From 7256cfbd44caad772dd4c4d8ca87c240fce1b2e7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 3 Aug 2021 10:16:59 -0700 Subject: [PATCH 1/2] windows-client-security --- .../credential-guard-not-protected-scenarios.md | 2 +- windows/security/threat-protection/TOC.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index 66f580bcad..ac64658154 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -43,7 +43,7 @@ do not qualify as credentials because they cannot be presented to another comput ## Additional mitigations -Windows Defender Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Windows Defender Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust. +Windows Defender Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust. ### Restricting domain users to specific domain-joined devices diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml index 036ef214e2..ae12fde723 100644 --- a/windows/security/threat-protection/TOC.yml +++ b/windows/security/threat-protection/TOC.yml @@ -265,8 +265,8 @@ href: windows-sandbox/windows-sandbox-architecture.md - name: Windows Sandbox configuration href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md - - name: "Windows Defender Device Guard: virtualization-based security and WDAC" - href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + - name: "Windows Defender Application Control and virtualization-based protection of code integrity" + href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Certifications items: - name: FIPS 140 Validations From 40846db2d6e54e515a819e68ac853d6cb3387589 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 3 Aug 2021 13:29:45 -0700 Subject: [PATCH 2/2] h1 fix --- .../credential-guard-not-protected-scenarios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index ac64658154..e6bce8b91b 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -16,7 +16,7 @@ ms.date: 08/17/2017 ms.reviewer: --- -# Windows Defender Credential Guard protection limits +# Windows Defender Credential Guard protection limits and mitigations **Applies to** - Windows 10