Credential Guard
E831603
Credential Guard is a Windows security feature that uses virtualization-based isolation to protect credentials from theft by malware and other attacks.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
Windows security feature
ⓘ
credential protection technology ⓘ |
| availableInEdition |
Windows 10 Education
NERFINISHED
ⓘ
Windows 10 Enterprise NERFINISHED ⓘ Windows 11 Education NERFINISHED ⓘ Windows 11 Enterprise NERFINISHED ⓘ |
| category |
Windows security
NERFINISHED
ⓘ
identity protection ⓘ |
| componentOf | Windows Defender Credential Guard NERFINISHED ⓘ |
| configuredBy |
Group Policy
NERFINISHED
ⓘ
registry settings ⓘ |
| developedBy | Microsoft ⓘ |
| documentationURL | https://learn.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard ⓘ |
| enhances | enterprise security ⓘ |
| introducedIn | Windows 10 Enterprise NERFINISHED ⓘ |
| isolates |
LSASS secrets
ⓘ
Local Security Authority Subsystem Service credentials ⓘ |
| mitigates | credential dumping tools ⓘ |
| notAvailableInEdition |
Windows 10 Home
NERFINISHED
ⓘ
Windows 10 Pro (some scenarios) NERFINISHED ⓘ |
| operatingSystem |
Windows 10
NERFINISHED
ⓘ
Windows 11 NERFINISHED ⓘ Windows Server NERFINISHED ⓘ |
| prevents | direct LSASS memory scraping ⓘ |
| protects |
Kerberos Ticket Granting Tickets
ⓘ
NTLM password hashes ⓘ credentials ⓘ domain credentials ⓘ |
| protectsFrom |
advanced persistent threats
ⓘ
credential theft attacks ⓘ malware ⓘ pass-the-hash attacks ⓘ pass-the-ticket attacks ⓘ |
| relatedTo |
Device Guard
NERFINISHED
ⓘ
Windows Defender Application Control NERFINISHED ⓘ |
| requires |
64-bit architecture
ⓘ
IOMMU ⓘ Secure Boot NERFINISHED ⓘ UEFI firmware ⓘ virtualization extensions ⓘ |
| scope |
Azure AD-joined machines
ⓘ
domain-joined machines ⓘ |
| securityModel | least privilege for credential access ⓘ |
| storesSecretsIn | isolated virtualized environment ⓘ |
| usesTechnology |
Hyper-V
NERFINISHED
ⓘ
Virtual Secure Mode NERFINISHED ⓘ virtualization-based security ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.