mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-22 18:27:23 +00:00
54 lines
3.5 KiB
Markdown
54 lines
3.5 KiB
Markdown
---
|
|
title: Device security in Windows Security
|
|
description: Use the Device security section to manage security built into your device, including Virtualization-based security.
|
|
ms.date: 04/15/2025
|
|
ms.topic: how-to
|
|
---
|
|
|
|
# Device security
|
|
|
|
The **Device security** section contains information and settings for built-in device security.
|
|
|
|
You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
|
|
|
|
## Hide the Device security section
|
|
|
|
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
|
|
|
|
> [!IMPORTANT]
|
|
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
|
|
|
|
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
|
|
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
|
|
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
|
|
1. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
|
|
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
|
|
|
|
> [!NOTE]
|
|
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
|
|
>
|
|
> 
|
|
|
|
## Disable the Clear TPM button
|
|
|
|
If you don't want users to be able to select the **Clear TPM** button in **Windows Security**, you can disable it.
|
|
|
|
> [!IMPORTANT]
|
|
> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
|
|
|
|
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
|
|
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
|
|
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
|
|
1. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
|
|
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
|
|
|
|
## Hide the TPM Firmware Update recommendation
|
|
|
|
If you don't want users to see the recommendation to update TPM firmware, you can disable it.
|
|
|
|
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
|
|
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
|
|
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
|
|
1. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
|
|
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
|