diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 3ae86eaffe..c0f08da439 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -36,10 +36,11 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will 2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. 3. In the **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. 4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**. +5. In the **Secure Launch Configuration** box, choose **Not Configured**, **Enabled** or **Disabled**. Check [this article](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) for more details. - ![Windows Defender Credential Guard Group Policy setting](images/credguard-gp.png) + ![Windows Defender Credential Guard Group Policy setting](images/credguard-gp-2.png) -5. Close the Group Policy Management Console. +6. Close the Group Policy Management Console. To enforce processing of the group policy, you can run ```gpupdate /force```. @@ -234,5 +235,3 @@ Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true - - diff --git a/windows/security/identity-protection/credential-guard/images/credguard-gp-2.png b/windows/security/identity-protection/credential-guard/images/credguard-gp-2.png new file mode 100644 index 0000000000..ead9410405 Binary files /dev/null and b/windows/security/identity-protection/credential-guard/images/credguard-gp-2.png differ