: - name: Overview href: hardware.md - name: Trusted Platform Module href: information-protection/tpm/trusted-platform-module-top-node.md items: - name: Trusted Platform Module Overview href: information-protection/tpm/trusted-platform-module-overview.md - name: TPM fundamentals href: information-protection/tpm/tpm-fundamentals.md - name: How Windows uses the TPM href: information-protection/tpm/how-windows-uses-the-tpm.md - name: TPM Group Policy settings href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md - name: Back up the TPM recovery information to AD DS href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md - name: View status, clear, or troubleshoot the TPM href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md - name: Understanding PCR banks on TPM 2.0 devices href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md - name: TPM recommendations href: information-protection/tpm/tpm-recommendations.md - name: Hardware-based root of trust href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md - name: System Guard Secure Launch and SMM protection href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md - name: Enable virtualization-based protection of code integrity href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md - name: Kernel DMA Protection href: information-protection/kernel-dma-protection-for-thunderbolt.md - name: Windows secured-core devices href: /windows-hardware/design/device-experiences/oem-highly-secure - name: Operating system security items: - name: Overview href: operating-system.md - name: System security items: - name: Secure the Windows boot process href: information-protection/secure-the-windows-10-boot-process.md - name: Trusted Boot href: trusted-boot.md - name: Cryptography and certificate management href: cryptography-certificate-mgmt.md - name: The Windows Security app href: threat-protection/windows-defender-security-center/windows-defender-security-center.md items: - name: Virus & threat protection href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md - name: Account protection href: threat-protection\windows-defender-security-center\wdsc-account-protection.md - name: Firewall & network protection href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md - name: App & browser control href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md - name: Device security href: threat-protection\windows-defender-security-center\wdsc-device-security.md - name: Device performance & health href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md - name: Family options href: threat-protection\windows-defender-security-center\wdsc-family-options.md - name: Security policy settings href: threat-protection/security-policy-settings/security-policy-settings.md - name: Security auditing href: threat-protection/auditing/security-auditing-overview.md - name: Encryption and data protection href: encryption-data-protection.md items: - name: Encrypted Hard Drive href: information-protection/encrypted-hard-drive.md - name: BitLocker href: information-protection/bitlocker/bitlocker-overview.md items: - name: Overview of BitLocker Device Encryption in Windows href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md - name: BitLocker frequently asked questions (FAQ) href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml items: - name: Overview and requirements href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml - name: Upgrading href: information-protection/bitlocker/bitlocker-upgrading-faq.yml - name: Deployment and administration href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml - name: Key management href: information-protection/bitlocker/bitlocker-key-management-faq.yml - name: BitLocker To Go href: information-protection/bitlocker/bitlocker-to-go-faq.yml - name: Active Directory Domain Services href: information-protection/bitlocker/bitlocker-and-adds-faq.yml - name: Security href: information-protection/bitlocker/bitlocker-security-faq.yml - name: BitLocker Network Unlock href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml - name: General href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml - name: "Prepare your organization for BitLocker: Planning and policies" href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md - name: BitLocker deployment comparison href: information-protection/bitlocker/bitlocker-deployment-comparison.md - name: BitLocker basic deployment href: information-protection/bitlocker/bitlocker-basic-deployment.md - name: Deploy BitLocker on Windows Server 2012 and later href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md - name: BitLocker management for enterprises href: information-protection/bitlocker/bitlocker-management-for-enterprises.md - name: Enable Network Unlock with BitLocker href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md - name: Use BitLocker Drive Encryption Tools to manage BitLocker href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md - name: Use BitLocker Recovery Password Viewer href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md - name: BitLocker Group Policy settings href: information-protection/bitlocker/bitlocker-group-policy-settings.md - name: BCD settings and BitLocker href: information-protection/bitlocker/bcd-settings-and-bitlocker.md - name: BitLocker Recovery Guide href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md - name: BitLocker Countermeasures href: information-protection/bitlocker/bitlocker-countermeasures.md - name: Protecting cluster shared volumes and storage area networks with BitLocker href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md - name: Troubleshoot BitLocker items: - name: Troubleshoot BitLocker href: information-protection/bitlocker/troubleshoot-bitlocker.md - name: "BitLocker cannot encrypt a drive: known issues" href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md - name: "Enforcing BitLocker policies by using Intune: known issues" href: information-protection/bitlocker/ts-bitlocker-intune-issues.md - name: "BitLocker Network Unlock: known issues" href: information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md - name: "BitLocker recovery: known issues" href: information-protection/bitlocker/ts-bitlocker-recovery-issues.md - name: "BitLocker configuration: known issues" href: information-protection/bitlocker/ts-bitlocker-config-issues.md - name: Troubleshoot BitLocker and TPM issues items: - name: "BitLocker cannot encrypt a drive: known TPM issues" href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md - name: "BitLocker and TPM: other known issues" href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md - name: Decode Measured Boot logs to track PCR changes href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md - name: Configure S/MIME for Windows href: identity-protection/configure-s-mime.md - name: Network security items: - name: VPN technical guide href: identity-protection/vpn/vpn-guide.md items: - name: VPN connection types href: identity-protection/vpn/vpn-connection-type.md - name: VPN routing decisions href: identity-protection/vpn/vpn-routing.md - name: VPN authentication options href: identity-protection/vpn/vpn-authentication.md - name: VPN and conditional access href: identity-protection/vpn/vpn-conditional-access.md - name: VPN name resolution href: identity-protection/vpn/vpn-name-resolution.md - name: VPN auto-triggered profile options href: identity-protection/vpn/vpn-auto-trigger-profile.md - name: VPN security features href: identity-protection/vpn/vpn-security-features.md - name: VPN profile options href: identity-protection/vpn/vpn-profile-options.md - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md - name: Optimizing Office 365 traffic with the Windows VPN client href: identity-protection/vpn/vpn-office-365-optimization.md - name: Windows Defender Firewall href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md - name: Windows security baselines href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md items: - name: Security Compliance Toolkit href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md - name: Get support href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md - name: Virus & threat protection items: - name: Overview href: threat-protection/index.md - name: Microsoft Defender Antivirus href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows - name: Attack surface reduction rules href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction - name: Tamper protection href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection - name: Network protection href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection - name: Controlled folder access href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders - name: Exploit protection href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection - name: Microsoft Defender for Endpoint href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint - name: Security intelligence href: threat-protection/intelligence/index.md items: - name: Understand malware & other threats href: threat-protection/intelligence/understanding-malware.md items: - name: Prevent malware infection href: threat-protection/intelligence/prevent-malware-infection.md - name: Malware names href: threat-protection/intelligence/malware-naming.md - name: Coin miners href: threat-protection/intelligence/coinminer-malware.md - name: Exploits and exploit kits href: threat-protection/intelligence/exploits-malware.md - name: Fileless threats href: threat-protection/intelligence/fileless-threats.md - name: Macro malware href: threat-protection/intelligence/macro-malware.md - name: Phishing href: threat-protection/intelligence/phishing.md - name: Ransomware href: /security/compass/human-operated-ransomware - name: Rootkits href: threat-protection/intelligence/rootkits-malware.md - name: Supply chain attacks href: threat-protection/intelligence/supply-chain-malware.md - name: Tech support scams href: threat-protection/intelligence/support-scams.md - name: Trojans href: threat-protection/intelligence/trojans-malware.md - name: Unwanted software href: threat-protection/intelligence/unwanted-software.md - name: Worms href: threat-protection/intelligence/worms-malware.md - name: How Microsoft identifies malware and PUA href: threat-protection/intelligence/criteria.md - name: Submit files for analysis href: threat-protection/intelligence/submission-guide.md - name: Safety Scanner download href: threat-protection/intelligence/safety-scanner-download.md - name: Industry collaboration programs href: threat-protection/intelligence/cybersecurity-industry-partners.md items: - name: Virus information alliance href: threat-protection/intelligence/virus-information-alliance-criteria.md - name: Microsoft virus initiative href: threat-protection/intelligence/virus-initiative-criteria.md - name: Coordinated malware eradication href: threat-protection/intelligence/coordinated-malware-eradication.md - name: Information for developers items: - name: Software developer FAQ href: threat-protection/intelligence/developer-faq.yml - name: Software developer resources href: threat-protection/intelligence/developer-resources.md - name: More Windows security items: - name: Override Process Mitigation Options to help enforce app-related security policies href: threat-protection/override-mitigation-options-for-app-related-security-policies.md - name: Use Windows Event Forwarding to help with intrusion detection href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md - name: Block untrusted fonts in an enterprise href: threat-protection/block-untrusted-fonts-in-enterprise.md - name: Windows Information Protection (WIP) href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md items: - name: Create a WIP policy using Microsoft Intune href: information-protection/windows-information-protection/overview-create-wip-policy.md items: - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md items: - name: Deploy your WIP policy using the Azure portal for Microsoft Intune href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md - name: Create and verify an EFS Data Recovery Agent (DRA) certificate href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md - name: Determine the Enterprise Context of an app running in WIP href: information-protection/windows-information-protection/wip-app-enterprise-context.md - name: Create a WIP policy using Microsoft Endpoint Configuration Manager href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md items: - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md - name: Create and verify an EFS Data Recovery Agent (DRA) certificate href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md - name: Determine the Enterprise Context of an app running in WIP href: information-protection/windows-information-protection/wip-app-enterprise-context.md - name: Mandatory tasks and settings required to turn on WIP href: information-protection/windows-information-protection/mandatory-settings-for-wip.md - name: Testing scenarios for WIP href: information-protection/windows-information-protection/testing-scenarios-for-wip.md - name: Limitations while using WIP href: information-protection/windows-information-protection/limitations-with-wip.md - name: How to collect WIP audit event logs href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md - name: General guidance and best practices for WIP href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md items: - name: Enlightened apps for use with WIP href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md - name: Unenlightened and enlightened app behavior while using WIP href: information-protection/windows-information-protection/app-behavior-with-wip.md - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md - name: Using Outlook Web Access with WIP href: information-protection/windows-information-protection/using-owa-with-wip.md - name: Fine-tune WIP Learning href: information-protection/windows-information-protection/wip-learning.md - name: Application security items: - name: Overview href: apps.md - name: Windows Defender Application Control and virtualization-based protection of code integrity href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Defender Application Control href: threat-protection\windows-defender-application-control\windows-defender-application-control.md - name: Microsoft Defender Application Guard href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md - name: Windows Sandbox href: threat-protection/windows-sandbox/windows-sandbox-overview.md items: - name: Windows Sandbox architecture href: threat-protection/windows-sandbox/windows-sandbox-architecture.md - name: Windows Sandbox configuration href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md - name: Microsoft Defender SmartScreen overview href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md - name: Configure S/MIME for Windows href: identity-protection\configure-s-mime.md - name: Windows Credential Theft Mitigation Guide Abstract href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md - name: User security and secured identity items: - name: Overview href: identity.md - name: Windows Hello for Business href: identity-protection/hello-for-business/index.yml - name: Windows credential theft mitigation guide href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md - name: Enterprise Certificate Pinning href: identity-protection/enterprise-certificate-pinning.md - name: Protect derived domain credentials with Credential Guard href: identity-protection/credential-guard/credential-guard.md items: - name: How Credential Guard works href: identity-protection/credential-guard/credential-guard-how-it-works.md - name: Credential Guard Requirements href: identity-protection/credential-guard/credential-guard-requirements.md - name: Manage Credential Guard href: identity-protection/credential-guard/credential-guard-manage.md - name: Hardware readiness tool href: identity-protection/credential-guard/dg-readiness-tool.md - name: Credential Guard protection limits href: identity-protection/credential-guard/credential-guard-protection-limits.md - name: Considerations when using Credential Guard href: identity-protection/credential-guard/credential-guard-considerations.md - name: "Credential Guard: Additional mitigations" href: identity-protection/credential-guard/additional-mitigations.md - name: "Credential Guard: Known issues" href: identity-protection/credential-guard/credential-guard-known-issues.md - name: Protect Remote Desktop credentials with Remote Credential Guard href: identity-protection/remote-credential-guard.md - name: Technical support policy for lost or forgotten passwords href: identity-protection/password-support-policy.md - name: Access Control Overview href: identity-protection/access-control/access-control.md items: - name: Dynamic Access Control Overview href: identity-protection/access-control/dynamic-access-control.md - name: Security identifiers href: identity-protection/access-control/security-identifiers.md - name: Security Principals href: identity-protection/access-control/security-principals.md - name: Local Accounts href: identity-protection/access-control/local-accounts.md - name: Active Directory Accounts href: identity-protection/access-control/active-directory-accounts.md - name: Microsoft Accounts href: identity-protection/access-control/microsoft-accounts.md - name: Service Accounts href: identity-protection/access-control/service-accounts.md - name: Active Directory Security Groups href: identity-protection/access-control/active-directory-security-groups.md - name: Special Identities href: identity-protection/access-control/special-identities.md - name: User Account Control href: identity-protection/user-account-control/user-account-control-overview.md items: - name: How User Account Control works href: identity-protection/user-account-control/how-user-account-control-works.md - name: User Account Control security policy settings href: identity-protection/user-account-control/user-account-control-security-policy-settings.md - name: User Account Control Group Policy and registry key settings href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md - name: Smart Cards href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md items: - name: How Smart Card Sign-in Works in Windows href: identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md items: - name: Smart Card Architecture href: identity-protection/smart-cards/smart-card-architecture.md - name: Certificate Requirements and Enumeration href: identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md - name: Smart Card and Remote Desktop Services href: identity-protection/smart-cards/smart-card-and-remote-desktop-services.md - name: Smart Cards for Windows Service href: identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md - name: Certificate Propagation Service href: identity-protection/smart-cards/smart-card-certificate-propagation-service.md - name: Smart Card Removal Policy Service href: identity-protection/smart-cards/smart-card-removal-policy-service.md - name: Smart Card Tools and Settings href: identity-protection/smart-cards/smart-card-tools-and-settings.md items: - name: Smart Cards Debugging Information href: identity-protection/smart-cards/smart-card-debugging-information.md - name: Smart Card Group Policy and Registry Settings href: identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md - name: Smart Card Events href: identity-protection/smart-cards/smart-card-events.md - name: Virtual Smart Cards href: identity-protection/virtual-smart-cards/virtual-smart-card-overview.md items: - name: Understanding and Evaluating Virtual Smart Cards href: identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md items: - name: "Get Started with Virtual Smart Cards: Walkthrough Guide" href: identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md - name: Use Virtual Smart Cards href: identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md - name: Deploy Virtual Smart Cards href: identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md - name: Evaluate Virtual Smart Card Security href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md - name: Tpmvscmgr href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md - name: Cloud services items: - name: Overview href: cloud.md - name: Mobile device management href: https://docs.microsoft.com/windows/client-management/mdm/ - name: Windows 365 Cloud PCs href: /windows-365/overview - name: Azure Virtual Desktop href: /azure/virtual-desktop/ - name: Security foundations items: - name: Overview href: security-foundations.md - name: Microsoft Security Development Lifecycle href: threat-protection/msft-security-dev-lifecycle.md - name: Microsoft Bug Bounty Program href: threat-protection/microsoft-bug-bounty-program.md - name: FIPS 140-2 Validation href: threat-protection/fips-140-validation.md - name: Common Criteria Certifications href: threat-protection/windows-platform-common-criteria.md - name: Windows Privacy href: /windows/privacy/windows-10-and-privacy-compliance