Merge pull request #237 from computeronix/patch-3

Update tpm-recommendations.md
2025-05-14 06:17:22 +00:00 · 2017-07-18 08:46:23 -07:00 · 2017-07-18 08:46:23 -07:00 · f355400ef8
commit f355400ef8
parent f11f26c7b5 9f8a106fe2
1 changed files with 2 additions and 2 deletions
--- a/windows/device-security/tpm/tpm-recommendations.md
+++ b/windows/device-security/tpm/tpm-recommendations.md
@ -105,10 +105,10 @@ The following table defines which Windows features require TPM support.
 | Passport: Domain AADJ Join                   | Required                 | Required                 | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support.  |
 | Passport: MSA or Local Account               | Required                 | Required                 | TPM 2.0 is required with HMAC and EK certificate for key attestation support.      |
 | Device Encryption                            | Not Applicable           | Required                 | TPM 2.0 is required for all InstantGo devices.                |
-| Device Guard / Configurable Code Integrity   | See next column          | Recommended              |                    |
+| Device Guard / Configurable Code Integrity   | Not Applicable          | Required              | Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.                   |
 | Credential Guard                             | Required                 | Required                 | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM.   |
 | Device Health Attestation                    | Required                 | Required                 |                    |
-| Windows Hello                                | Not Required             | Recommended              |                    |
+| Windows Hello / Windows Hello for Business   | Not Required             | Recommended              | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected)                   |
 | UEFI Secure Boot                             | Not Required             | Recommended              |                    |
 | Platform Key Storage provider                | Required                 | Required                 |                    |
 | Virtual Smart Card                           | Required                 | Required                 |                    |