deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Clarified Pro downgrade conditions for OBD

Browse Source
This commit is contained in:
zwhitt-microsoft
2022-10-05 16:41:15 -07:00
committed by GitHub
parent 18b493e825
commit 89a192f8d0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -41,9 +41,9 @@ Windows Defender Credential Guard will be enabled by default when a PC meets the
> If Windows Defender Credential Guard or VBS has previously been explicitly disabled, default enablement will not overwrite this setting.
> [!NOTE]
> Devices running Windows 11 Pro 22H2 may have Virtualization-Based Security (VBS) and/or Windows Defender Credential Guard automaticaly enabled if they meet the other requirements for default enablement listed above and previously had an Enterprise license or previously ran Windows Defender Credential Guard.
> Devices running Windows 11 Pro 22H2 may have Virtualization-Based Security (VBS) and/or Windows Defender Credential Guard automaticaly enabled if they meet the other requirements for default enablement listed above and have previously run Windows Defender Credential Guard (for example if Windows Defender Credential Guard was running on an Enterprise device that later downgraded to Pro).
>
> To confirm if your Pro device is in this state, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. In this scenario, if you wish to disable VBS and Windows Defender Credential Guard, follow the instructions for [disabling Virtualization-Based Security](#disabling-virtualization-based-security). If you wish to disable only Windows Defender Credential Guard without disabling Virtualization-Based Security, use the procedures explained in [Disable Windows Defender Credential Guard](#disable-windows-defender-credential-guard).
> To determine whether the Pro device is in this state, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. In this scenario, if you wish to disable VBS and Windows Defender Credential Guard, follow the instructions for [disabling Virtualization-Based Security](#disabling-virtualization-based-security). If you wish to disable only Windows Defender Credential Guard without disabling Virtualization-Based Security, use the procedures for [disabling Windows Defender Credential Guard](#disable-windows-defender-credential-guard).
## Enable Windows Defender Credential Guard