From 9f248b940ad23a11ae39a83b1759aff20a406a6f Mon Sep 17 00:00:00 2001 From: SuhasManangi Date: Wed, 10 Aug 2016 14:51:50 -0700 Subject: [PATCH] Update device-guard-deployment-guide.md --- windows/keep-secure/device-guard-deployment-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/device-guard-deployment-guide.md b/windows/keep-secure/device-guard-deployment-guide.md index 602bfdf4e3..cf8c3bd107 100644 --- a/windows/keep-secure/device-guard-deployment-guide.md +++ b/windows/keep-secure/device-guard-deployment-guide.md @@ -15,7 +15,7 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container. +Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container. This guide explores the individual features in Device Guard as well as how to plan for, configure, and deploy them. It includes: