Device Guard device policy 编辑

Device Guard is a security feature available with Windows 10 and Windows 11. This feature enables virtualization-based security by using the Windows Hypervisor to support security services on the device. The Device Guard policy enables security features such as secure boot, UEFI lock, and virtualization.

Prerequisites

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Windows Desktop and Tablet settings

Device Policies configuration screen

  • Enable virtualization-based security: Disable or enable virtualization-based security features. Virtualization-based security uses the Windows Hypervisor to support security services.
  • Configure LSA protection: Lets you configure Credential Guard. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials on the next restart. Options are Turns off Credential Guard, Turns on Credential Guard with UEFI lock, and Turns on Credential Guard without UEFI lock. Default is Turns off Credential Guard.
  • Specify platform security level: Lets you specify the platform security level on the next restart. Options are Turns on VBS with Secure Boot and Turns on VBS with Secure Boot and direct memory access. Default is Turns on VBS with Secure Boot.

Endpoint Management queries a device to determine whether the virtualization based security settings match the settings on the server. If the security settings match, Endpoint Management doesn’t deploy this policy to the device. If the security settings don’t match, Endpoint Management deploys the policy.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:21 次

字数:2711

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文