From ff9f6bcff0512074e781ab8c53d3270a497b7a6e Mon Sep 17 00:00:00 2001 From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com> Date: Wed, 30 Nov 2022 17:17:09 -0800 Subject: [PATCH] Updated CredGuard root - Added default enablement announcement and link - Added link to Known Issues - Changed article author --- .../identity-protection/credential-guard/credential-guard.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md index 950eb3a95c..aa1ffc29b1 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard.md +++ b/windows/security/identity-protection/credential-guard/credential-guard.md @@ -5,7 +5,7 @@ ms.prod: windows-client ms.localizationpriority: medium author: paolomatarazzo ms.author: paoloma -ms.reviewer: erikdau +ms.reviewer: zwhittington manager: aaroncz ms.collection: - M365-identity-device-management @@ -31,6 +31,9 @@ By enabling Windows Defender Credential Guard, the following features and soluti - **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system. - **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate other security strategies and architectures. +> [!NOTE] +> As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2). +   ## Related topics