diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e95aba3fb5..2a6faa8bbb 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -979,6 +979,9 @@ The following diagram shows the Policy configuration service provider in tree fo ### DeviceGuard policies
+
+ DeviceGuard/EnableSystemGuard +
DeviceGuard/EnableVirtualizationBasedSecurity
@@ -4284,6 +4287,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) - [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) - [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders) +- [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard) - [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity) - [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags) - [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures) diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 345a36f617..cacbb2acc6 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/12/2018 +ms.date: 07/30/2018 --- # Policy CSP - DeviceGuard +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -19,6 +21,9 @@ ms.date: 03/12/2018 ## DeviceGuard policies
+
+ DeviceGuard/EnableSystemGuard +
DeviceGuard/EnableVirtualizationBasedSecurity
@@ -31,6 +36,75 @@ ms.date: 03/12/2018
+
+ + +**DeviceGuard/EnableSystemGuard** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcross markcross markcheck mark5check mark5
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy allows the IT admin to configure the launch of System Guard. + +Secure Launch configuration: + +- 0 - Unmanaged, configurable by Administrative user +- 1 - Enables Secure Launch if supported by hardware +- 2 - Disables Secure Launch. + +For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows). + + + +ADMX Info: +- GP English name: *Turn On Virtualization Based Security* +- GP name: *VirtualizationBasedSecurity* +- GP element: *SystemGuardDrop* +- GP path: *System/Device Guard* +- GP ADMX file name: *DeviceGuard.admx* + + + + + + + + + + + + +
@@ -215,6 +289,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10.