Professional Documents
Culture Documents
Used to isolate users' login credentials from the rest of the operating system
Limits access to privileged system software
Isolated LSA
Communicates with regular LSA using RPC
Requirements
64-bit
Virtualization extensions (Intel VT or AMD-V)
Windows hypervisor
Secure boot
TPM 1.2 or 2.0
For a VM
Generation 2
TPM enabled
Digest authentication
Credential delegation
MS-CHAPv2
Group Policy
Intune
Registry
Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
Computer Configuration > Administrative Templates > System > Device Guard
Double-click Turn On Virtualization Based Security
Select enabled
In the 'Select Platform Security Level' box, choose 'Secure Boot' or 'Secure Boot and DMA Protection'
In the Credential Guard Configuration box, choose 'Enabled with UEFI' lock or 'Enabled without lock'
Login to portal.azure.com
Select Microsoft Intune
Click Device configuration
Click Profiles > Create Profile > Endpoint protection > Windows Defender Credential Guard.