diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md index 47adc1005f..16b848c11f 100644 --- a/windows/access-protection/TOC.md +++ b/windows/access-protection/TOC.md @@ -24,7 +24,7 @@ ### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md) ### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md) ### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) - +### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) diff --git a/windows/access-protection/credential-guard/credential-guard-known-issues.md b/windows/access-protection/credential-guard/credential-guard-known-issues.md new file mode 100644 index 0000000000..5499b6cfdd --- /dev/null +++ b/windows/access-protection/credential-guard/credential-guard-known-issues.md @@ -0,0 +1,34 @@ +--- +title: Credential Guard Known issues (Windows 10) +description: Credential Guard - Known issues in Windows 10 Enterprise +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Credential Guard: Known issues + +**Applies to** +- Windows 10 +- Windows Server 2016 + +Credential Guard has certain requirements for applications. Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when Credential Guard is enabled. For further information, see [Application requirements](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). + +The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017: + +• KB4015217: [Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/en-us/help/4015217/windows-10-update-kb4015217) + +This issue can potentially lead to unexpected account lockouts. +See also Knowledge Base articles [KB4015219](https://support.microsoft.com/en-us/help/4015219/windows-10-update-kb4015219) and +[KB4015221](https://support.microsoft.com/en-us/help/4015221/windows-10-update-kb4015221). + +In addition, products that connect to Virtualization Based Security (VBS) protected processes can cause Credential Guard-enabled Windows 10 clients to exhibit high CPU utilization. For further information, see the following Knowledge Base articles: + +• KB88869: [Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) + +• [Installing AppSense Environment Manager on Windows 10 machines causes LsaIso.exe to exhibit high CPU usage when Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) * + + *Registration required to access this article. diff --git a/windows/access-protection/credential-guard/credential-guard-manage.md b/windows/access-protection/credential-guard/credential-guard-manage.md index 44be2404c6..9396f2dd47 100644 --- a/windows/access-protection/credential-guard/credential-guard-manage.md +++ b/windows/access-protection/credential-guard/credential-guard-manage.md @@ -15,8 +15,7 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Prefer video? See [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) -in the Deep Dive into Credential Guard video series. +Prefer video? See [Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Credential Guard video series. ## Enable Credential Guard Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.