How to Enable Windows Defender Device Guard and Windows Defender Credential Guard and Hypervisor-protected code integrity in Windows 10
Enable virtualization-based security and Windows Defender Credential Guard
- Open Registry Editor.
- Enable virtualization-based security:
- Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
- Add a new DWORD value named EnableVirtualizationBasedSecurity. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
- Add a new DWORD value named RequirePlatformSecurityFeatures. Set the value of this registry setting to 1 to use Secure Boot only or set it to 3 to use Secure Boot and DMA protection.
3. Enable Windows Defender Credential Guard:
- Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA.
- Add a new DWORD value named LsaCfgFlags. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
4. Close Registry Editor.
Enable Windows Defender Credential Guard by using the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
Device Guard and Credential Guard hardware readiness tool : Link
.\DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot
You can view System Information to check that Windows Defender Credential Guard is running on a PC.
- Click Start, type msinfo32.exe, and then click System Information.
- Click System Summary.
- Confirm that Credential Guard is shown next to Virtualization-based security Services Configured.
.\DG_Readiness_Tool_v3.5.ps1 -Disable -AutoReboot