none
Windows 10 Credential Guard requirements. RRS feed

  • Question

  • Hello,

    I am trying to figure out the hardware requirements for the Credential Guard in Windows 10 to make sure hardware which we are buying in the future is able to run Credential Guard. Normally the section Software/Hardware requirements in the following link provides information regarding this topic (https://technet.microsoft.com/en-us/library/mt483740(v=vs.85).aspx). However there are two points listed which are not clear and I hope for some help here.

    - Secure firmware update process. (What does that mean ? Is it possible to say if Secure Boot is provided through the hardware this feature is also provided ?) 

    - The firmware is updated for Secure MOR implementation. (This point is also totally unclear. I guess this point is mainly for hardware manufacturer but how should I know which hardware will provide this feature ?) 

    In general I don't know how to fulfill these two requirements. Do we need special hardware to run Windows 10 with Credential Guard enabled ?

    Thanks for any help regarding this topic. 

    Monday, February 8, 2016 8:08 AM

Answers

All replies

  • Hi,

    Before you buy bran new computer, OEM and BIOS venders would give you the information that if the computer support the Credential Guard feature of Windows 10.

    About this two points, it states as below, and it could be confirmed via those function.

    Secure firmware update process

    To verify that the firmware complies with the secure firmware update process, you can validate it against the System.Fundamentals.Firmware.UEFISecureBoot Windows Hardware Compatibility Program requirement.

    The firmware is updated for Secure MOR implementation

    Credential Guard requires the secure MOR bit to help prevent certain memory attacks.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, February 9, 2016 3:44 AM
    Moderator
  • Thanks for your reply. New hardware can be verified by asking the vendor - that's okay. I already read those links but how should I verify these requirements on the existing hardware because we are talking about > 10,000 machines.

    Tuesday, February 9, 2016 8:14 AM
  • Are they common machines? You should be able to verify them by a simple internet search. *Most* modern business machines should be able to support it without issue. 
    Tuesday, February 9, 2016 3:17 PM