-
-
-
Device Guard device policy
View PDF
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Device Guard device policy
Device Guard is a Windows 10 security feature that enables virtualization-based security by using the Windows Hypervisor to support security services on the device. The Device Guard policy enables security features such as secure boot, UEFI lock, and virtualization.
Prerequisites
- Windows 10 Desktops and Tablets with an Enterprise or Education license on version 1709 (RS3)
-
Device Guard enabled in Windows
For more information on Device Guard, see https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage.
To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.
Windows Desktop and Tablet settings
- Enable Virtualization Based Security: Disable or Enable virtualization based security features. Virtualization based security uses the Windows Hypervisor to support security services.
- LSA Configuration Flags: Allows you to configure Credential Guard. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Options are Off, On with UEFI Lock, and On without UEFI Lock. Default is Off.
- Require Platform Security Features: Specifies the platform security level at the next reboot. Options are Off, VBS with Secure Boot, and VBS with Secure Boot and direct memory access (DMA). Default is Off.
Endpoint Management queries a device to determine if the virtualization based security settings match the settings on the server. If the security settings match, Endpoint Management doesn’t deploy this policy to the device. If the security settings don’t match, Endpoint Management deploys the policy.
Device Guard device policy
Share