From 3940dc0089abfa5ffc682f5cfbca099f3358e826 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 9 Oct 2020 15:39:49 +0200 Subject: [PATCH 1/3] Credential Guard: Enterprise & Education SKU Ref. closed issue ticket #4025 and PR #8435 Just to make it clear that Credential Guard is not supported on Windows 10 Pro or Windows 10 Home edition Thanks to @JonZeolla for raising the question by opening the ticket. Thanks to @tecxx for taking the time to create and follow up CRM:0773000358 (MSRC). --- .../credential-guard/credential-guard-requirements.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index cdf9c3ec9a..79de4b8ec8 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -19,7 +19,7 @@ ms.reviewer: # Windows Defender Credential Guard: Requirements **Applies to** -- Windows 10 +- Windows 10 Enterprise and Education SKUs - Windows Server 2016 @@ -56,11 +56,11 @@ For information about Windows Defender Remote Credential Guard hardware and soft When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality. ->[!WARNING] +> [!WARNING] > Enabling Windows Defender Credential Guard on domain controllers is not supported.
> The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes. ->[!NOTE] +> [!NOTE] > Windows Defender Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Windows Defender Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). Applications will break if they require: From d09202414096f80cbd1364fccc5d8c1626912c66 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Mon, 19 Oct 2020 23:59:59 +0200 Subject: [PATCH 2/3] Update windows/security/identity-protection/credential-guard/credential-guard-requirements.md Unneeded blank line added during resolve of file conflict, line removed. --- .../credential-guard/credential-guard-requirements.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index dd65abcdca..315c4bad46 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -18,7 +18,6 @@ ms.reviewer: # Windows Defender Credential Guard: Requirements - ## Applies to - Windows 10 From 8f2c0fe56cd6f668ccd5ea9bbb1b06e3a263b412 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 20 Oct 2020 00:02:06 +0200 Subject: [PATCH 3/3] Update windows/security/identity-protection/credential-guard/credential-guard-requirements.md Another unneeded blank line added during merge of branch 'public' into PR branch. Line removed. --- .../credential-guard/credential-guard-requirements.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 315c4bad46..2e56e0803c 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -58,7 +58,6 @@ For information about Windows Defender Remote Credential Guard hardware and soft When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality. - > [!WARNING] > Enabling Windows Defender Credential Guard on domain controllers is not supported. > The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes.