Skilling snack: Windows hardware security introduction

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

In today's Zero Trust and chip-to-cloud security efforts, hardware plays an important role. Whether your organization is renewing hardware or hardening the existing one, let's cover some basics. Even if these concepts are already familiar to you, consider sharing them with your users or those earlier in the career. Otherwise, choose your own adventure among resources on hardware root-of-trust, silicon-assisted security, and secured-core PCs.

timer-icon.png Time to learn:132 minutes

read-icon.pngREAD

Device protection in Windows Security

Windows Security provides built-in security options to help protect your organization's device from malicious software attacks. Start your security training with Device security. Walk through details and options for core isolation, security processor, secure boot, and different levels of hardware security capability.

(4 mins)

Windows + Device + Security + VBS + TPM + UEFI + Rootkit + Secure Boot + SMM

  

LEARN icon.pngLEARN

Introduction to Zero Trust

Start here to learn how Zero Trust principles apply from chip to cloud. Complete this beginner 700-XP learning module to learn about infrastructure as one of the components, and how it fits into your overall security strategy.

(12 mins)

Zero Trust + Security + Identity + Endpoints + Applications + Network + Infrastructure + Data
     

Hardware root-of-trust

READ icon.pngREAD

How System Guard helps protect Windows (12 mins)

Ensure trustworthiness of your Windows OS firmware and hardware with System Guard. Maintain the integrity of the system against advanced attacks targeting the most foundational layers of a system with Dynamic Root of Trust for Measurement (DRTM) and System Management Mode (SMM) protections. Learn about integrity validation from boot to run time. Finally, review your requirements to use System Guard.

Trusted Platform Module Technology Overview (5 mins)

Let's define and describe TPM as a measure of access control and authentication. Review requirements for using this feature as well as practical applications. While Windows 11 and Windows 10 systems automatically start the TPM, review considerations for Group Policy settings and device health attestation.

Hardware Root of Trust + System Guard + Integrity + TPM + SRTM + DRTM + UEFI + SMM + Silicon + Group Policy + RSA + SoC + CPU + Firmware
     

Silicon-assisted security

READ icon.pngREAD

Virtualization-based Security (VBS) (5 mins)

VBS is an isolated virtual environment that hosts security solutions that are protected from even the most highly privileged malware running on the OS. Follow an example of a VBS solution related to memory integrity or hypervisor-protected code integrity (HVCI). Review hardware requirements for VBS and nested virtualization support.

Enable memory integrity (12 mins)

Memory integrity is a VBS feature that protects against exploitations of the Windows kernel. Read about its features, enablement guidance, troubleshooting, and deployment in virtual machines. You can use Windows Security settings, Microsoft Intune, Configuration Manager, various policies, or registry keys.

Kernel Direct Memory Access (DMA) Protection (7 mins)

Additional protections are available for drive-by DMA attacks, which happen in the absence of the user. Get an overall understanding of this threat and how Kernel DMA Protection works. Check if you meet compatibility and licensing requirements. This feature will normally be enabled automatically, but you can follow simple steps to check if it is. Browse frequently asked questions for additional details.

VBS + Memory Integrity + HVCI + VM + TPM + Kernel + MDM + Intune + ConfigMgr + Policies + UEFI + Reg + WDAC + PowerShell + DMA
     

READ icon.pngREAD

Windows 11 Secured-core PCs

Do you know how Microsoft collaborates with original equipment manufacturers (OEMs) for built-in hardware security capabilities? The capabilities include baseline Windows security, virtualization-based security, and System Guard. Read about the features and benefits of Secured-core PCs.

(3 mins)

Secured-Core PC + VBS + TPM + Secure Boot + BitLocker + Baseline + HVCI + ESS + Windows Hello + Firmware
     

LISTEN icon.pngLISTEN

Pluton: The New Bedrock for Device Security - Security Unlocked

Curious about Microsoft Pluton security processor? Listen to this podcast to learn about its history and its architecture. Dive deep into some threat factors today and prepare for the future. Furthermore, find practical insights from a Threat Intel Librarian who joins the conversation about tools and platforms for hardware security.

(48 mins)

Pluton + Security + CPU + Secure Boot + SoC + Xbox + Intel

  

WATCH icon.pngWATCH

Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions

Peek behind the curtain of common remote and in-person attacks. Watch how our security expert uses Virtualization-based Security, Trusted Platform Module, UEFI, Secure Boot, and Trusted Boot to deflect sophisticated malware and attacks at the hardware level.

(17 mins)

Hardware + Security + Attacks + VBS + TPM + UEFI + Secure Boot + Trusted Boot + Windows 11


Bookmark the Windows 11 Security Book for the complete chip-to-cloud story!

Did you find anything particularly fit for your taste? How can we spice it up for you?

Our collection of Windows skilling snacks: bite-sized learning for IT pros is always growing, and we'd love to hear your thoughts and ideas!

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.