Windows 10 Device Guard and Credential Guard got a LOT of focus at IT/Dev Connections 2016 this year. Those that attended will get access to the session replays in about a week.
Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
Credential Guard is a specific feature that is not part of Device Guard that aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector.
Read all about these new technologies here: Windows 10 Device Guard and Credential Guard Demystified
Microsoft has now released a readiness tool, designed to check to see if the hardware is ready to support these emerging technologies. The tool can be downloaded from here: Device Guard and Credential Guard hardware readiness tool
The tool does a few things more than just provide certification. It…
- Checks if the device can run Device Guard or Credential Guard
- Checks if the device is compatible with the Hardware Lab Kit tests that are ran by partners
- Enables and disables Device Guard or Credential Guard
- Checks the status of Device Guard or Credential Guard on the device
- Integrates with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
- Uses an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided