deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-1

Browse Source
This commit is contained in:
Dan Pandre 2021-08-04 13:20:37 -04:00 committed by GitHub
commit a34770f319
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
View File

@ -16,7 +16,7 @@ ms.date: 08/17/2017
ms.reviewer:
---
# Windows Defender Credential Guard protection limits
# Windows Defender Credential Guard protection limits and mitigations
**Applies to**
- Windows 10
@ -43,7 +43,7 @@ do not qualify as credentials because they cannot be presented to another comput
## Additional mitigations
Windows Defender Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Windows Defender Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust.
Windows Defender Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust.
### Restricting domain users to specific domain-joined devices

4
windows/security/threat-protection/TOC.yml
View File

@ -265,8 +265,8 @@
href: windows-sandbox/windows-sandbox-architecture.md
- name: Windows Sandbox configuration
href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md
- name: "Windows Defender Device Guard: virtualization-based security and WDAC"
href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
- name: "Windows Defender Application Control and virtualization-based protection of code integrity"
href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
- name: Windows Certifications
items:
- name: FIPS 140 Validations