deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md

Browse Source
This commit is contained in:
Vinay Pamnani 2024-07-15 10:44:12 -06:00 committed by GitHub
parent 45d4b332ac
commit 7b749fca82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
View File

@ -29,7 +29,7 @@ Pluton is built with the goal of providing customers with better end-to-end secu
### A practical example: zero-trust security with device-based conditional access policies ### A practical example: zero-trust security with device-based conditional access policies
An increasingly important zero-trust workflow is conditional access gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune for example supports may different workflows for conditional access including [device-based conditional access](https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organizations apps and services. An increasingly important zero-trust workflow is conditional access gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including [device-based conditional access](/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organizations apps and services.
To ensure that Intune gets an accurate picture about the devices health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM. To ensure that Intune gets an accurate picture about the devices health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM.