deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 09:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update configure.md

Browse Source 
Resolving comments from feature team review.
This commit is contained in:
zwhitt-microsoft 2024-06-09 16:07:46 -07:00 committed by GitHub
parent 02efdb6783
commit 8b2f448d2a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/identity-protection/credential-guard/configure.md
View File

@ -9,16 +9,19 @@ ms.topic: how-to
This article describes how to configure Credential Guard using Microsoft Intune, Group Policy, or the registry. This article describes how to configure Credential Guard using Microsoft Intune, Group Policy, or the registry.
## Default Enablement > [!IMPORTANT]
> Windows Server 2025 is in PREVIEW. This information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
## Default enablement
Starting in Windows 11, 22H2 and Windows Server 2025 (preview), Credential Guard is [enabled by default on devices which meet the requirements](index.md#default-enablement). Starting in Windows 11, 22H2 and Windows Server 2025 (preview), Credential Guard is [enabled by default on devices which meet the requirements](index.md#default-enablement).
System administrators can still explicitly [enable](#enable-credential-guard) or [disable](#disable-credential-guard) Credential Guard using one of the methods described in this article. Explicitly configured values will overwrite default enablement state, typically after reboot. System administrators can explicitly [enable](#enable-credential-guard) or [disable](#disable-credential-guard) Credential Guard using one of the methods described in this article. Explicitly configured values will overwrite default enablement state after reboot.
### How to Prevent Default Enablement
Devices that have had Credential Guard explicitly disabled *prior* to updating to a version of Windows that comes with default enablement will NOT have Credential Guard enabled upon update. In this case Credential Guard will continue to be disabled even after updating to a version of Windows that enables Credential Guard by default. Devices that have had Credential Guard explicitly disabled *prior* to updating to a version of Windows that comes with default enablement will NOT have Credential Guard enabled upon update. In this case Credential Guard will continue to be disabled even after updating to a version of Windows that enables Credential Guard by default.
> [!IMPORTANT]
> For information about known issues related to default enablement, see [Credential Guard: known issues](considerations-known-issues.md).
## Enable Credential Guard ## Enable Credential Guard
@ -394,9 +397,6 @@ bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,
bcdedit /set vsmlaunchtype off bcdedit /set vsmlaunchtype off
``` ```
> [!IMPORTANT]
> Windows Server 2025 is in PREVIEW. This information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
## Next steps ## Next steps
- Review the advice and sample code for making your environment more secure and robust with Credential Guard in the [Additional mitigations](additional-mitigations.md) article - Review the advice and sample code for making your environment more secure and robust with Credential Guard in the [Additional mitigations](additional-mitigations.md) article