deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-10-14 09:51:56 -04:00
parent 8bf7b630f2
commit de5e105dc4
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/book/identity-protection-advanced-credential-protection.md
View File

@ -60,10 +60,14 @@ Administrator credentials are highly privileged and must be protected. When Remo
- [Remote Credential Guard][LINK-4]
## VBS key protection
## :::image type="icon" source="images/new-button.svg" border="false"::: VBS key protection
VBS key protection enables developers to secure cryptographic keys using Virtualization-based security (VBS). VBS uses the virtualization extension capability of the CPU to create an isolated runtime outside of the normal OS. When in use, VBS keys are isolated in a secure process, allowing key operations to occur without ever exposing the private key material outside of this space. At rest, private key material is encrypted by a TPM key, which binds VBS keys to the device. Keys protected in this way can't be dumped from process memory or exported in plain text from a user's machine, preventing exfiltration attacks by any admin-level attacker.
[!INCLUDE [learn-more](includes/learn-more.md)]
- [Advancing key protection in Windows using VBS][LINK-8]
## Token protection
Token protection attempts to reduce attacks using Microsoft Entra ID token theft. Token protection makes tokens usable only from their intended device by cryptographically binding a token with a device secret. When using the token, both the token and proof of the device secret must be provided. Conditional Access policies<sup>[\[7\]](conclusion.md#footnote7)</sup> can be configured to require token protection when using sign-in tokens for specific services.
@ -112,3 +116,4 @@ IT administrators can refine the application and management of access to:
[LINK-5]: /azure/active-directory/conditional-access/concept-token-protection
[LINK-6]: /windows/security/threat-protection/security-policy-settings/account-lockout-policy
[LINK-7]: /windows/security/identity-protection/access-control/access-control
[LINK-8]: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/advancing-key-protection-in-windows-using-vbs/ba-p/4050988