Security:
Device guard
Credential Guard protects corporate credentials with hardware-based credential isolation (prevents the current forms of the pass-the-hash (PtH) attack)
Windows hello with TPM 2.0
Secure Boot protect Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. Devices with UEFI firmware can be configured to load only trusted operating system bootloaders
Early Launch Antimalware (ELAM) tests all drivers before they load and prevents unapproved drivers from loading.
Health attestation. The device’s firmware logs the boot
process, and Windows 10 can send it to a trusted server that can check
and assess the device’s health.
Brak komentarzy:
Prześlij komentarz