deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Enable memory integrity using Windows Security and registry keys

Browse Source
This commit is contained in:
Vinay Pamnani 2024-10-31 10:40:56 -06:00
parent a36cf0c026
commit b035551027
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -32,15 +32,9 @@ appliesto:
To enable memory integrity on Windows devices with supporting hardware throughout an enterprise, use any of these options: To enable memory integrity on Windows devices with supporting hardware throughout an enterprise, use any of these options:
- [Windows Security settings](#windows-security)
- [Microsoft Intune (or another MDM provider)](#enable-memory-integrity-using-intune)
- [Group Policy](#enable-memory-integrity-using-group-policy)
- [Microsoft Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
- [Registry](#use-registry-keys-to-enable-memory-integrity)
### [:::image type="icon" source="../images/icons/security-app.svg" border="false"::: **Security**](#tab/security) ### [:::image type="icon" source="../images/icons/security-app.svg" border="false"::: **Security**](#tab/security)
### Windows Security ### Enable memory integrity using Windows Security
**Memory integrity** can be turned on in **Windows Security** settings and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center). **Memory integrity** can be turned on in **Windows Security** settings and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
@ -69,7 +63,7 @@ To apply the new policy on a domain-joined computer, either restart or run `gpup
### [:::image type="icon" source="../images/icons/registry.svg" border="false"::: **Registry**](#tab/reg) ### [:::image type="icon" source="../images/icons/registry.svg" border="false"::: **Registry**](#tab/reg)
### Use registry keys to enable memory integrity ### Enable memory integrity using registry
Set the following registry keys to enable memory integrity. These keys provide similar set of configuration options provided by Group Policy Set the following registry keys to enable memory integrity. These keys provide similar set of configuration options provided by Group Policy
@ -177,6 +171,8 @@ You can use App Control policy to turn on memory integrity using any of the foll
> [!NOTE] > [!NOTE]
> If your App Control policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode. > If your App Control policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode.
---
### Validate enabled VBS and memory integrity features ### Validate enabled VBS and memory integrity features
#### Use Win32_DeviceGuard WMI class #### Use Win32_DeviceGuard WMI class