Enable Or Disable Credential Guard In Windows 10
By enabling Windows Credential Guard the following features and solutions are provided: Hardware security Virtualization-based security Better protection against advanced persistent threats Now you know the importance of the Credential Guard, you should definitely enable this for your system. So without wasting any time let’s see How to Enable or Disable Credential Guard in Windows 10 with the help of the below-listed tutorial.
Enable or Disable Credential Guard in Windows 10#
Make sure to create a restore point just in case something goes wrong.
Enable or Disable Credential Guard in Windows 10 Method 1: Enable or Disable Credential Guard in Windows 10 using Group Policy Editor Method 2: Enable or Disable Credential Guard in Windows 10 using Registry Editor Enable or Disable Credential Guard in Windows 10 Disable Credential Guard in Windows 10
Method 1: Enable or Disable Credential Guard in Windows 10 using Group Policy Editor#
Note: This method only works if you have Windows Pro, Education, or Enterprise Edtion. For Windows Home version users skip this method and follow the next one. 1.Press Windows Key + R then type regedit and hit Enter to open Group Policy Editor.
2.Navigate to the following path: Computer Configuration > Administrative Templates > System > Device Guard 3.Make sure to select Device Guard than in right window pane double-click on “Turn On Virtualization Based Security” policy.
4.In the Properties window of the above policy make sure to select Enabled.
5.Now from the “Select Platform Security Level” drop-down select Secure Boot or Secure Boot and DMA Protection.
6.Next, from “Credential Guard Configuration” drop-down select Enabled with UEFI lock. If you want to turn off Credential Guard remotely, choose Enabled without lock instead of Enabled with UEFI lock. 7.Once finished, click Apply followed by OK. 8.Reboot your PC to save changes.
Method 2: Enable or Disable Credential Guard in Windows 10 using Registry Editor#
Credential Guard uses virtualization-based security features which have to be enabled first from Windows feature before you can enable or disable Credential Guard in Registry Editor. Make sure to only use one of the below-listed methods to enable virtualization-based security features. Add the virtualization-based security features by using Programs and Features 1.Press Windows Key + R then type appwiz.cpl and hit Enter to open Program and Features.
2.From the left-hand window click on “Turn Windows Features on or off“.
3.Find and expand Hyper-V then similarly expand Hyper-V Platform. 4.Under Hyper-V Platform checkmark “Hyper-V Hypervisor“.
5.Now scroll down and checkmark “Isolated User Mode” and click OK. Add the virtualization-based security features to an offline image by using DISM 1.Press Windows Key + X then select Command Prompt (Admin).
2.Type the following command into cmd to add the Hyper-V Hypervisor and hit Enter:
3.Add the Isolated User Mode feature by running the following command:
4.Once finished, you can close the command prompt.
Enable or Disable Credential Guard in Windows 10#
1.Press Windows Key + R then type regedit and hit Enter to open Registry Editor.
2.Navigate to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard 3.Right-click on DeviceGuard then select New > DWORD (32-bit) Value.
4.Name this newly created DWORD as EnableVirtualizationBasedSecurity and hit Enter.
5.Double-click on EnableVirtualizationBasedSecurity DWORD then change its value to: To Enable Virtualization-based Security: 1 To Disable Virtualization-based Security: 0
6.Now again right-click on DeviceGuard then select New > DWORD (32-bit) Value and name this DWORD as RequirePlatformSecurityFeatures then hit Enter.
7.Double-click on RequirePlatformSecurityFeatures DWORD and change it’s value to 1 to use Secure Boot only or set it to 3 to use Secure Boot and DMA protection.
8.Now navigate to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA 9.Right-click on LSA then select New > DWORD (32-bit) Value then name this DWORD as LsaCfgFlags and hit Enter.
10.Double-click on LsaCfgFlags DWORD and change its value according to: Disable Credential Guard: 0 Enable Credential Guard with UEFI lock: 1 Enable Credential Guard without lock: 2
11.Once finished, close Registry Editor.
Disable Credential Guard in Windows 10#
If Credential Guard was enabled without UEFI Lock then you can Disable Windows Credential Guard using the Device Guard and Credential Guard hardware readiness tool or the following method: 1.Press Windows Key + R then type regedit and hit Enter to open Registry Editor.
2.Navigate and delete the following registry keys:
3.Delete the Windows Credential Guard EFI variables by using bcdedit. Press Windows Key + X then select Command Prompt (Admin).
4.Type the following command into cmd and hit Enter: 5.Once finished, close command prompt and reboot your PC. 6.Accept the prompt to disable Windows Credential Guard. Recommended:
Allow or Prevent Windows 10 Themes to Change Desktop Icons Enable Verbose or Highly Detailed Status Messages in Windows 10 Enable or Disable Developer Mode in Windows 10 Disable Desktop Wallpaper JPEG Quality Reduction in Windows 10
That’s it you have successfully learned How to Enable or Disable Credential Guard in Windows 10 but if you still have any queries regarding this tutorial then feel free to ask them in the comment’s section.
Включение или отключение Credential Guard в Windows 10
Включение или отключение Credential Guard в Windows 10: Windows Credential Guard использует безопасность на основе виртуализации для изоляции секретов, чтобы только привилегированное системное программное обеспечение могло получить к ним доступ. Несанкционированный доступ к этим секретам может привести к атакам с кражей учетных данных, таким как Pass-the-Hash или Pass-The-Ticket. Windows Credential Guard предотвращает эти атаки, защищая хэши паролей NTLM, билеты выдачи билетов Kerberos и учетные данные, сохраняемые приложениями в качестве учетных данных домена.
При включении Windows Credential Guard предоставляются следующие функции и решения:
Аппаратная безопасность Безопасность на основе
виртуализации
Лучшая защита от сложных постоянных угроз
Теперь вы знаете важность Credential Guard и обязательно должны включить его в своей системе. Поэтому, не теряя времени, давайте посмотрим, как включить или отключить Credential Guard в Windows 10 с помощью приведенного ниже руководства.
Включение или отключение Credential Guard в Windows 10
Обязательно создайте точку восстановления на случай, если что-то пойдет не так.
Метод 1. Включение или отключение Credential Guard в Windows 10 с помощью редактора групповой политики
Примечание. Этот метод работает, только если у вас Windows Pro, Education или Enterprise Edtion. Пользователи версии Windows Home пропускают этот метод и следуют следующему.
1. Нажмите Windows Key + R, затем введите regedit и нажмите Enter, чтобы открыть редактор групповой политики.
2. перейдите по следующему пути:
Конфигурация компьютера> Административные шаблоны> Система> Device Guard
3. Убедитесь, что выбрали Device Guard, а затем в правой части окна дважды щелкните политику «Включить безопасность на основе виртуализации» .
4. В окне «Свойства» указанной выше политики убедитесь, что выбрано « Включено».
5. Теперь в раскрывающемся списке « Выберите уровень безопасности платформы » выберите « Безопасная загрузка» или «Безопасная загрузка и защита DMA» .
6. Затем в раскрывающемся списке « Конфигурация Credential Guard » выберите « Включено с блокировкой UEFI» . Если вы хотите отключить Credential Guard удаленно, выберите «Включено без блокировки» вместо «Включено с блокировкой UEFI».
7. По завершении нажмите «Применить», а затем «ОК».
8. Перезагрузите компьютер, чтобы сохранить изменения.
Метод 2: включить или отключить Credential Guard в Windows 10 с помощью редактора реестра
Credential Guard использует функции безопасности на основе виртуализации, которые необходимо сначала включить из функции Windows, прежде чем вы сможете включить или отключить Credential Guard в редакторе реестра. Убедитесь, что вы используете только один из перечисленных ниже методов для включения функций безопасности на основе виртуализации.
Добавьте функции безопасности на основе виртуализации с помощью программ и компонентов
1. Нажмите Windows Key + R, затем введите appwiz.cpl и нажмите Enter, чтобы открыть программу и функции.
2. В левом окне нажмите « Включение или отключение компонентов Windows ».
3. Найдите и разверните Hyper-V, затем аналогичным образом разверните платформу Hyper-V.
4. В разделе Платформа Hyper-V отметьте галочкой « Hyper-V Hypervisor ».
5. Теперь прокрутите вниз и отметьте «Изолированный режим пользователя» и нажмите OK.
Добавьте функции безопасности на основе виртуализации в автономный образ с помощью DISM
1. Нажмите Windows Key + X, затем выберите Командная строка (администратор).
2. Введите следующую команду в cmd, чтобы добавить гипервизор Hyper-V, и нажмите Enter:
DISM / image: / Enable-Feature / FeatureName: Microsoft-Hyper-V-Hypervisor / all OR DISM / Online / Enable-Feature: Microsoft-Hyper-V / All
3. Добавьте функцию изолированного режима пользователя, выполнив следующую команду:
DISM / image: / Enable-Feature / FeatureName: IsolatedUserMode OR DISM / Online / Enable-Feature / FeatureName: IsolatedUserMode
4. По завершении вы можете закрыть командную строку.
Включение или отключение Credential Guard в Windows 10
1. Нажмите Windows Key + R, затем введите regedit и нажмите Enter, чтобы открыть редактор реестра.
2. перейдите к следующему разделу реестра:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ DeviceGuard
3. Щелкните правой кнопкой мыши DeviceGuard и выберите « Создать»> «Значение DWORD (32-разрядное)».
4. Назовите этот вновь созданный DWORD как EnableVirtualizationBasedSecurity и нажмите Enter.
5. Дважды щелкните DWORD EnableVirtualizationBasedSecurity, затем измените его значение на:
Чтобы включить безопасность на основе виртуализации: 1
Чтобы отключить безопасность на основе виртуализации: 0
6. Теперь снова щелкните правой кнопкой мыши DeviceGuard, затем выберите « Создать»> «Значение DWORD (32-бит)» и назовите этот DWORD как RequirePlatformSecurityFeatures, затем нажмите Enter.
7. Дважды щелкните DWORD RequirePlatformSecurityFeatures и измените его значение на 1, чтобы использовать только безопасную загрузку, или установите значение 3, чтобы использовать безопасную загрузку и защиту DMA.
8.Теперь перейдите к следующему разделу реестра:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ LSA
9. Щелкните правой кнопкой мыши LSA, затем выберите « Создать»> «Значение DWORD (32-бит)», затем назовите этот DWORD как LsaCfgFlags и нажмите Enter.
10. Дважды щелкните DWORD LsaCfgFlags и измените его значение в соответствии с:
Отключить Credential Guard: 0
Включить Credential Guard с блокировкой UEFI: 1
Включить Credential Guard без блокировки: 2
11. По завершении закройте редактор реестра.
Отключить Credential Guard в Windows 10
Если Credential Guard был включен без блокировки UEFI, вы можете отключить Windows Credential Guard с помощью инструмента готовности оборудования Device Guard и Credential Guard или следующим способом:
1. Нажмите Windows Key + R, затем введите regedit и нажмите Enter, чтобы открыть редактор реестра.
2. Найдите и удалите следующие разделы реестра:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ LSA \ LsaCfgFlags HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows \ DeviceGuard \ EnableVirtualizationBasedSecurity HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows \ DeviceGuardSecurity \ Requirements
3. Удалите переменные EFI Windows Credential Guard с помощью bcdedit . Нажмите Windows Key + X, затем выберите Командная строка (администратор).
4. Введите следующую команду в cmd и нажмите Enter:
mountvol X: / s copy% WINDIR% \ System32 \ SecConfig.efi X: \ EFI \ Microsoft \ Boot \ SecConfig.efi / Y bcdedit / create <0cb3b571-2f2e-4343-a879-d86a476d7215>/ d «DebugTool» / application osloader bcdedit / set <0cb3b571-2f2e-4343-a879-d86a476d7215>путь «\ EFI \ Microsoft \ Boot \ SecConfig.efi» bcdedit / set
5. По завершении закройте командную строку и перезагрузите компьютер.
6. Примите приглашение отключить Windows Credential Guard.
Рекомендуемые:
Вот и все, что вы успешно узнали, как включить или отключить Credential Guard в Windows 10, но если у вас все еще есть какие-либо вопросы по этому руководству, не стесняйтесь спрашивать их в разделе комментариев.
Enable or Disable Credential Guard in Windows 11/10 by using Group Policy
Today, in this post, we will see how to enable or turn on Credential Guard in Windows 11/10 using Group Policy. Credential Guard is one of the main security features available with Windows 11/10. It allows protection against the hacking of domain credentials, thereby preventing hackers from taking over the enterprise networks.
What does Credential Guard do?
Credential Guard is one of the main security features available with Windows 11/10. It allows protection against hacking of domain credentials thereby preventing hackers from taking over the enterprise networks. With features like Device Guard and Secure Boot, Windows 11/10 is more secure than any of the previous Windows operating systems.
Enable or Disable Credential Guard in Windows 11/10
Credential Guard is available only in Windows 11/10 Enterprise Edition. So if you are using Pro or Education, you won’t get to see this feature on your version of Windows. Moreover, Your machine should be supporting Secure Boot and 64-bit virtualization.
To enable or turn on Credential Guard, Open Run, type gpedit.msc and hit Enter to open the Group Policy Editor.
Now navigate to the following setting:
Computer Configuration > Administrative Templates > System > Device Guard
Now, double-click Turn On Virtualization Based Security, and then select Enabled.
Under Options, select Platform Security Level box, choose Secure Boot or Secure Boot and DMA Protection.
Under Virtual Based protection of Code Integrity, select Not configured
In the Credential Guard Configuration box, click Enabled with UEFI lock and then OK. If you want to turn off Credential Guard remotely, choose Enabled without lock.
Under Secure Launch Configuration, select Not configured
Under Kernal-mode Hardware-enforced Stack Protection, select Not configured
This policy specifies whether Virtualization Based Security is enabled.
Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices.
Virtualization Based Protection of Code Integrity
This setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled, kernel mode memory protections are enforced and the Code Integrity validation path is protected by the Virtualization Based Security feature.
The “Disabled” option turns off Virtualization Based Protection of Code Integrity remotely if it was previously turned on with the “Enabled without lock” option.
The “Enabled with UEFI lock” option ensures that Virtualization Based Protection of Code Integrity cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to “Disabled” as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.
The “Enabled without lock” option allows Virtualization Based Protection of Code Integrity to be disabled remotely by using Group Policy.
The “Not Configured” option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.
The “Require UEFI Memory Attributes Table” option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the Memory Attributes Table. Devices without the UEFI Memory Attributes Table may have firmware that is incompatible with Virtualization Based Protection of Code Integrity which in some cases can lead to crashes or data loss or incompatibility with certain plug-in cards. If not setting this option the targeted devices should be tested to ensure compatibility.
Warning: All drivers on the system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible.
Credential Guard
This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials.
The “Disabled” option turns off Credential Guard remotely if it was previously turned on with the “Enabled without lock” option.
The “Enabled with UEFI lock” option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to “Disabled” as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.
The “Enabled without lock” option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windows 10 (Version 1511).
The “Not Configured” option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.
Secure Launch
This setting sets the configuration of Secure Launch to secure the boot chain.
The “Not Configured” setting is the default, and allows configuration of the feature by Administrative users.
The “Enabled” option turns on Secure Launch on supported hardware.
The “Disabled” option turns off Secure Launch, regardless of hardware support.
Click Apply/OK and exit.
Restart your system.
Disable or Enable Credential Guard using Registry
You need to enable virtualization-based security first as follows:
Open Registry Editor and go to the following key:
- To enable virtualization-based security, set it to 1
- To disable virtualization-based security set it to 0
Next, add a new DWORD value named RequirePlatformSecurityFeatures.
- To use Secure Boot only set its value to 1
- To use Secure Boot and DMA protection, set its value to 3
Now, to enable Windows Defender Credential Guard, go to the following key:
- To disable Windows Defender Credential Guard, set its value to 0
- To enable Windows Defender Credential Guard with UEFI lock, set it to 1
- To enable Windows Defender Credential Guard without UEFI lock, set it to 2
Close Registry Editor and restart your computer.
You have to remember that Credential Guard will offer protection against direct hacking attempts and malware-seeking credential information. If the credential information is already stolen before you could implement Credential Guard, it won’t prevent the hackers from using the hash key on other computers in the same domain.
How do I know if Credential Guard running?
You can view System Information to check that Windows Defender Credential Guard is running on your computer. To do so, Run msinfo32.exe, and select System Information. Next, select System Summary. If you see Credential Guard mentioned next to Virtualization-based Security Services, it means it is running.
TIP: The Remote Credential Guard in Windows 11/10 protects Remote Desktop credentials.
4 Methods to Enable Credential Guard on Windows Devices
In this post, let’s learn 4 Methods to Enable Credential Guard on Windows 11 Devices. Microsoft introduced Credential Guard in Windows 10 Enterprise and Windows Server 2016. The privileged system software can only access user credentials when Credential Guard is active.
The Credential Guard helps to prevent “pass the hash” attacks and other attacks. This is not a new feature; it has been available since Windows 10. Credential guard uses virtualization-based security to isolate system data.
The credential guard and its security features enable organizations to better protect against credential theft attacks, and the malware running in the operating system with administrator privileges cannot find the secrets that VBS protects.
It’s important to understand that Starting from Windows 11 Enterprise, version 22H2, and Windows 11 Education, version 22H2, “compatible systems” have Windows Defender Credential Guard TURNED ON by default.
In this post, I would like to talk about the Microsoft Windows Defender Credential Guard; what do you think about it? How does it work, and how to enable if not enabled? I’d like you to please read the following content to learn more about credential guard.
- 4 Methods Enable or Disable Virtualization-Based Security VBS on Windows 11
What is Microsoft Windows Defender Credential Guard
Microsoft Windows Credential Guard is a security feature that isolates users’ login information from the rest of the operating system from theft. Credential Guard uses virtualization-based security (VBS) to separate system data; the authorized system software only accesses them.
Credential Guard helps prevent unauthorized access, known as credential theft attacks, such as pass-the-hash and pass-the-ticket. This also protects NTLM password hashes and Kerberos Ticket Granting Tickets.
The credential guard provides hardware-assisted security, which takes advantage of platform security features like Secure boot and virtualization-based security. Both protect credentials in an isolated environment when the credential guard is enabled.
How Microsoft Windows Defender Credential Guard Works
Using virtualization-based security, Kerberos, NTLM, and Credential Manager isolate the non-sharable information. The same data is stored in the Local Security Authority (LSA) in the previous version of Windows.
As per Microsoft, when the Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP can’t use the signed-in credentials. So it is recommended that valuable certifications like sign-in credentials not to used with any of the above protocols.
Kerberos did not allow unconstrained Kerberos delegation or DES encryption for signed-in credentials and prompted or saved credentials when the Windows Defender Credential Guard was enabled.
#1 Default Enablement of Microsoft Windows Credential Guard
Windows 11 Enterprise, version 22H2, and Windows 11 Education, version 22H2, are compatible systems where the Windows Defender Credential Guard is turned on by default. The system administrator can modify this default setting.
Your device needs the following minimum requirements to enable Windows Defender Credential Guard by default.
The Registry Editor opens. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard is the path. Following the trail, I reached the Device Guard sub-folder for further action.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard
To enable Virtualization-based security, follow the above location. In the Device, Guard adds two new DWORD values to enable it to, such as
- Add a new DWORD value named EnableVirtualizationBasedSecurity. And double click to set the value. Select 1 to enable virtualization-based security and set 0 to disable it.
- Add another DWORD value named RequirePlatformSecurityFeatures. Again double, click on it, and set the value 1 to use Secure Boot only or set 3 to use Secure Boot and DMA protection.
The details of the setting are shown in the table below for a better understanding:
Add a new DWORD value name as LsaCfgFlags. Set value 1 to enable Windows Defender Credential Guard with UEFI lock, set value 2 to enable Windows Defender Credential Guard without lock, and put 0 to disable. Details are shown in the table below:
Group Policy to Enable Microsoft Windows Defender Credential Guard
To enable Windows Defender Credential Guard, you can use the Group Policy to enable it manually. The steps to enable Windows Defender Credential Guard are shown below:
- Open Run command.
- Type ‘gpedit.msc‘ and press OK
When the group policy editor opens, follow the path “Computer Configuration/Administrative Templates/System/Device Guard” to reach the proper location to perform the desired task.
Computer Configuration/Administrative Templates/System/Device Guard
After reaching Device Guard click on it to explore. Select and double-click on the option Turn On Virtualization Based Security now follow the steps below:
- Select the Enable option
- Choose Secure Boot or Secure Boot and DMA Protection, in the Select Platform Security Level box
- Select Enabled with UEFI lock in the Credential Guard Configuration box. If you want to turn off Windows Defender Credential Guard remotely, choose Enabled without lock
- Select Apply then press OK and close the Group Policy Management Console
To execute the processing of the group policy, you can run gpupdate /force
Intune Policy to Enable Microsoft Windows Defender Credential Guard
Let’s look at Intune policy options to Enable Microsoft Windows Defender Credential Guard. We have already seen 3 methods to do this in this post and the Intune settings catalog method achieves the same.
The configuration of the Credential Guard is done using different profiles. One with an Endpoint protection profile using the settings catalog and another with an Account protection profile.
You can go through Intune Settings Catalog Guide to create the policy in detail. However, for this context, search with the following keyboard – Credential Guard. This is what is explained in the following section.
NOTE! – More details on Intune settings catalog guide – Create Intune Settings Catalog Policy.
- Open Intune admin center portal, select Devices
- Select Configuration Profiles
- Select Create Profile -> Windows 10 and later -> Settings catalog -> Create
- Click on the + Add Settings link.
- Search with “Credential Guard” in the Settings picker search box.
- Select the Device Guard Category.
- Credential Guard options from the Settings name section.
- Keep the policy’s settings DISABLED or ENABLE if you want to.
- Go through the Settings Catalog creation guide above to complete the process.
The following are the Credential Guard Configurations available in Microsoft Intune : 0 – Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 – Turns on CredentialGuard with UEFI lock. 2 – Turns on CredentialGuard without UEFI lock.
- Disabled
- Enabled with UEFI Lock
- Enabled without UEFI Lock
Account Protection is another option to enable Credential Guard on Windows devices. Open the Intune admin center portal, navigate to Endpoint security, then move to Account protection to open the Account Protection option.
- From the Account Protection menu, click Create Policy to open the Create a profile page.
Then on Create a profile page, Select Windows 10 and later as value for Platform, and select Account protection (preview) as value. Now click Create to open the Create profile wizard.
- The Basics page is open now, provide some information in such fields shown below
- Name: Provide a name for the profile
- Description: Provide a description for the profile (Optional)
- Platform: Windows 10 and later (Selected earlier)
On the Configuration settings page, provide the information shown below and click on Next. The following are the 3 configuration options that you get.
Block Windows Hello for Business: Leave Not configured, Enable to use of security keys for sign-in: Leave Not configured, or Turn on Credential Guard: Select Enable with UEFI lock. Once selected go ahead and complete the process.
- Next on the Scope tags page, configure the required tags and click Next
- On the Assignments page, configure assignments to the required user or device and click Next
- On Review and create the page, verify the configuration and click Create
That’s about the procedure to enable Windows Defender Credential Guard described above. Please follow us on Twitter HTMD Community and visit our website HTMD Forum if you like our content.
Author
Alok is a Master of Computer Applications (MCA) graduate. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.