| Access Control (ACL/SACL) |
TRUE |
TRUE |
TRUE |
TRUE |
| Account Lockout Policy |
TRUE |
TRUE |
TRUE |
TRUE |
| Active Directory domain join, Microsoft Entra ID join, and Microsoft Entra Hybrid ID join with single sign-on (SSO) |
TRUE |
TRUE |
TRUE |
TRUE |
| Always On VPN (device tunnel) |
FALSE |
TRUE |
FALSE |
TRUE |
| App containers |
TRUE |
TRUE |
TRUE |
TRUE |
| AppLocker |
TRUE |
TRUE |
TRUE |
TRUE |
| Assigned Access (kiosk mode) |
TRUE |
TRUE |
TRUE |
TRUE |
| Attack surface reduction (ASR) |
TRUE |
TRUE |
TRUE |
TRUE |
| Azure Code Signing |
TRUE |
TRUE |
TRUE |
TRUE |
| BitLocker enablement |
TRUE |
TRUE |
TRUE |
TRUE |
| BitLocker management |
TRUE |
TRUE |
TRUE |
TRUE |
| Bluetooth pairing and connection protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Common Criteria certifications |
TRUE |
TRUE |
TRUE |
TRUE |
| Controlled folder access |
TRUE |
TRUE |
TRUE |
TRUE |
| Credential Guard |
FALSE |
TRUE |
FALSE |
TRUE |
| Device health attestation service |
TRUE |
TRUE |
TRUE |
TRUE |
| Direct Access |
FALSE |
TRUE |
FALSE |
TRUE |
| Domain Name System (DNS) security |
TRUE |
TRUE |
TRUE |
TRUE |
| Email Encryption (S/MIME) |
TRUE |
TRUE |
TRUE |
TRUE |
| Encrypted hard drive |
TRUE |
TRUE |
TRUE |
TRUE |
| Enhanced phishing protection with SmartScreen |
TRUE |
TRUE |
TRUE |
TRUE |
| Exploit protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Federal Information Processing Standard (FIPS) 140 validation |
TRUE |
TRUE |
TRUE |
TRUE |
| Federated sign-in |
FALSE |
FALSE |
TRUE |
TRUE |
| Hardware-enforced stack protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Hypervisor-protected Code Integrity (HVCI) |
TRUE |
TRUE |
TRUE |
TRUE |
| Kernel Direct Memory Access (DMA) protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Local Security Authority (LSA) Protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Measured boot |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Defender Antivirus |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Defender Application Guard (MDAG) configure via MDM |
FALSE |
TRUE |
FALSE |
TRUE |
| Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management |
FALSE |
TRUE |
FALSE |
TRUE |
| Microsoft Defender Application Guard (MDAG) for Edge standalone mode |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Defender Application Guard (MDAG) for Microsoft Office |
FALSE |
TRUE |
FALSE |
TRUE |
| Microsoft Defender Application Guard (MDAG) public APIs |
FALSE |
TRUE |
FALSE |
TRUE |
| Microsoft Defender for Endpoint |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Defender SmartScreen |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Pluton |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Security Development Lifecycle (SDL) |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft vulnerable driver blocklist |
TRUE |
TRUE |
TRUE |
TRUE |
| Microsoft Windows Insider Preview bounty program |
TRUE |
TRUE |
TRUE |
TRUE |
| Modern device management through (MDM) |
TRUE |
TRUE |
TRUE |
TRUE |
| OneFuzz service |
TRUE |
TRUE |
TRUE |
TRUE |
| Opportunistic Wireless Encryption (OWE) |
TRUE |
TRUE |
TRUE |
TRUE |
| Passkey |
TRUE |
TRUE |
TRUE |
TRUE |
| Personal data encryption (PDE) |
FALSE |
TRUE |
FALSE |
TRUE |
| Privacy Resource Usage |
TRUE |
TRUE |
TRUE |
TRUE |
| Privacy Transparency and Controls |
TRUE |
TRUE |
TRUE |
TRUE |
| Remote Credential Guard |
TRUE |
TRUE |
TRUE |
TRUE |
| Remote wipe |
TRUE |
TRUE |
TRUE |
TRUE |
| Secure Boot and Trusted Boot |
TRUE |
TRUE |
TRUE |
TRUE |
| Secured-core configuration lock |
TRUE |
TRUE |
TRUE |
TRUE |
| Secured-core PC firmware protection |
TRUE |
TRUE |
TRUE |
TRUE |
| Security baselines |
TRUE |
TRUE |
TRUE |
TRUE |
| Security key (FIDO2) |
TRUE |
TRUE |
TRUE |
TRUE |
| Server Message Block (SMB) file service |
TRUE |
TRUE |
TRUE |
TRUE |
| Server Message Block Direct (SMB Direct) |
TRUE |
TRUE |
TRUE |
TRUE |
| Smart App Control |
TRUE |
TRUE |
TRUE |
TRUE |
| Smart Cards for Windows Service |
TRUE |
TRUE |
TRUE |
TRUE |
| Software Bill of Materials (SBOM) |
TRUE |
TRUE |
TRUE |
TRUE |
| Tamper protection settings for MDE |
TRUE |
TRUE |
TRUE |
TRUE |
| Transport Layer Security (TLS) |
TRUE |
TRUE |
TRUE |
TRUE |
| Trusted Platform Module (TPM) |
TRUE |
TRUE |
TRUE |
TRUE |
| Universal Print |
TRUE |
TRUE |
TRUE |
TRUE |
| User Account Control (UAC) |
TRUE |
TRUE |
TRUE |
TRUE |
| Virtual private network (VPN) |
TRUE |
TRUE |
TRUE |
TRUE |
| Virtualization-based security (VBS) |
TRUE |
TRUE |
TRUE |
TRUE |
| Web sign-in |
TRUE |
TRUE |
TRUE |
TRUE |
| WiFi Security |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows application software development kit (SDK) |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Autopatch |
FALSE |
TRUE |
FALSE |
TRUE |
| Windows Autopilot |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Defender Application Control (WDAC) |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Defender System Guard |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Firewall |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Hello for Business |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Hello for Business Enhanced Security Sign-in (ESS) |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows LAPS |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows passwordless experience |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows presence sensing |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows Sandbox |
TRUE |
TRUE |
TRUE |
TRUE |
| Windows security policy settings and auditing |
TRUE |
TRUE |
TRUE |
TRUE |
