How to Enable Windows Defender Device Guard, Windows Defender Credential Guard and Hypervisor-protected code integrity in Windows 10

 

How to Enable Windows Defender Device Guard, Windows Defender Credential Guard and Hypervisor-protected code integrity in Windows 10

 

How to Enable Windows Defender Device Guard and Windows Defender Credential Guard and Hypervisor-protected code integrity in Windows 10

1st way,

Enable virtualization-based security and Windows Defender Credential Guard

  1. Open Registry Editor.
  2. Enable virtualization-based security:
  • Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard.
  • Add a new DWORD value named EnableVirtualizationBasedSecurity. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
  • Add a new DWORD value named RequirePlatformSecurityFeatures. Set the value of this registry setting to 1 to use Secure Boot only or set it to 3 to use Secure Boot and DMA protection.

3. Enable Windows Defender Credential Guard:

  • Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA.
  • Add a new DWORD value named LsaCfgFlags. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.

4. Close Registry Editor.

 

2nd way.

Enable Windows Defender Credential Guard by using the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool

 

 

Device Guard and Credential Guard hardware readiness tool : Link

 

Enable

 

.\DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot

You can view System Information to check that Windows Defender Credential Guard is running on a PC.

  1. Click Start, type msinfo32.exe, and then click System Information.
  2. Click System Summary.
  3. Confirm that Credential Guard is shown next to Virtualization-based security Services Configured.

 

Verification

 

.\DG_Readiness_Tool_v3.6.ps1 -Ready

Disable

 

.\DG_Readiness_Tool_v3.5.ps1 -Disable -AutoReboot

Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox