diff --git a/windows/security/identity-protection/credential-guard/index.md b/windows/security/identity-protection/credential-guard/index.md index d80d642b55..06ab5439d8 100644 --- a/windows/security/identity-protection/credential-guard/index.md +++ b/windows/security/identity-protection/credential-guard/index.md @@ -27,7 +27,7 @@ Starting in **Windows 11, 22H2** and **Windows Server 2025**, VBS and Credential The default enablement is **without UEFI Lock**, which allows administrators to disable Credential Guard remotely, if needed. > [!NOTE] -> If Credential Guard or VBS is explicitly [disabled](configure.md/#disable-credential-guard) *before* a device is updated to Windows 11, version 22H2 / Windows Server 2025 or later, default enablement does not overwrite the existing settings. That device will continue to have Credential Guard disabled even after updating to a version of Windows that enables Credential Guard by default. +> If Credential Guard or VBS is explicitly [disabled](configure.md#disable-credential-guard) *before* a device is updated to Windows 11, version 22H2 / Windows Server 2025 or later, default enablement does not overwrite the existing settings. That device will continue to have Credential Guard disabled even after updating to a version of Windows that enables Credential Guard by default. ### Default Enablement on Windows client @@ -35,7 +35,7 @@ Devices running Windows 11, 22H2 or later will have Credential Guard enabled by - Meet the [license requirements](#windows-edition-and-licensing-requirements) - Meet the [hardware and sofware requirements](#system-requirements) -- Has not been [explicitly configured to disable Credential Guard](configure.md/#default-enablement) +- Has not been [explicitly configured to disable Credential Guard](configure.md#default-enablement) ### Default Enablement on Windows Server @@ -45,12 +45,12 @@ Devices running Windows Server 2025 or later will have Credential Guard enabled - Are not a Domain Controller > [!IMPORTANT] -> For information about known issues related to default enablement, see [Credential Guard: known issues](considerations-known-issues.md#single-sign-on-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2). +> For information about known issues related to default enablement, see [Credential Guard: known issues](considerations-known-issues.md#known-issues). > [!NOTE] > Devices running Windows 11 Pro/Pro Edu 22H2 or later may have Virtualization-based Security (VBS) and/or Credential Guard automatically enabled if they meet the other requirements for default enablement, and have previously run Credential Guard. For example if Credential Guard was enabled on an Enterprise device that later downgraded to Pro. > -> To determine whether the Pro device is in this state, check if the following registry key exists: `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\IsolatedCredentialsRootSecret`. In this scenario, if you wish to disable VBS and Credential Guard, follow the instructions to [disable Virtualization-based Security](#disable-virtualization-based-security). If you wish to disable Credential Guard only, without disabling VBS, use the procedures to [disable Credential Guard](#disable-credential-guard). +> To determine whether the Pro device is in this state, check if the following registry key exists: `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\IsolatedCredentialsRootSecret`. In this scenario, if you wish to disable VBS and Credential Guard, follow the instructions to [disable Virtualization-based Security](configure.md#disable-virtualization-based-security). If you wish to disable Credential Guard only, without disabling VBS, use the procedures to [disable Credential Guard](configure.md#disable-credential-guard). ## System requirements