deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

securityBookMatthewPalko

Browse Source
This commit is contained in:
cchavez-msft
2024-06-25 13:09:28 -04:00
committed by GitHub
parent 85d41e3657
commit 174e205eac
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/book/identity-protection-advanced-credential-protection.md
View File

@ -27,6 +27,8 @@ Windows has several critical processes to verify a user's identity. Verification
To help keep these credentials safe, additional LSA protection will be enabled by default on new, enterprise-joined Windows 11 devices. By loading only trusted, signed code, LSA provides significant protection against credential theft. LSA protection also now supports configuration using Group Policy and modern device management. To help keep these credentials safe, additional LSA protection will be enabled by default on new, enterprise-joined Windows 11 devices. By loading only trusted, signed code, LSA provides significant protection against credential theft. LSA protection also now supports configuration using Group Policy and modern device management.
End users have the ability to manage their LSA protection state in the Windows Security Application under Device Security -> Core Isolation -> Local Security Authority protection. Its important to note that the enterprise policy for LSA protection will take precedence over enablement on upgrade. This ensures a seamless transition and enhanced security for all users.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
- [Configuring additional LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) - [Configuring additional LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)
@ -37,6 +39,8 @@ Enabled by default in Windows 11 Enterprise, Credential Guard uses hardware-back
By protecting the LSA process with virtualization-based security, Credential Guard shields systems from credential theft attack techniques like Pass-the-Hash or Pass-the-Ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. By protecting the LSA process with virtualization-based security, Credential Guard shields systems from credential theft attack techniques like Pass-the-Hash or Pass-the-Ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges.
Protections are now expanded to optionally include machine account passwords for Active Directory joined devices. Administrators can enable audit mode of this capability or enforcement using Credential Guard management policy.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
- [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) - [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)