deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add default enablement to credential-guard-manage.md

Browse Source 
Added announcement of default enablement of VBS and CredGuard in SV2+. Manual enablement and disablement procedures remain unchanged.
This commit is contained in:
zwhitt-microsoft 2022-09-07 15:12:27 -07:00 committed by GitHub
parent 19410566c5
commit ec4f970402
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -22,6 +22,21 @@ appliesto:
- ✅ <b>Windows Server 2022</b> - ✅ <b>Windows Server 2022</b>
--- ---
# Manage Windows Defender Credential Guard # Manage Windows Defender Credential Guard
## Default Enablement
Starting with Windows 11 Enterprise 22H2, compatible systems have Windows Defender Credential Guard turned on by default. This changes the default state of the feature in Windows, though system administrators and end users still have ultimate control of whether the feature is enabled. Regardless of the default state, Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.
### Requirements for automatic enablement
Windows Defender Credential Guard will be enabled by default when a PC includes the following minimum requirements:
|Component|Requirement|
|---|---|
|Operating System|Windows 11 Enterprise 22H2|
|Virtualization-based Security (VBS) Enabled|VBS must be enabled to enable Windows Defender Credential Guard. Starting in Windows 11 Enterprise 22H2, VBS will be automatically enabled by default if the device meets the [minimum requirements to run VBS](/windows-hardware/design/device-experiences/oem-vbs).
|Existing Windows Defender Credential Guard Requirements|Only devices which meet the [existing hardware and software requirements](credential-guard-requirements.md#hardware-and-software-requirements) to run Windows Defender Credential Guard will have it enabled by default.|
## Enable Windows Defender Credential Guard ## Enable Windows Defender Credential Guard
Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.