locked
W10 1903 security RRS feed

  • Question

  • We are deploying W10 1903 and our security teams require us to enable : 

    Credential guard 

    convert BIOS to UEFI

    Include bit locker device encryption with TPM

    Secure boot

    Attached is the snip from my machine  can any one confirm all of the above are working on this machine/

    How can verify if these are working especially credential guard  and bitlocker

    Tuesday, July 2, 2019 1:52 PM

All replies

  • Hello, 

    You can use the Device Guard and Credential Guard hardware readiness tool, to check whether your hardware supports Credential Guard. The tool can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=53337

    I suggest you read though the related documentation for each of the topics such as

    https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements

    https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview

    I strongly recommend you read through the documentation and deployment guidance, it might save you some time afterwards

    Alex

     


    Please remember to click "Mark as Answer" or "Vote as Helpful" on the post that answers your question (or click "Unmark as Answer" if a marked post does not actually answer your question). This can be beneficial to other community members reading the thread.


    This forum post is my own opinion and does not necessarily reflect the opinion or view of my employer, Microsoft, its employees, or MVPs.

    Twitter: @alexverboon | Blog: Anything About IT

    Tuesday, July 2, 2019 6:24 PM
  • Hi,

     

    You can view System Information to check that Windows Defender Credential Guard is running on a PC.

     

    1.Click Start, type msinfo32.exe, and then click System Information.

     

    2.Click System Summary.

     

    3.Confirm that Credential Guard is shown next to Virtualization-based security Services Configured.

     

    You can also check that Windows Defender Credential Guard is running by using the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool.

     

    To verify your disk is encrypted using BitLocker, open the BitLocker Drive Encryption control panel (located under "System and Security" when the Control Panel is set to Category view).

     

    You should see your computer's hard drive (usually "drive C"), and the window will indicate whether BitLocker is on or off. You'll also see an option to turn BitLocker on or off, depending on its current status.

     

    And I found you got the error Device Encryption Support Reasons for failed automatic device encryption.

     

    Make sure you have a TPM 2.0 model and not a TPM 1.2 as the error is related to your TPM chip not being compatible.

     

    Hope above information can help you.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 3, 2019 2:41 AM
  • Hi,

     

    Was your issue solved?

     

    If the reply helped you, please remember to mark it as an answer.

     

    If no, please reply and tell us the current situation in order to provide further help.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 5, 2019 2:52 AM