deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
Vinay Pamnani (from Dev Box) 740603e595 Windows Security updates
2025-04-15 14:07:33 -06:00

3.5 KiB
Raw Blame History

title, description, ms.date, ms.topic
title description ms.date ms.topic
Device security in Windows Security Use the Device security section to manage security built into your device, including Virtualization-based security. 04/15/2025 how-to

Device security

The Device security section contains information and settings for built-in device security.

You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.

Hide the Device security section

You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of Windows Security, and its icon isn't shown on the navigation bar on the side.

Important

You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.

  1. On your Group Policy management machine, open the Group Policy Management Console. Right-click the Group Policy Object (GPO) you want to configure and select Edit.
  2. In Group Policy Management Editor, go to Computer configuration and then select Administrative templates.
  3. Expand the tree to Windows components > Windows Security > Device security.
  4. Open the Hide the Device security area setting and set it to Enabled. Select OK.
  5. Deploy the updated GPO as you normally do.

Note

If you hide all sections, then Windows Security shows a restricted interface, as in the following screenshot:

Screenshot of the Windows Security with all sections hidden by Group Policy.

Disable the Clear TPM button

If you don't want users to be able to select the Clear TPM button in Windows Security, you can disable it.

Important

You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.

  1. On your Group Policy management computer, open the Group Policy Management Console. Right-click the Group Policy Object you want to configure and select Edit.
  2. In Group Policy Management Editor, go to Computer configuration and then select Administrative templates.
  3. Expand the tree to Windows components > Windows Security > Device security.
  4. Open the Disable the Clear TPM button setting and set it to Enabled. Select OK.
  5. Deploy the updated GPO as you normally do.

Hide the TPM Firmware Update recommendation

If you don't want users to see the recommendation to update TPM firmware, you can disable it.

  1. On your Group Policy management computer, open the Group Policy Management Console. Right-click the Group Policy Object you want to configure and select Edit.
  2. In Group Policy Management Editor, go to Computer configuration and then select Administrative templates.
  3. Expand the tree to Windows components > Windows Security > Device security.
  4. Open the Hide the TPM Firmware Update recommendation setting and set it to Enabled. Select OK.
  5. Deploy the updated GPO as you normally do.