Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Azure Arc and Windows 11 Insider Preview Build Update #WindowsInsiders #WIMVP #AzureHybrid

Microsoft Azure Arc

Microsoft Azure Arc Services is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems. Do more with less by leveraging your existing investments to modernize with cloud-native solutions.

Azure Arc Control Plane

So with this Awesome Microsoft Feature Azure Arc, I have connected my Windows Insiders Domain mvplab.local servers like a Windows Server Insider Domain Controller, Windows Server Insider Cluster with a SQL Instance on it and Windows 11 Insider Preview Build in the Beta Channel domain joined. Here you can find how to install the Azure Arc Agent on your Servers

Microsoft Azure Arc comes with great features like Azure Security with Cloud Defender to keep your Azure Arc enabled Servers as secure as possible. Azure Policies is very handy to keep your IT governance on every Server the same. With inventory and Change tracking you are in control to get the right information of your machines. Monitoring your Azure Arc enabled servers with Insights and Log analytics is very powerful. But for now I’m going to use Updates feature of Azure Arc enabled Windows 11 Insider Preview Build machine.

Important :  I’m working with Windows Server Insider preview Build and Windows 11 Insider Preview Build.
They are for testing purpose only and not for production environments!
Of course you can use Windows Server 2019 / 2022 or Windows 10 / 11 Build with Azure Arc 🙂

Here we have Windows 11 Insider Preview Build with new Updates in the Beta Channel.
Click on One time Update

I’m going to update this Azure Arc enabled Windows 11 Insider preview Build once manually but you can schedule updates also and use Update Management Center.

Select the Machine and Click on Next

Here you can select the updates or exclude updates.
Then Click on Next

Here you can set the Reboot option and
Maintenance Window in minutes.
Click on Next

Review and Click on Install

Install Updates Request is submitted.

At Updates of your Azure Arc enabled Machine you can open
Update Management Center

Here you can see the Complete Overview of the Updates on your Machines.
Left under you see the 3 updates for the Windows 11 Insider Beta Build.

When you Click on the left panel on Machines you get this status overview.

When you click on History you will see the status in progress.

Updates are running on the Machine.

But with the Azure Resource Graph Explorer you can also
see when the updates are succeeded.

Update Management Center after successful running updates

Updates Done for Azure Arc enabled Windows 11 Insider Beta Build.

Now I have got the Newest Windows 11 Insider Preview Build in the Beta Channel at this moment

Conclusion

You have seen how easy it is to work with Microsoft Azure Arc services to manage your Virtual Machine with Updates, when you have lot of Virtual Machines / Servers to manage you can configure them once and do this automatically via schedule tasks for every month. Now I can manage my on-prem Servers / machines in the same way I do the Microsoft Azure Virtual Machines.
So this was only Updates, but you can do the same for Security and keep your machines secure by default with the same Azure policies on your machines for IT Governance. Hope you see the benefits of Azure Hybrid and please start your own journey.
When you have a test environment, please consider the Microsoft Windows Insider program for Windows 11 Insider Builds and for Windows Server Insider Build to work with the newest features and getting experience before GA becomes available.

 JOIN the Azure Hybrid Community Group on LinkedIn

 


Leave a comment

#MVPLABSerie Azure Defender for Cloud with #AzureArc enabled SQL Server #AzureHybrid #Security

Azure Arc enabled SQL Servers Architecture

To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running.
Here you find more information about Azure Arc enabled SQL Server

Microsoft Defender for Cloud on Azure Arc enabled SQL Server

Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.

On this same Azure portal page you will see the Vulnerability assessment findings.

When you Open a Vulnerability finding, you get more information and the remediation for the issue.

Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.

Here you see all the vulnerability findings on these four databases.

When you do the remediation you will see the healthy status.
on the Passed tab.

Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.

Here you see a vulnerability finding on the SCOM database with the Remediation 🙂

You can make your Own Workbooks or use them from the Gallery.

Workbook example of Vulnerability Assessment findings.

Conclusion

With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.


Please join the Azure Hybrid Community Group on LinkedIn for free ( Sharing is Caring together )


Leave a comment

Security Baseline for Azure Arc enabled Servers and Arc Kubernetes #AzureHybrid #Security

Azure Arc Enabled Server network connectivity.

Baseline security is very important to have that in place to keep your Servers more secure in your datacenter. You want Hybrid Servers like Azure Arc enabled servers for example to be secure running in your datacenter. This begins to secure and have up-to-date Server hardware running in your datacenter. Monitor for security updates and install Server hardware based on best practices from the vendor.
Then the Operating System like Windows Server 2022 standard needs the OS Baseline security. This is called:

Microsoft Security Compliance Toolkit 1.0

When your Windows Servers are security compliant by the rules of the company and/or Security Officer, then we can have a look at the Well Architected Framework (WAF) for Azure Arc Enabled Servers.  Here you find an

Introduction to Azure Arc landing zone accelerator for hybrid and multicloud

Azure Arc Single Control Plane.

This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Arc-enabled servers. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Arc-enabled servers.

Security by Default in your Datacenter

Here you find more information about Azure Security Baseline for Azure Arc enabled Servers.

Here you find more information about Azure Security Baseline for Azure Arc enabled Kubernetes.

Security by Design with Azure Security Center and Azure Defender

Azure Arc Jumpstart

When you have read about Azure Arc Well Architected Framework (WAF) and you have your security in place, we can start with Microsoft Azure Arc.
Before you start implementing Azure Arc, you must have seen this Awesome website of Azure Arc Jumpstart!

The Azure Arc Jumpstart is designed to provide a “zero to hero” experience so you can start working with Azure Arc right away!

The Jumpstart provides step-by-step guides for independent Azure Arc scenarios that incorporate as much automation as possible, detailed screenshots and code samples, and a rich and comprehensive experience while getting started with the Azure Arc platform.
Our goal is for you to have a working Azure Arc environment spun-up in no time so you can focus on the core values of the platform, regardless of where your infrastructure may be, either on-premises or in the cloud.

Here you find my MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises blog 

 

Conclusion

You can manage your compliance and security policies with Azure Arc enabled Servers, Kubernetes, or SQL Managed instances to make your hybrid solutions with
the Microsoft Azure Cloud in a secure environment.  When you work with security by design based on OSI model with 7 security layers and use Microsoft Arc enabled servers, you get also more Azure Hybrid security features like Azure Defender for Cloud, and much more.
Don’t forget the Microsoft Azure Arc Community Monthly Meetup

 


Leave a comment

Download Windows 11 Security E-book #Windows11 #WIMVP #WindowsInsiders

This Microsoft E-Book gives you an overview about security in Windows 11 with in different layers of security.

  • Hardware Security
  • Operating System Security
  • Application Security
  • Identity and Privacy
  • Cloud Services
  • Security Foundation
  • Upcoming Features

Different Security Layers in Windows 11

Be aware of all the Microsoft security features in Windows 11 and download the free Microsoft Windows 11 Security Book here


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

Azure Arc Kubernetes and Azure Defender Cloud for Containers with #Azure Policies

Azure Arc for Hybrid Cloud Management.

In my last blogpost I wrote about Azure Arc enabled Kubernetes and Container Insights with Alerting and Actions

In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates. Install the VSCode and install the Kubernetes extension, more information here

In the following steps we install DAPR and Redis on the Azure Arc enabled Kubernetes.

When you open your Kubernetes Cluster
Click then on Helm Repos
There you see Dapr repo.
Click on version 1.6.0.

Right click on version 1.6.0
Click on Install.

Dapr is installed by default on the Azure Arc enabled Kubernetes.

Type in Powershell :
dapr status -k
You will see the running pods of Dapr.

Dapr Dashboard is running
Important: This is running in a test environment and is now http.
For production you have to make it save!
Azure Arc Services and Azure Defender for Containers will help you with that.

 

Installing Redis in the same way.

Kubectl get pods

You will see the running Dapr and Redis pods.

Now we have installed two products on the Azure Arc enabled Kubernetes Cluster by default, but security is not in place based on best practices. For Dapr you have security best practices to follow and  Security for Redis.

But next to these security best practices from the software vendor, we also have Microsoft Azure Arc Security (Preview) on this kubernetes Cluster active. In the following steps you will see Security rules, Fixes and Azure Policies for Azure Arc Kubernetes to make your environment more secure and compliant.

Click on your Azure Arc enabled Kubernetes Cluster
This is my Dockkube.
Click then on Security (preview)

Here you see that I don’t have Azure Policy active to be compliant
on my Azure Arc enabled Kubernetes Cluster.
A lot of security issues are managed by policies.
Click on View Additional recommendations in Defender for Cloud

See Related recommendation (17)

Here you see all the dependent policies for your Azure Arc enabled Kubernetes Cluster.

Select your Azure Arc Enabled Kubernetes Cluster (Dockkube)
Click on Fix

Confirm and click on Fix 1 resource.

Remediation in progress.

Remediation Successful.
It can take some minutes to see your resources in the Healthy state.
Just refresh 😉

In Azure Policy you will see how Compliant you are with your
Azure Arc enabled Kubernetes.
Click on the ASC compliance.

Here you see the 10 Policies that are not Compliant.

Select a policy which is not compliant like here
Kubernetes Cluster containers should only use allowed images
Click on Details

Here you see the Component ID’s on my Azure Arc enabled Kubernetes Cluster
which are not compliant on this policy 😉
See the Tab bar, you are now on Component Compliance

Click on Policies tab
Dubbel click on the policy.

From here you can Assign the policy to your Azure Arc enabled Kubernetes Cluster.

See the TAB bar for deploying this policy.

Set your Managed Identity for deploying your policy.
Here you can read more how Remediation security works

More information on Microsoft Docs :

Enable Microsoft Defender for Containers

Azure Policy built-in definitions for Azure Arc-enabled Kubernetes

Understand Azure Policy for Kubernetes clusters

Overview of Microsoft Defender for Containers

Microsoft Azure Defender for Cloud Containers

Defender Plans for Azure Arc Enabled Kubernetes Clusters (Preview)
I have set these.
(Security Recommendations can take some time)

Security (preview) on your Azure Arc enabled Kubernetes Cluster

Here you get the Remediation steps to do and the Information.

There is information link to Mitre ATT&CK site.

And more information via a link to the Kubernetes site:
Resource Management for Pods and Containers

A New example and you can see the Affected Components
on my Azure Arc enabled Kubernetes Cluster Dockkube.

 

Conclusion

When you work in a DevOps way with Kubernetes containers and microservices, you want them as secure as possible. With application security and best practices from the software vendors. Security monitoring and compliance are important to keep you in control and to keep your environment safe. With Azure Arc enabled Kubernetes you get Azure Defender for Containers and Azure policy for security compliance to your Kubernetes Cluster.

Important: This is still in preview and should not be used in production environment yet until Microsoft makes it General Available for the world. Now you can test it in your test environment like me in my MVPLAB.


Leave a comment

#Microsoft Windows Server and SMB Protocol #Winserv #WindowsServer2022

Server Message Block (SMB)

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Here you can see the versions of MS-CIFS and download free white papers

Today SMBv1 is a not save protocol and will be used by hackers for man in the middle attacks to compromise your data and systems. SMBv1 is a weak protocol and should not be used in your environment. There are still a lot of Windows Servers 2012 R2 in the world running in datacenters with SMBv1 by Default enabled. To make your Windows Server more secure, you can disable SMBv1 protocol via a Group Policy Object (GPO).

In the following steps we will disable SMBv1 on Windows Servers via GPO.

Open Group Policy Management in your Domain.

Click on Group Policy Object with your right mouse button.
Click on New.

Give your policy a Name.

I made also an temporary Exception policy.

Right click on your new Policy Object.
Click on Edit.

Go to Computer Configuration => Preferences => Windows Settings
Click on Registry.

Click on New and then on Registry Item.

Here you have to add the following Registry Properties:

Set these settings.

Set Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Click on Apply for these Registry settings.

SMBv1 Disable setting is set in the Policy Object.

This is the path where we push the policy via GPO.

Here we Link the Existing GPO to the OU with the Windows Server 2012 R2
to disable SMBv1 Protocol.

Select your new Policy to disable SMBv1 Protocol.

We have now Linked the new GPO to Disable SMBv1

GPUpdate /force on your Server to disable SMBv1
To get the new GPO active on your Server.

Policy Update successfully.

GPResult /r to see the results.

Get-SmbServerConfiguration | Select EnableSMB1Protocol

or

Get-SmbServerConfiguration

You can still as a administrator enable SMBv1 on your Server with :

Set-SmbServerConfiguration -EnableSMB1Protocol $true

When the Server gets a reboot, SMBv1 will be disabled by GPO again.

When you have maintenance window for updates for example, you can un-install the SMBv1 Feature in Server Manager. This procedure needs a restart of the Windows Server.

Go to Server Manager remove features.

Click on Remove Roles and Features.

Remove the mark at SMB 1.0/CIFS File Sharing Support Feature.

Click on Remove.

Click on Close and Reboot the Server

Now SMBv1 protocol on the Windows Server is disabled and will use a higher version of SMB like version 2.x or 3.x.

More Microsoft information can be found here on Docs.

SMB over QUIC on Windows Server 2022

SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared with TCP:

  • All packets are always encrypted and handshake is authenticated with TLS 1.3
  • Parallel streams of reliable and unreliable application data
  • Exchanges application data in the first round trip (0-RTT)
  • Improved congestion control and loss recovery
  • Survives a change in the clients IP address or port

SMB over QUIC offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn’t change. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.

Client Server Handshake and Data transfer differences.

Here you find a Great blogpost of Ned Pyle

SMB over QUIC: Files Without the VPN

Conclusion

When you still have Windows Servers running with SMBv1 by default enabled, for security you should disable SMBv1 protocol as soon as possible! Otherwise you make it easy for hackers to compromise your data with man in the middle attacks. In Windows Server 2019 and higher SMBv1 is disabled by default. Have a look at SMB over QUIC in your test environment and learn how secure it is and how it works for your security and data.


Leave a comment

Apply #security principles to your #architecture to protect against attacks on your data and systems

Hope you started year 2022 in Good Health in a difficult pandemic time.

Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.

Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:

Microsoft Architecture and Security Docs

Here you find more information about NIST Cybersecurity Framework

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. These References and diagrams can support you with implementing Security by design.

Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository. This repository contains:

  • Security recommendations that are in private preview
  • Programmatic remediation tools for security recommendations
  • PowerShell scripts for programmatic management
  • Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
  • Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
  • Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
  • Custom workbooks to visualize Defender for Cloud data

Become a Microsoft Defender for Cloud Ninja

Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.

Become a Microsoft Defender for Cloud Ninja here

Conclusion

Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud

Keep in Mind “Security is only as strong as the weakest component in the Chain”

So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.


Leave a comment

#Microsoft Defender for Cloud videos with @yuridiogenes #Security

Here you will find all the Microsoft Defender for Cloud videos with Yuri

Here you find all the Azure Security Center in the Field Videos with Yuri

You can follow Yuri Diogenes also on Twitter

 


Leave a comment

Windows Admin Center 21.10 Build 1.3.2111.01001 Secured-Core #Security #WindowsAdminCenter

Windows Admin Center Security

Secured-core – recommended for the most sensitive systems and industries like financial, healthcare, and government agencies. Builds on the previous layers and leverages advanced processor capabilities to provide protection from firmware attacks.

In Windows Admin Center Security you can Configure Secured-Core :

Secured-Core in Windows Admin Center 21.10

You can activate 6 secured-Core feature :

  • Hypervisor Enforced Code Integrity (HVCI)
  • Boot DMA Protection
  • System Guard
  • Secure Boot
  • Virtualization-based Security (VBS)
  • Trusted Platform Module 2.0 (TPM2.0)

You now can simply activate the Security Feature.
Needs a Reboot

Hypervisor Enforced Code Integrity (HVCI) is enabled.

More information about Secured-Core Features

Windows Admin Center Community on LinkedIn